Privacy Policy

Last updated: March 2026

1. Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you visit our website and use our services. Personal data is any data with which you could be personally identified. CODA OK is a SaaS platform operated by Radom UG (haftungsbeschränkt) for converting CODA bank statement files (.cod) to CSV and Excel formats for the Belgian market.

2. Responsible Party

Radom UG (haftungsbeschränkt)

Geschäftsführer: Arber Lamce

Telemannstr. 2

60323 Frankfurt am Main, Germany

Email: support@coda-ok.be

Due to the size of our company, no data protection officer has been appointed. For data protection inquiries, please contact us at the email address above.

3. Legal Basis

We process your personal data in accordance with:

  • GDPR — Regulation (EU) 2016/679 (General Data Protection Regulation)
  • Belgian Data Protection Act — Kaderwet of 30 July 2018 (Wet betreffende de bescherming van natuurlijke personen met betrekking tot de verwerking van persoonsgegevens)

The legal bases for our processing activities are:

  • Art. 6(1)(b) GDPR — Performance of a contract (providing the CODA conversion service to you)
  • Art. 6(1)(f) GDPR — Legitimate interests (ensuring security, preventing fraud, improving our service)
  • Art. 6(1)(a) GDPR — Consent (where explicitly given, e.g. marketing communications)

4. Data Collection on Our Website

Cookies

Our website uses only technically necessary cookies to ensure proper functionality. These include a session cookie and an authentication token ("auth-token") to keep you logged in. We do not use any third-party tracking, analytics, or advertising cookies.

Server Log Files

Our hosting provider automatically collects and stores information in server log files, which your browser transmits to us. These include your IP address, browser type, operating system, the referring URL, and the time of the server request. This data cannot be assigned to specific persons and is not combined with other data sources.

Registration and User Account

When you create an account, we collect your email address and name (optional). Passwords are stored only in hashed form using bcrypt. Your account data is used to provide our services, manage subscriptions, and communicate with you about your account.

5. Data Processing for Our Service

Uploaded CODA Files

When you upload CODA bank statement files (.cod) for conversion, the files are processed temporarily. When image-based extraction is required, temporary files are created during processing and automatically deleted immediately afterwards. No uploaded files are permanently stored. The data contained in CODA files may include:

  • Transaction data (amounts, dates, structured/unstructured communications)
  • Account numbers and IBANs
  • Counterparty names and details
  • Bank identification information

This data is used solely for the purpose of converting your CODA files to CSV or Excel format. We do not analyse, share, or repurpose this financial data in any way.

Storage Duration

  • Uploaded files — Processed temporarily and deleted immediately after conversion completes. No uploaded files are permanently stored.
  • Generated conversions and metadata — Auto-deleted after 90 days.
  • Account data — Stored for the duration of your account. Upon account deletion, your data is removed immediately and irrevocably, along with all associated conversions and subscriptions. You may delete your account at any time via Settings.

6. Third-Party Services

Azure OpenAI (Document Processing)

We use Microsoft Azure OpenAI Service for intelligent document processing and classification of transaction data. Data is processed in a European data center (Sweden). Microsoft does not use your data to train their AI models. See: Azure OpenAI Data Privacy

Stripe (Payment Processing)

For paid subscriptions, we use Stripe as our payment processor. When you subscribe, your payment information is processed directly by Stripe and is not stored on our servers. Stripe's privacy policy applies to all payment data. See: stripe.com/privacy

7. Your Rights

Under the GDPR and Belgian data protection law, you have the following rights regarding your personal data:

  • Right of access — You can request information about the data we store about you (Art. 15 GDPR).
  • Right to rectification — You can request correction of inaccurate data (Art. 16 GDPR).
  • Right to erasure — You can request deletion of your data. You can also delete your account yourself via Settings (Art. 17 GDPR).
  • Right to restriction of processing — You can request that we restrict processing of your data (Art. 18 GDPR).
  • Right to data portability — You can request your data in a machine-readable format (Art. 20 GDPR).
  • Right to object — You can object to the processing of your data (Art. 21 GDPR).
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR).
  • Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise any of these rights, contact us at support@coda-ok.be. We will respond within one month as required by the GDPR.

8. Supervisory Authorities

As our service is aimed at users in Belgium, the competent Belgian supervisory authority is:

Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)

Drukpersstraat / Rue de la Presse 35

1000 Brussels, Belgium

Website: dataprotectionauthority.be

As our company is registered in Germany (Hesse), you may also contact the responsible German supervisory authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit

Postfach 3163

65021 Wiesbaden, Germany

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption in transit — All data transmissions are secured with SSL/TLS encryption.
  • Password security — Passwords are hashed using bcrypt and are never stored in plain text.
  • German hosting — Our infrastructure is hosted on servers in Germany (European Union).
  • Access controls — Access to user data is restricted to authorised personnel only.
  • Temporary processing — Uploaded CODA files are processed temporarily and deleted immediately after conversion. No uploaded files are permanently stored.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify registered users of material changes via email. The current version of this policy is always available on this page.