Welche Banken werden von KontoCSV unterstützt?

KontoCSV unterstützt über 50 deutsche Banken, darunter Sparkasse, Volksbank, Deutsche Bank, Commerzbank, Postbank, ING, DKB, Comdirect und viele mehr. Unsere KI erkennt die Bank automatisch.

Wie sicher sind meine Daten bei KontoCSV?

Ihre Sicherheit ist unsere höchste Priorität. Alle Daten werden SSL-verschlüsselt übertragen und auf deutschen Servern verarbeitet. Wir sind vollständig DSGVO-konform und löschen Ihre Daten nach der Verarbeitung automatisch.

Kann ich KontoCSV kostenlos testen?

Ja! Sie erhalten 1 kostenlose Konvertierung bei der Registrierung. Außerdem bieten wir eine 30-tägige Geld-zurück-Garantie auf alle Pläne.

Welche Exportformate bietet KontoCSV?

Aktuell können Sie Ihre Kontoauszüge als CSV exportieren. Excel (.xlsx) und DATEV-kompatible Formate sind in Kürze verfügbar. Das CSV-Format ist bereits mit allen gängigen Buchhaltungsprogrammen kompatibel.

Wie lange dauert die Konvertierung eines Kontoauszugs?

Die durchschnittliche Konvertierung dauert nur 30 Sekunden. Bei sehr großen PDFs (über 100 Seiten) kann es bis zu 2 Minuten dauern.

Privacy - KontoCSV

1 Controller

Hermann Hampel

Kreuzäckerstr. 7 · 85055 Ingolstadt · Germany

Email support@kontocsv.de

(Fewer than 20 people regularly process personal data – no data protection officer is required under Sec. 38 BDSG. Please contact the controller directly if you have questions.)

2 Definitions

The definitions of Art. 4 GDPR apply (e.g. "processing", "personal data").

3 Hosting & Infrastructure

Service	Location	Purpose	Legal basis	Agreement / Safeguard
Google Cloud Run (Google Ireland Ltd.)	Region europe-west3 (Frankfurt)	Serving website / API	Art. 6 (1) f	Cloud DPA incl. SCC, accepted 10 · 06 · 2025
Supabase (Supabase Inc.)	eu-central-1	Authentication, database, object storage	Art. 6 (1) b	DPA + SCC
Supabase	eu-west3 / eu-west1	Realtime DB, storage, auth, push	Art. 6 (1) b / Art. 6 (1) f	Supabase Data Processing Terms + SCC, accepted 10 · 06 · 2025
OpenAI (OpenAI Ireland Ltd. / OpenAI LLC)	Ireland · USA	AI-powered PDF analysis	Art. 6 (1) b	DPA 07 · 06 · 2025 incl. SCC & EU-US DPF
Stripe (Stripe Payments Europe Ltd.)	Ireland	Payment processing	Art. 6 (1) b	Independent controller

4 Purposes of Processing & Legal Bases

Processing	Data	Purpose	Legal basis
Website visit	IP address, user agent, timestamp, referrer	Technical delivery & security logs	Art. 6 (1) f
Registration / login	Email, password hash, session token	Performance of the contract	Art. 6 (1) b
PDF upload & AI analysis	PDF content, metadata	Conversion to CSV / XLSX	Art. 6 (1) b
Payment	Name, email, card data	Performance of the contract	Art. 6 (1) b
Realtime sync / auth (Supabase)	Device token, app ID, event data	Live status & push notifications	Art. 6 (1) f
Support contact	Email, message	Handling your request	Art. 6 (1) f
Cookies / local storage	Session & CSRF tokens	Login persistence	§ 25 (2) No. 2 TTDSG in conjunction with Art. 6 (1) f

No analytics or marketing cookies are set – a consent banner is therefore not required. If analytics or similar tools are added in the future, a consent banner will appear.

5 AI Processing & Third-Country Transfers

Uploaded PDF pages are transmitted to OpenAI in encrypted form so the Vision model can extract text and structure.

Legal framework: Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework, DPA 07 · 06 · 2025.
Storage period at OpenAI: max. 30 days (API retention).
Training: API data is not used for model training.
Automated decisions: no decisions within the meaning of Art. 22 GDPR, only rule-based extraction.

Supabase runs in EU data centers. Processing is fully GDPR-compliant with additional technical safeguards (TLS 1.3, access controls).

6 Retention Periods

Data type	Deletion / retention
Server logs	30 days
PDF files & intermediate results	Automatic hard delete ≤ 24 h
Contract & invoice data	10 years (HGB, AO)
Support emails	≤ 1 year after completion
Session tokens	Deleted when the account is removed or user opts out

7 Technical & Organisational Measures (TOM)

•TLS 1.3 end-to-end · AES-256 at rest

•Optional CMEK encryption in Cloud Run & Supabase

•Role & rights concept, MFA for admin accounts

•In-memory processing + 24-hour deletion routine

•Pen tests & vulnerability scans at least annually

•Subprocessor monitoring (15 days prior notice)

8 Your Rights (Art. 15 – 22 GDPR)

You may request access, rectification, erasure, restriction, data portability or object at any time. Contact: support@kontocsv.de.

You also have the right to lodge a complaint with a supervisory authority (e.g. BayLDA, Promenade 27, 91522 Ansbach).

9 Withdrawal of Consent

Processing activities based on your consent can be withdrawn at any time without formal requirements. The lawfulness of processing carried out before the withdrawal remains unaffected.

10 Obligation to Provide Data

Email, password and payment details are required for registration, PDF upload and payment. Without this data, the paid services cannot be provided.

11 Changes to this Notice

We update this privacy notice whenever processes, service providers or legal requirements change. Current version: https://kontocsv.de/datenschutz · Effective 10 · 06 · 2025.