Privacy Policy — Receipto

1. Introduction

Welcome to Receipto, a service provided by AppWrapp, LLC ("we," "our," "us," or "Company"). We operate the website at receipto.app and our mobile applications (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI-powered receipt scanning, expense tracking, and tax preparation tools.

By using Receipto, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Data

Name: For account identification.
Email Address: For account creation, authentication, and communications.

2.2 Financial Data

Receipt Images: Uploaded photos or camera scans.
Email Content: From the "Magic Mail-In" feature — only emails forwarded to your unique Receipto address.
Transaction Details: Extracted from receipts (merchant name, amount, date, category, line items).
Exported Data: CSV/PDF reports generated by the user.

2.3 Usage Data

Device Information: OS version, device model.
Usage Analytics: Screens visited, features used, buttons tapped, session duration.
Session Recordings: Screen interactions with all input fields masked — see Section 5.
In-App Purchase Status: Subscription status and type.

2.4 Device Identifiers

A device identifier used to measure advertising effectiveness and attribute app installs to advertising campaigns (e.g., Apple Search Ads). On iOS, this requires your explicit permission via the App Tracking Transparency prompt. You can grant or revoke this permission at any time in iOS Settings → Privacy & Security → Tracking.

2.5 Crash and Diagnostic Data

Crash reports and error logs, including stack traces and basic user context (user ID, subscription tier), to help us identify and fix bugs.

3. How We Use Your Information

We use your data to:

Provide Core Services: Process receipts, extract transaction data, generate reports.
Authenticate Users: Manage your account and subscription status.
Process Payments: Handle billing for Pro subscriptions via Stripe (web) or Apple In-App Purchase (iOS).
Improve the Service: Analyze usage patterns to enhance features and performance.
Communicate: Send service updates, security alerts, and subscription notifications.
Advertising Measurement: With your permission (iOS ATT prompt), we use a device identifier to measure which advertising campaigns (e.g., Apple Search Ads) brought you to Receipto. This helps us understand which channels are effective. We do not use this data to show you targeted ads.

4. Third-Party Service Providers (Sub-Processors)

We share your data with the following trusted partners to operate our Service:

Provider	Purpose	Data Shared	Privacy / Location
Supabase, Inc.	Database & Authentication	Email, account data, receipt data	USA / EU — privacy policy
Cloudflare R2	Secure File Storage	Receipt images	Global — privacy policy
OpenAI, LLC	AI Receipt Processing	Receipt images and text (opt-out of training)	USA — privacy policy
Amplitude, Inc.	Product Analytics	Events, user properties (email, subscription tier, onboarding answers)	EU data center — privacy policy
UXCam, Inc.	Session Replay	Screen recordings, user properties (email, subscription tier). All input fields masked.	EU — privacy policy
RevenueCat, Inc.	Subscription Management & Ad Attribution	User ID, subscription transactions, device identifier (for Apple Search Ads attribution)	USA — privacy policy
Apple, Inc.	In-App Purchases (iOS)	Purchase transactions processed natively on device	Global — privacy policy
Stripe, Inc.	Payment Processing (Web)	Name, email, billing information	Global (PCI-DSS) — privacy policy
Google Firebase	Push Notifications	FCM token (device push notification identifier)	USA — privacy policy
Sentry, Inc.	Crash Reporting	Crash logs, error traces, user ID, subscription tier	USA — privacy policy

Note on payments: Mobile (iOS) subscriptions are processed entirely through Apple In-App Purchase. Stripe is used for web-based subscriptions only. Neither processor stores full credit card numbers.

4.1 AI Processing Disclosure (IMPORTANT)

Receipt images and text are sent to OpenAI's API for automated data extraction (merchant name, amount, date, category). We use OpenAI's enterprise API with data training disabled — your receipt data is never used to train AI models and is not retained by OpenAI beyond the processing request.

Receipt images are stored in your account on Cloudflare R2 and are only accessible to you and users you explicitly share them with.

If you have concerns about AI processing, please contact us before using the Service.

5. Session Replay & Analytics

5.1 Event Analytics (Amplitude)

We use Amplitude to track anonymized product events (e.g., screens viewed, features used, onboarding steps completed). This helps us understand how users navigate the app and which features are most valuable. Data is stored in Amplitude's EU data center. No receipt content or financial data is included in these events.

5.2 Session Replay (UXCam)

We use UXCam to record screen sessions for usability research. Recordings help us identify confusing flows and fix UX problems.

Privacy protections:

All text input fields are automatically masked — we never see what you type
Financial values on receipts are masked
Sessions are linked to your subscription tier (paying vs. free) but not to personally identifiable information visible on screen
Data is stored in EU data centers
Retention period: 90 days

To opt out: Contact support@receipto.app and we will disable session recording for your account.

6. App Tracking Transparency (iOS)

On iOS 14.5 and later, Receipto requests your permission to use a device identifier to measure advertising effectiveness through Apple's App Tracking Transparency (ATT) framework.

What we use it for: If you grant permission, a device identifier may be used by RevenueCat to attribute your app install to an Apple Search Ads campaign. This is advertising measurement only — it tells us which of our ads are working. We do not use this permission to show you targeted ads or sell your data.

What happens if you decline: Receipto works fully without tracking permission. You will not see any difference in functionality. We will not ask again after you make your choice.

How to change your choice: iOS Settings → Privacy & Security → Tracking → Receipto

7. Magic Mail-In Feature: Consent to Parse Emails

When you use the "Magic Mail-In" feature (forwarding receipts to your unique Receipto email address), you explicitly grant us permission to:

Read and parse the subject line, body text, and attachments of forwarded emails.
Extract expense-related information (receipts, invoices, transaction data).
Store extracted data in your Receipto account.

We only process emails sent to your unique Receipto inbox. We do not access your personal email account.

8. Data Retention

Active Accounts: We retain your data for as long as your account is active.
Deleted Data: When you delete receipts or your account, data is permanently removed from our active systems within 30 days.
Backups: Deleted data may persist in encrypted backups for up to 90 days for disaster recovery purposes, after which it is purged.

9. Your Privacy Rights

9.1 GDPR (European Users)

If you are in the EU/EEA, you have the right to:

Access: Request a copy of your personal data.
Rectification: Correct inaccurate data.
Erasure: Delete your account and all associated data.
Portability: Export your data in CSV/JSON format.
Restriction: Limit how we process your data.
Objection: Opt out of certain processing activities.

9.2 CCPA (California Users)

California residents have the right to:

Know: What personal data we collect and how it's used.
Delete: Request deletion of your data.
Opt-Out: We do not sell your personal information to third parties.

9.3 How to Exercise Your Rights

Self-Service: Delete receipts or export data directly in the Receipto app.
Account Deletion: Go to Settings → Delete Account.
Email Us: For data access requests, contact support@receipto.app.

We will respond to verified requests within 30 days.

10. Data Security

We implement industry-standard security measures:

Encryption in Transit: All data is transmitted over HTTPS (TLS 1.3).
Encryption at Rest: Receipt images and sensitive data are encrypted in our databases.
Access Controls: Only authorized personnel can access production systems.
Regular Audits: We conduct security reviews and monitor for vulnerabilities.

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Data Sharing and Selling

We do NOT sell your data to advertisers, data brokers, or third parties for marketing purposes.

We only share data with sub-processors listed in Section 4 to operate the Service.

Advertising measurement: With your ATT consent (iOS only), a device identifier is shared with Apple as part of Apple Search Ads attribution measurement. This is not "selling" your data — it is standard advertising measurement conducted through Apple's own infrastructure. You can revoke this permission at any time in iOS Settings → Privacy & Security → Tracking.

12. Children's Privacy

Receipto is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete their information promptly. If you believe a child under 13 has provided us with personal information, please contact support@receipto.app.

13. International Data Transfers

Your data may be processed in countries outside your residence (USA, EU). We ensure adequate protections through:

Standard Contractual Clauses (SCCs) for GDPR compliance.
Data Processing Agreements (DPAs) with all sub-processors.

For business customers: If you require a formal Data Processing Addendum for GDPR/CCPA compliance, please review our Data Processing Addendum (DPA).

14. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you by:

Posting the updated policy on our website.
Sending an email notification for material changes.

Continued use of the Service after changes constitutes acceptance.

15. Contact Us

For privacy questions, data requests, or concerns:

Support Email: support@receipto.app

Company Email: appwrappllc@gmail.com

Website: receipto.app/privacy

Mailing Address:

AppWrapp, LLC

651 N Broad St, Suite 201

Middletown, DE 19707

United States

End of Privacy Policy