You're trusting us with private information.

• We only collect what we need to analyse your conversations.
• Your messages are encrypted at rest and in transit.
• We never sell your data. Period.
• You can export or delete your data anytime.
• We don't share your information unless legally required.
• You control who sees your reports.

Information you provide

Account information

Email address, password (hashed, we never see it), name (optional), and country/timezone.

Conversation data

Messages you upload or sync, contact names or identifiers, message timestamps, and media files if you choose to include them.

Payment information

Processed by Stripe, we don't store card details. We retain your billing address and transaction history.

Usage information

Which features you use, report generation history, and app settings and preferences.

Information we collect automatically

Technical data

Device type and OS version, app version, IP address (for security), and crash reports and error logs.

Analytics (anonymous)

Feature usage patterns, performance metrics, and general usage statistics.

We don't collect location data, contact lists, photos outside of conversations, or microphone or camera access.

And we never:

• Sell your data to anyone.
• Use your conversations for advertising.
• Share your data with marketers.
• Read your messages ourselves, only the AI analyses them.
• Build profiles to sell.

Encryption

• All conversation data is encrypted at rest in our database.
• TLS encryption protects all data in transit.
• Backups are encrypted and stored separately.

Security measures

• Two-factor authentication available.
• Regular security audits.
• Strictly limited employee access.
• Incident response procedures.
• Compliance with industry standards.

Where your data lives

Primary servers and backups in geographically separate locations. We use Supabase for infrastructure. All locations have strong privacy laws.

Service providers, only when necessary:

Stripe

Payment processing.

Anthropic

AI analysis (anonymised chunks).

Supabase

Infrastructure.

Resend

Email delivery.

All partners are contractually bound to protect your data, limited to what they need, and prohibited from using your data for their own purposes.

Legal requirements

We may disclose data if required by court orders, search warrants, legal investigations, or imminent harm situations. We'll notify you unless legally prohibited.

We never share with

• Advertisers.
• Data brokers.
• Marketing companies.
• Your contacts or their lawyers (without a court order).
• Anyone else without your permission.

Access your data

• Download your messages.
• Export analysis results.
• Get copies of reports.
• See what we have on file.

Control your data

• Delete specific conversations.
• Clear analysis history.
• Remove your entire account.
• Opt out of analytics.

Correct information

• Update account details.
• Fix incorrect data.
• Clarify context.

To exercise these rights: go to Settings → Privacy in the app, or email contact@receipts.love. We'll respond within 30 days.

Data portability

You can export your data as JSON (structured), PDF reports, or in the original message format.

Messages are chunked into segments, sent to Anthropic's Claude API, analysed for patterns, and the results returned and stored. Original messages are never stored by the AI.

AI privacy measures

• No personal identifiers sent.
• Context anonymised.
• No training on your data.
• Secure API connections.
• Regular privacy audits.

Receipts is not for anyone under 18. We don't knowingly collect data from minors. If we discover we have, we'll delete it immediately. Relationship analysis requires maturity, legal consent, and sensitive content handling.

If you're a parent or guardian and believe your child has an account, email contact@receipts.love and we'll close it the same day.

Your data may be processed in various datacenters around the world. We use standard contractual clauses. You have the same privacy rights regardless of location, and local laws may provide additional protections.

GDPR (European users)

You have additional rights under GDPR. We're your data controller. Contact our DPO at contact@receipts.love. You can lodge complaints with your supervisory authority.

CCPA (California users)

You have additional rights under CCPA. We don't sell personal information. You can opt out of analytics. There is no discrimination for exercising your rights.

We maintain a signed statement that we update at least every 30 days confirming we haven't been served with any secret government orders. If the canary stops updating or specific statements disappear, something may be wrong.

Learn more about our warrant canary on the Trust page.

When this document changes in a way that matters for privacy, we will:

• Send email notifications for significant changes.
• Give 30 days notice before changes take effect.
• Provide the option to export data before changes.
• Include a clear explanation of what changed.

For privacy questions: contact@receipts.love. We read and reply to every one, usually within 48 hours. For legal process, see the Trust page.