← Back to Home

Privacy Policy

Last updated: October 17, 2025

What We Collect

When you use our invoice OCR service, we collect and store:

  • Uploaded invoice and receipt files (PDF, JPG, PNG)
  • Extracted data: vendor names, dates, amounts, tax, currency
  • Email address (if you choose to create an account)
  • Anonymous session cookies for guest users
  • Basic usage analytics (via privacy-friendly Plausible)

How We Use Your Data

We use your data solely to provide the service:

  • Process invoices with OCR to extract information
  • Display your spending dashboard and reports
  • Generate CSV exports for your records
  • Improve our OCR accuracy over time

We NEVER:

  • ❌ Sell your data to third parties
  • ❌ Use your invoices for advertising
  • ❌ Share your financial information
  • ❌ Train AI models on your private data (unless you opt-in)

Data Retention

🔒 Original files automatically delete after 30 days.

We keep:

  • Original files: Deleted after 30 days (configurable in settings)
  • Extracted data: Kept until you delete your account
  • Backups: Database backed up daily, retained for 30 days

Data Storage & Security

  • Storage Location: EU-based servers (Cloudflare R2 in Europe)
  • Database: Encrypted at rest (PostgreSQL with pgcrypto)
  • File Transfer: HTTPS/TLS encryption
  • Access Control: Row-level security, JWT authentication

Third-Party Services

We use these trusted processors:

  • Vercel: Frontend hosting (US/EU)
  • Railway/Fly.io: Backend hosting (EU region)
  • Cloudflare R2: File storage (EU region)
  • OpenAI: GPT-5 mini for OCR processing (data not retained by OpenAI)
  • Sentry: Error monitoring (EU instance)

Your Rights (GDPR)

You have the right to:

  • Access: Download all your data anytime
  • Delete: Remove individual receipts or your entire account
  • Correct: Edit any extracted information
  • Export: Get your data in CSV format
  • Object: Opt-out of analytics or data processing

Cookies

We use minimal cookies:

  • Strictly Necessary: Session cookies for authentication
  • Analytics: Plausible (no tracking, privacy-friendly, EU-hosted)
  • No Advertising Cookies: We don't use Google Analytics or ad trackers

Contact

For privacy requests or questions:

🛡️ Our Privacy Promise

We built this tool because we hate companies that mishandle data. Your financial information is sensitive. We treat it with the respect it deserves. If you have any concerns, please reach out.