PRIVACY POLICY FOR RECEIPTLY: RECEIPT TRACKER
Effective Date: January 1, 2026
Last Updated: January 1, 2026
================================================================================
1. INTRODUCTION
Code Xcess ("we," "us," or "our") operates the Receiptly mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
Please read this Privacy Policy carefully. By using Receiptly, you agree to the collection and use of information in accordance with this policy.
================================================================================
2. INFORMATION WE COLLECT
2.1 Personal Information
When you use Receiptly, we may collect the following personal information:
- Account Information: Email address, name, and profile picture (if using Google Sign-In)
- Authentication Data: Login credentials and authentication tokens
- Payment Information: Purchase receipts and subscription status (processed through Google Play Billing and App Store)
2.2 Receipt Data
- Receipt Images/PDFs: Documents you upload through the App
- Extracted Receipt Information: Merchant name, date, price, category, currency, and notes extracted via OCR or AI scanning
- Receipt Metadata: Upload date, favorite status, receipt type (income/expense)
2.3 Device Information
- Device Identifiers: Device ID for push notifications
- Usage Data: App interactions, feature usage, and error logs
- Storage Usage: Amount of storage consumed by your receipts
2.4 Automatically Collected Information
- Technical Data: IP address, device type, operating system, app version
- Analytics Data: App performance metrics and crash reports
================================================================================
3. HOW WE USE YOUR INFORMATION
We use the collected information for the following purposes:
3.1 Service Delivery
- Provide OCR and AI-powered receipt scanning functionality
- Store and manage your receipt documents
- Generate expense and income summaries on your dashboard
- Deliver push notifications about subscription status and data retention
3.2 Account Management
- Create and maintain your user account
- Process authentication via email or Google Sign-In
- Manage subscription plans and billing
3.3 AI Processing
- Process receipt images using Google Gemini AI (via Firebase AI Logic SDK)
- Track AI scan usage based on your subscription plan
- Provide accurate data extraction from receipts
3.4 Storage Management
- Store receipt images and PDFs on Wasabi Cloud Storage
- Generate secure presigned URLs for file access
- Enforce storage quotas based on subscription tier
- Execute data retention policies for expired subscriptions
3.5 Communication
- Send subscription expiry warnings
- Notify users about impending data deletion (for expired paid users exceeding 100MB)
- Respond to customer support inquiries
3.6 Improvements
- Analyze app usage to improve features
- Fix bugs and optimize performance
- Develop new functionality
================================================================================
4. DATA PROCESSING AND THIRD-PARTY SERVICES
4.1 Firebase Services (Google)
- Firebase Authentication: User authentication and account management
- Cloud Firestore: Storage of receipt metadata
- Firebase AI Logic SDK: AI-powered receipt scanning using Gemini 2.5 Flash-Lite
- Firebase Cloud Messaging: Push notifications
- Firebase Cloud Functions: Backend business logic
- Privacy Policy: https://firebase.google.com/support/privacy
4.2 Wasabi Cloud Storage
- Purpose: Secure storage of receipt images and PDFs
- Security: Private bucket with time-limited presigned URLs (1-hour expiry)
- Location: Data stored in Wasabi's secure infrastructure
- Privacy Policy: https://wasabi.com/legal/privacy-policy
4.3 Google ML Kit
- Purpose: Basic OCR text recognition from receipts
- Processing: On-device processing (no data sent to Google servers)
- Privacy Policy: https://developers.google.com/ml-kit/terms
4.4 Syncfusion Flutter PDF
- Purpose: PDF processing and generation
- Processing: On-device processing
- Privacy Policy: https://www.syncfusion.com/company/privacy-policy
4.5 Payment Processors
- Google Play Billing: Android in-app purchases
- Apple App Store: iOS in-app purchases
- Payment information is processed directly by these platforms and not stored by us
================================================================================
5. DATA RETENTION
5.1 Active Users
- Free Users (100MB): Receipts stored permanently with no automatic deletion
- Paid Users: Receipts stored permanently while subscription is active
5.2 Expired Subscriptions
When a paid subscription expires:
- Users are downgraded to the free tier (100MB limit)
- 6-Month Grace Period: If storage exceeds 100MB, we provide 6 months before deletion
- Multi-Stage Notifications: 10 notifications sent during grace period via push, in-app modal, and dashboard snackbar
- Automatic Deletion: After grace period, oldest receipts (by upload date) are deleted until storage falls below 100MB
- Reactivation: Users can renew subscription at any time to prevent deletion
5.3 Account Deletion
If you delete your account:
- All receipt data and metadata will be permanently deleted within 30 days
- Backups may be retained for up to 90 days for recovery purposes
- Anonymized analytics data may be retained indefinitely
================================================================================
6. DATA SECURITY
We implement appropriate technical and organizational measures to protect your data:
- Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
- Authentication: Secure Firebase Authentication with industry-standard protocols
- Access Control: Presigned URLs with 1-hour expiry for receipt access
- Private Storage: Receipt files stored in private Wasabi buckets
- Server-Side Validation: Critical business logic executed on secure backend servers
- Regular Security Audits: Ongoing monitoring and security assessments
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
================================================================================
7. YOUR DATA RIGHTS
Depending on your location, you may have the following rights:
7.1 Access and Portability
- Request a copy of your personal data
- Export receipt details to Excel (Premium plan feature)
7.2 Correction
- Edit receipt information directly in the App
- Update account information
7.3 Deletion
- Delete individual receipts at any time
- Request full account deletion through app settings or by contacting us
7.4 Objection
- Opt out of push notifications in device settings
- Choose AI usage preferences (always use, never use, or ask each time)
7.5 Data Minimization
- We only collect data necessary for app functionality
- You control what receipts you upload
To exercise these rights, please contact us at the email address provided below.
================================================================================
8. CHILDREN'S PRIVACY
Receiptly is not intended for users under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
================================================================================
9. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using Receiptly, you consent to the transfer of your information to our service providers' facilities, including those in the United States and other countries where our third-party services are hosted.
================================================================================
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date
- Sending a push notification for material changes
Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.
================================================================================
11. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information (Note: We do not sell personal information)
- Right to deletion of personal information
- Right to non-discrimination for exercising your rights
================================================================================
12. EUROPEAN PRIVACY RIGHTS (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Legal Basis for Processing:
- Contract performance (providing app services)
- Legitimate interests (improving app functionality)
- Consent (optional features like AI scanning)
================================================================================
13. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Code Xcess
Email: codexcess4@gmail.com
For data protection inquiries specifically, please include "Privacy Policy" in your email subject line.
================================================================================
14. CONSENT
By using Receiptly, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
================================================================================
This Privacy Policy is governed by the laws of Malaysia.