Privacy Policy

Last Updated: January 26, 2025

Receipt Tracker ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Information We Collect

Account Information

When you create an account, we collect:

• Email address - Used for account identification and communication
• Password - Stored securely using industry-standard hashing (bcrypt)
• Google account information - If you sign in with Google, we receive your email address and Google user ID. We do not access your Google contacts, calendar, or other Google services.

Receipt Data

When you use our app to track receipts, we collect:

• Receipt images - Photos you take or import of receipts
• Extracted receipt data - Merchant names, dates, amounts, tax information, and categories
• Notes and descriptions - Any notes you add to receipts

Email Forwarding

If you use our email forwarding feature:

• We provide you with a unique email address for forwarding receipts
• Forwarded emails are temporarily stored on our servers
• Email content (body text and HTML) is encrypted at rest using AES-256-GCM encryption
• Email content is automatically deleted after your device processes the receipt
• We only process image and PDF attachments from forwarded emails

Device Information

• Device token - Used for push notifications (optional)
• Device type - iOS version for compatibility purposes

How We Use Your Information

We use the collected information to:

• Provide and maintain the Receipt Tracker service
• Process and organize your receipts
• Sync your data across your devices
• Send push notifications about new forwarded receipts (if enabled)
• Respond to your support requests
• Improve our services

Data Processing

On-Device Processing

Receipt scanning and OCR (Optical Character Recognition) is performed entirely on your device using Apple's Vision framework and on-device machine learning. Your receipt images are not sent to external OCR services.

Cloud Storage

Your data is stored on:

• Cloudflare D1 - For structured data (account info, receipt metadata)
• Cloudflare R2 - For file storage (email attachments during processing)

All data is stored in Cloudflare's secure infrastructure with encryption at rest.

Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share information only in the following circumstances:

• Service providers - We use Cloudflare for hosting and data storage. They process data on our behalf under strict confidentiality agreements.
• Legal requirements - If required by law, court order, or governmental regulation
• Safety - To protect the rights, property, or safety of our users or others

Third-Party Services

Google Sign-In

If you choose to sign in with Google, your authentication is handled by Google's OAuth 2.0 service. We only receive your email address and a unique identifier. Google's privacy policy applies to their handling of your data: https://policies.google.com/privacy

Apple Services

Our app uses Apple's frameworks for on-device processing. Apple's privacy policy applies to their services: https://www.apple.com/privacy/

Data Retention

• Account data - Retained until you delete your account
• Receipt data - Retained until you delete individual receipts or your account
• Forwarded email content - Automatically deleted after processing (typically within minutes)
• Email attachments - Deleted immediately after your device downloads and processes them

Data Security

We implement appropriate security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest (AES-256-GCM for email content)
• Secure password hashing (bcrypt)
• JWT-based authentication with expiring tokens
• Regular security reviews

Your Rights

You have the right to:

• Access - View all data we have about you
• Correction - Update or correct your information
• Deletion - Delete your account and all associated data
• Export - Request a copy of your data
• Opt-out - Disable push notifications at any time

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

International Users

Your data may be processed in Canada and the United States where our servers are located. By using our service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.