Privacy Policy

1. Introduction

Welcome to ReceiptApp ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our receipt management application and services (the "Service").

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller Information

Company Name: [Your Company Name]
Address: [Your Company Address]
Email: privacy@receiptapp.com
Data Protection Officer: dpo@receiptapp.com

3. Information We Collect

3.1 Personal Information You Provide

• Account Information: Name, email address, password, phone number
• Profile Information: Organization details, user preferences
• Receipt Data: Receipt images, transaction details, vendor information, amounts, dates
• Payment Information: Billing details (processed securely through third-party payment processors)
• Communication Data: Support requests, feedback, correspondence

3.2 Information Automatically Collected

• Usage Data: Service interaction patterns, features used, time spent
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, errors encountered
• Cookies and Tracking: Session cookies, analytics cookies (with consent)

3.3 Information from Third Parties

• OAuth Authentication: Basic profile information from Google, Microsoft, or other OAuth providers
• OCR Services: Processed receipt data from Google Cloud Vision API

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services and fulfill our contractual obligations
• Legitimate Interests: To improve our services, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations
• Consent: For marketing communications and optional data processing

5. How We Use Your Information

We use your information to:

• Provide Services: Create and manage accounts, process receipts, generate reports
• Improve Service: Analyze usage patterns, enhance features, fix bugs
• Communicate: Send service updates, support responses, security alerts
• Ensure Security: Detect and prevent fraud, unauthorized access, and abuse
• Legal Compliance: Meet tax, accounting, and regulatory requirements
• Marketing: Send promotional communications (with consent)

6. Data Sharing and Disclosure

6.1 Service Providers

• Cloud Storage: Google Cloud Platform for secure data storage
• OCR Processing: Google Cloud Vision API for receipt text extraction
• Payment Processing: Stripe or similar for payment handling
• Analytics: Usage analytics providers (with anonymization)

6.2 Legal Requirements

We may disclose information when required by:

• Court orders or legal processes
• Government authorities
• To protect our rights, privacy, safety, or property

6.3 Business Transfers

In case of merger, acquisition, or asset sale, your information may be transferred with appropriate notice.

6.4 Consent-Based Sharing

With your explicit consent for specific purposes.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise these rights, contact us at privacy@receiptapp.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access, multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Data Minimization: Collecting only necessary information
• Employee Training: Privacy and security awareness programs

9. Data Retention

We retain personal data for:

• Active Accounts: Duration of account activity plus legal retention periods
• Receipts: 7 years for tax compliance (or as configured by user)
• Deleted Accounts: 30 days recovery period, then permanent deletion
• Legal Holdings: As required by law or legal proceedings

10. International Data Transfers

If we transfer data outside the EEA, we ensure appropriate safeguards:

• Standard Contractual Clauses: EU-approved transfer mechanisms
• Adequacy Decisions: Transfers to countries with adequate protection
• Consent: Explicit consent for specific transfers

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

12. Cookies Policy

We use cookies and similar technologies:

• Essential Cookies: Required for service functionality
• Analytics Cookies: To understand usage patterns (with consent)
• Preference Cookies: To remember your settings

You can manage cookie preferences through your browser settings.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification
• Prominent notice on our Service
• Update to the "Last Updated" date

15. Contact Us

For privacy-related questions or concerns:

Email: privacy@receiptapp.com
Data Protection Officer: dpo@receiptapp.com
Address: [Your Company Address]

16. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.