Privacy Policy

Last Updated: February 2026

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Organization or company name (for business accounts)
• PIN code (stored in encrypted form)

1.2 Receipt Data

When you use our service to capture receipts, we process:

• Receipt images and photographs
• Extracted receipt information (merchant name, date, amounts)
• Categories and business entities you assign to receipts
• Notes and annotations you add

1.3 Cloud Storage Account Information

Receipt Capture integrates with cloud storage providers to store your receipt files. When you connect a cloud storage account:

Dropbox Integration

• Your Dropbox account email address
• Authorization tokens (refresh tokens) to access Dropbox on your behalf
• Limited Dropbox metadata necessary for file storage and organization

Google Drive Integration

• Your Google account email address
• Authorization tokens to access Google Drive on your behalf
• Limited Google Drive metadata necessary for file storage and organization

We do not access or store your passwords. Authentication is handled securely through OAuth 2.0 protocols provided by Dropbox and Google.

1.4 Usage Data

We automatically collect certain information when you use our service:

• Device information (device type, operating system, browser type)
• IP address and general location data
• Usage patterns (features used, time spent, actions taken)
• Error logs and diagnostic data

2. How We Use Your Information

We use the information we collect to:

• Provide our services: Process, store, and organize your receipts
• Integrate with cloud storage: Store your receipt files in your connected Dropbox or Google Drive account
• Improve our service: Analyze usage patterns to enhance features and user experience
• Communicate with you: Send service updates, security alerts, and support messages
• Ensure security: Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations: Meet applicable legal and regulatory requirements

3. Third-Party Services

3.1 Dropbox Integration

Receipt Capture integrates with Dropbox to provide cloud storage for your receipts. When you enable this integration:

• Your receipt files (as PDFs) are stored in your own Dropbox account
• Files are organized in folders based on date and business entity
• We access only the folders and files created by Receipt Capture
• You can revoke access at any time through your Dropbox account settings
• Dropbox's Privacy Policy applies to data stored in Dropbox

3.2 Google Drive Integration

Receipt Capture offers integration with Google Drive as an alternative storage option. When you enable this integration:

• Your receipt files are stored in your own Google Drive account
• We access only the folders and files created by Receipt Capture
• You can revoke access at any time through your Google Account settings
• Google's Privacy Policy applies to data stored in Google Drive

3.3 AI Processing Services

We use AI services to extract information from receipt images:

• Receipt images are processed using Anthropic's Claude API for OCR and data extraction
• Images are transmitted securely and are not retained by the AI service provider after processing
• Extracted data (vendor, amount, date) is stored in our database

3.4 Other Third-Party Services

We may use third-party services for:

• Cloud hosting and infrastructure (Vercel, Supabase)
• Analytics and performance monitoring
• Payment processing (for premium features)

These providers are contractually obligated to protect your data and use it only as directed by us.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• With your consent: When you explicitly authorize sharing
• With service providers: Third parties who help us operate our service
• For legal compliance: When required by law, regulation, or legal process
• For safety: To protect rights, safety, and property of users and the public
• Business transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you delete your account
• Receipt data: Retained until you delete individual receipts or your account
• Cloud storage files: Stored in your own Dropbox/Google Drive account under your control
• Usage data: Retained for up to 24 months for analytics purposes

After account deletion, we will remove your personal data within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication via PIN codes and OAuth
• Regular security audits and vulnerability assessments
• Row-level security in our database ensuring tenant isolation

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing of your data
• Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information below.

8. Multi-Tenant Architecture

Receipt Capture operates as a multi-tenant application, meaning multiple organizations use our shared infrastructure. We maintain strict data isolation between tenants:

• Each organization's data is logically separated
• Row-level security policies prevent cross-tenant data access
• Administrative users can only access their own organization's data
• Each tenant can configure their own cloud storage integration

9. Children's Privacy

Receipt Capture is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification to your registered email address
• Displaying a notice within the application

Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us