← Back to Home

Privacy Policy

Last updated: May 23, 2026

1. Information We Collect

When you use Receiptiles, we collect:

  • Account information: Email address, name, and authentication credentials.
  • Receipt data: Merchant name, items purchased, prices, dates, payment method (last 4 digits only), and transaction totals.
  • Device information: Browser type, operating system, and device identifiers for wallet pass delivery.
  • Usage data: Pages visited, features used, and interaction patterns — collected via cookieless analytics (Umami). No personal identifiers are stored.
  • Email connection data: When you connect Gmail or Outlook, we access receipt-related emails only. We do not read personal correspondence.

2. How We Use Your Information

  • Provide, maintain, and improve the Receiptiles service.
  • Parse and organize your receipts into structured digital records.
  • Deliver digital receipts to your Apple Wallet or Google Wallet.
  • Generate spending insights, budget tracking, and warranty alerts.
  • Communicate service updates, security alerts, and support responses.
  • Develop aggregate analytics for merchants (see Section 4).

3. Data Storage & Security

  • All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Receipt data is processed on-device where possible before transmission.
  • Infrastructure is hosted on SOC 2 Type II certified providers.
  • Database backups are encrypted and stored in geographically redundant locations.
  • We conduct regular security audits and penetration testing.

4. Data Sharing & Third Parties

We share certain data with third parties in the following ways:

  • Aggregated merchant analytics: We provide merchants with anonymized, aggregated purchasing trend data derived from receipt information. This data cannot identify individual consumers.
  • Data partnerships: We may share de-identified and aggregated consumer spending patterns with select commercial partners for market research, advertising, and analytics purposes.
  • Service providers: We share data with infrastructure providers (hosting, email delivery, payment processing) strictly to operate the service, under contractual data protection obligations.
  • Legal compliance: We may disclose data when required by law, subpoena, or to protect our rights and safety.

Your control: You may opt out of data partnerships at any time via your account settings. Opting out does not affect your use of the service.

5. Cookies & Tracking

Our public website uses Umami, a cookieless, privacy-focused analytics tool. It does not use cookies, does not track individuals across sites, and does not collect personal data. No cookie consent banner is required.

Within the authenticated app, we use PostHog for product analytics to improve the user experience. PostHog is self-hosted on our infrastructure.

6. Your Rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Deletion: Request complete deletion of your account and all associated data.
  • Export: Download all your receipt data in a machine-readable format (JSON/CSV).
  • Opt out of data sales: Under CCPA, you can opt out of the sale of personal information.
  • Rectification: Correct inaccurate personal data.
  • Restriction: Limit how we process your data.

To exercise any of these rights, email privacy@receiptiles.com or use the controls in your account settings. We respond within 30 days.

7. Data Retention

  • Active accounts: Data retained for the lifetime of the account.
  • Deleted accounts: All personal data purged within 30 days. Aggregated, de-identified data may be retained.
  • Inactive accounts: Accounts inactive for 24+ months may be subject to deletion after notification.

8. Children's Privacy

Receiptiles is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

9. International Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards (Standard Contractual Clauses or equivalent) are in place for international transfers.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

11. Contact

For privacy-related questions or data requests:

  • Email: privacy@receiptiles.com
  • Data Protection Officer: dpo@receiptiles.com
  • Address: Receiptiles Inc., [Address to be added]
Privacy Policy — Receiptiles · KreditWiz