Privacy Policy

CompanyReceipts ("CompanyReceipts," "we," "us," or "our") provides a receipt and expense manager that lets you capture receipt images and record the financial details on them — vendor, date, totals, tax, payment method, and category — across your personal expenses and one or more businesses. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices and rights you have. It applies to the CompanyReceipts iOS app, the web dashboard at companyreceipts.com, and related services (the "Service").

Information we collect

• Account information. Your email address, and optionally your name and chosen subscription tier, created when you sign up.
• Receipt content you create. Receipt images you capture or upload, and the data extracted from or entered about them: vendor name, purchase date, subtotal, tax, total, currency, payment method, card type, last four digits of a card (if you choose to record it), receipt number, category, notes, line items, and tax-deductible status.
• Receipts you email in. If you forward a receipt to receipts@inbound.companyreceipts.com, we match the sender address to your account and file the message's attachments and text as a receipt for you to review. Forwards from an address that doesn't match an account are discarded.
• Business & organization data. Companies you create, mileage trips, custom categories, team membership, roles, and approval activity if you use the team features.
• Technical data. Authentication tokens and session cookies needed to keep you signed in, plus basic logs (such as request timestamps and error diagnostics) generated by our hosting providers.

Where the app reads a receipt's details, that on-device processing happens on your phone. We do not sell your data, and we do not use your receipt images or financial records to train advertising profiles.

How we use your information

• To provide the Service — store, organize, search, and export your receipts.
• To authenticate you and keep your account secure.
• To enable features you turn on, such as emailing a receipt or report, team sharing and approvals, and backing up copies to a cloud drive you connect.
• To provide customer support and respond to your requests.
• To operate, maintain, debug, and improve the Service, and to comply with legal obligations.

Data isolation

Your data is private to you by design. Every record is tied to your account and protected by per-row database access controls (row-level security), so one user cannot read another user's receipts. When you join or create an organization, data is shared only within that organization and only with the members and roles you grant — data stays isolated between different organizations, and your personal (non-shared) receipts remain visible only to you.

Subprocessors & service providers

We rely on a small number of vetted providers to run the Service. They process data only on our instructions and only as needed to provide their function:

• Supabase — application hosting, the PostgreSQL database, authentication, and storage of your receipt images.
• Postmark — transactional email delivery (for example, team invitations and receipts or reports you choose to email), and inbound email processing when you forward a receipt to receipts@inbound.companyreceipts.com for filing.
• Apple — App Store distribution and, if you subscribe in the app, in-app purchase and subscription billing.
• Stripe — payment and subscription processing for plans purchased outside the App Store. Card details are handled by Stripe; we do not store full card numbers.
• Google Drive, Dropbox, Box, or Microsoft OneDrive — only if you explicitly connect one of these to back up copies of your receipts. We access only the folder you authorize, and you can disconnect at any time.

We may also disclose information if required by law, to protect our rights or the safety of others, or in connection with a merger or acquisition (in which case we will notify you and this Policy will continue to apply).

Data retention

We keep your information for as long as your account is active. You can delete individual receipts at any time, and you can delete your entire account from Settings → Account, which permanently removes your receipts, images, and associated records. Residual copies in encrypted backups are purged on our providers' standard backup-rotation cycle.

Your rights & choices

• Access & export. You can export your receipts as JSON and CSV at any time from Settings → Account.
• Correction. You can edit any receipt or account detail directly in the app.
• Deletion. You can permanently delete your account and all associated data from Settings → Account, or by emailing us.
• Withdraw connections. You can disconnect any cloud drive or revoke email sending at any time.

Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to or restrict certain processing and the right to lodge a complaint with a supervisory authority. To exercise any right, contact us at the address below.

Security

Data is encrypted in transit (HTTPS) and at rest by our hosting provider. Access to your records is enforced at the database level so that only you — and the organization members you authorize — can read them. No system is perfectly secure, but we work to protect your information using industry-standard safeguards.

Children

CompanyReceipts is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their data.

International users

Your information may be processed in the United States or other countries where our providers operate. By using the Service you understand your data may be transferred to and processed in those locations.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email.

Contact us

Questions, requests, or privacy concerns? Email support@companyreceipts.com.