Privacy Policy

Last Updated: January 21, 2026

1. Introduction

Keep My Receipts ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

2. Information We Collect

2.1 Information You Provide

• Receipt Data: Images of receipts, merchant names, amounts, dates, categories, tags, notes, and OCR-extracted text you enter
• Account Information: Email address and authentication credentials
• Multi-Factor Authentication: MFA settings, TOTP secrets (encrypted), and recovery codes (hashed) if you enable MFA
• Organization Data: Organization names, member email addresses, and role assignments when you create or join shared accounts
• Password Reset: Temporary verification codes sent via email (automatically expired after use or timeout)

2.2 Automatically Collected Information

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App usage patterns, features accessed, and crash reports
• Log Data: IP address, access times, and API requests

2.3 Camera and Photos

The app requires camera and photo library access to capture and upload receipt images. Photos are only accessed when you explicitly choose to capture or upload a receipt. We do not access your camera or photos in the background.

2.4 Biometric Data (Face ID / Touch ID / Fingerprint)

If you enable biometric authentication, the app uses your device's built-in biometric sensors (Face ID, Touch ID, or fingerprint) to unlock the app. Important: Your biometric data never leaves your device and is never transmitted to our servers. Biometric authentication is handled entirely by your device's operating system. We only store a preference indicating that you have enabled this optional feature.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Keep My Receipts service
• Process and store your receipt images and extracted data
• Extract text and information from receipt images using AI/OCR technology
• Enable search, filtering, and organization of your receipts using OCR-extracted text
• Facilitate family and business account sharing through organizations
• Send organization invitations and verification emails
• Authenticate your identity using multi-factor authentication
• Process password reset requests and send verification codes
• Detect duplicate receipts to help you avoid redundant uploads
• Send you technical notices and support messages
• Detect and prevent fraud and abuse
• Analyze usage patterns to improve our service

4. Data Storage and Security

Your receipt images and data are stored securely in cloud storage with encryption at rest and in transit. We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted storage of receipt images and data
• Secure authentication and access controls
• Regular security audits and updates

5. Third-Party Services

We use the following third-party services to operate our app:

• Amazon Web Services (AWS):
  • AWS Cognito: For user authentication, account management, and multi-factor authentication
  • AWS S3: For encrypted storage of receipt images
  • AWS DynamoDB: For storing receipt metadata and user information
  • AWS SES: For sending verification emails, password reset codes, and organization invitations
  Please review AWS Privacy Policy.
• OpenAI: For OCR and text extraction from receipt images. Receipt images are temporarily processed through OpenAI's Vision API to extract merchant names, amounts, dates, and line items. Extracted text is stored in our database for search functionality. Please review OpenAI's Privacy Policy.
• Analytics: We may use analytics services to understand app usage and improve our service.

6. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties except:

• With your explicit consent
• To third-party service providers who assist in operating our service (under strict confidentiality agreements)
• When required by law or to protect our rights and safety
• In connection with a merger, acquisition, or sale of assets (with advance notice to users)

6.1 Organization and Family Sharing

When you create or join an organization (family or business account), receipt data you upload to that organization is visible to all members of that organization. Each receipt shows who uploaded it. Organization owners and admins can manage members and permissions. You control which receipts are uploaded to shared organizations versus your personal account.

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and all associated data
• Export: Download your receipt data in a portable format
• Opt-Out: Disable analytics and marketing communications

To exercise these rights, contact us through the support channels provided in the app.

8. Data Retention

We retain your receipt data for as long as your account is active or as needed to provide services. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

9. Children's Privacy

Keep My Receipts is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and to object to processing of your personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: support@keepmyreceipts.app
• Website: keepmyreceipts.app
• Support: keepmyreceipts.app/support

We respond to privacy inquiries within 48 hours.