Privacy Policy
Effective date: July 2, 2026
1. Overview
Expense Tracker (“the Service”) helps you turn receipts and bank statements into a categorized expense ledger. This policy explains what data the Service collects, how it is processed and stored, who processes it on our behalf, and the controls you have. The short version: we collect only what the product needs, we never sell your data or use it for advertising, receipts are processed by Anthropic’s Claude API and stored in a private bucket only your account can reach, and you can export or delete everything at any time.
2. Data we collect
- Account data — your email address and authentication identifiers (password hash, or your Google / GitHub identity if you sign in with OAuth).
- Expense data — the receipt photos you upload, the bank statement files (CSV/PDF) you import, and the transactions, categories, and line items extracted from them or entered manually.
- Billing data — your plan, subscription state, and monthly usage counts (number of receipt scans and statement imports). Payments are handled by Stripe; card numbers never touch our servers.
- Technical data — standard server logs (IP address, user agent, timestamps) kept for security and debugging.
We do not use advertising trackers or analytics that sell or share your data, and we never ask for your bank credentials — statement data only enters the Service as files you choose to upload.
3. How your data is used
Your data is used solely to operate the Service: extracting and categorizing transactions, matching receipts to statement entries, converting currencies, generating Excel exports, metering free-plan allowances, processing subscription payments, and providing support. We do not sell personal data and do not use your content for advertising or to train AI models.
4. AI processing
When you scan a receipt or import a statement, the receipt image or statement text is sent to Anthropic’s Claude API, which returns the structured transaction data (merchant, date, amounts, line items, category). Under Anthropic’s commercial API terms, data submitted through the API is not used to train Anthropic’s models. AI output can contain errors — the Service shows you the extracted data for review and lets you correct it.
5. Storage and security
Data is stored in Supabase (Postgres and object storage), encrypted in transit and at rest. Receipt images live in a private storage bucket whose paths are scoped per account, and every database table is protected by row-level security — each account can only ever read and write its own rows. Access to the Claude-backed endpoints is rate-limited per user, and plan entitlements can only be changed by verified payment-provider webhooks, not by client requests.
6. Service providers (subprocessors)
The Service runs on a small set of providers, each processing only what its role requires:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, and receipt file storage | Account details, transactions, receipt images, statement files |
| Anthropic | AI extraction and categorization (Claude API) | Receipt images and statement text, sent per request |
| Stripe | Subscription payments | Payment details (card numbers never touch our servers) |
| Optional sign-in and optional Gmail report sending | Sign-in identity; report emails sent through Gmail only when you trigger them | |
| Vercel / Render | Application hosting | Standard request logs (IP address, user agent) |
7. Google user data
If you sign in with Google, we receive only your basic profile (email address and identifier); this use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Emailing expense reports works differently: you provide a Gmail app password, which is stored encrypted and decrypted only on our server at the moment of sending — it is used exclusively to send, via Gmail’s SMTP service, the report emails you explicitly trigger, and it can never read your mailbox. You can revoke it at any time by deleting the app password in your Google account security settings or removing it from the Service’s email settings.
8. Retention and deletion
Your data is kept for as long as your account exists. Deleting a transaction or receipt removes it from the Service; deleting your account removes your account data, transactions, receipt images, and statement files, after which only minimal records we are legally required to keep (for example, payment records held by Stripe for tax purposes) remain with the relevant provider. Server logs rotate on a short schedule.
9. Your rights
Wherever you live, we apply the same baseline: you can access and export your data (the built-in Excel export contains your full history), correct it in the app, or delete it — per item or by deleting your whole account. If you are in a jurisdiction with statutory data rights (such as the GDPR or CCPA), these tools cover access, portability, rectification, and erasure; for anything they don’t cover, email us and we will handle the request directly. We do not sell personal information, so there is nothing to opt out of.
10. Cookies
The Service uses only the cookies required to keep you signed in (authentication session cookies). There are no advertising or cross-site tracking cookies.
11. Children
The Service is not directed at children and may not be used by anyone under 16 (or the age of digital consent where you live).
12. Changes to this policy
If this policy changes materially, we will notify you by email or an in-app notice before the change takes effect, and update the effective date above. See also the Terms of Service.
13. Contact
Privacy questions or requests: expensertrackersupport@gmail.com.