BankCodeKit

Security

Security and Local Processing

BankCodeKit is designed so payment-code checks run in the browser. This page explains what the tools do with user-entered IBANs, BICs, invoice details, CSV rows, and payment references.

Browser-Local Tool Logic

Tool inputs are processed by client-side code in the browser. IBAN normalization, checksum review, BIC format parsing, SEPA country lookup, invoice formatting, and CSV export use local code and local reference data.

Where Tool Inputs Are Not Sent

  • BankCodeKit servers or external APIs.
  • Page URLs, query strings, or route parameters.
  • Analytics events or advertising events.
  • Advertising scripts or ad request data.
  • Browser localStorage, sessionStorage, or cookies.
  • Server logs controlled by BankCodeKit application code.

CSV And Clipboard Handling

Bulk IBAN CSV output and copy buttons can contain payment details the user entered. These actions are local browser actions, but the files or copied text can still be sensitive after they leave the page. Handle exported CSV files and copied payment details carefully.

Advertising And Analytics Guardrail

If advertising or analytics is used on the site, tool input values must stay out of analytics events, ad requests, ad scripts, URLs, storage, logs, and cookies. Ads should not be placed inside tool forms, result cards, warnings, copy buttons, download buttons, or navigation. Display-ad eligibility is route-gated so tool pages stay separated from ad slots even if display ads are enabled later.

Format-Only Limitation

Local processing improves privacy, but it does not turn format checks into account verification. BankCodeKit does not confirm account existence, account ownership, bank connectivity, sanctions status, fraud risk, payment readiness, or payment success.