Privacy Policy

This Privacy Policy explains how Receiptmint ("we," "us," or "our") collects, uses, stores, and protects your information when you use our website and receipt generation tools (the "Service"). We are committed to minimizing data collection and protecting your privacy.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

• Provide, maintain, and improve the Service and its features.
• Save and restore receipt drafts across sessions (signed-in users).
• Process payments and manage subscriptions.
• Respond to support requests, feedback, and inquiries.
• Detect, prevent, and address abuse, fraud, and security issues.
• Analyze usage trends to improve experience and reliability.
• Diagnose errors and monitor performance via Sentry.
• Comply with legal obligations and enforce our Terms.

The Service may introduce features powered by artificial intelligence, such as content suggestions, auto-fill, or template generation. If and when AI features are available:

• Input data you provide (such as receipt fields or prompts) may be sent to third-party AI providers for processing.
• We will only send the minimum data necessary to generate the requested output.
• We will require that AI providers do not use your data to train their models.
• AI-generated content will follow the same retention policies as your receipt drafts.

AI features are optional. Core receipt creation functionality does not require AI. We will update this policy when AI features are introduced, including naming the specific providers used.

If you are in the EEA, UK, or a jurisdiction requiring a legal basis for processing personal data:

• Contractual necessity — account management, draft storage, and core features.
• Legitimate interests — service improvement, security, abuse prevention, and error monitoring.
• Legal obligation — compliance with applicable laws, tax requirements, and regulations.
• Consent — non-essential cookies and marketing communications. You may withdraw consent at any time.

We may share data with the following categories under appropriate safeguards:

• Infrastructure — Convex (database and backend services).
• Authentication — Google OAuth and email/password sign-in.
• Transactional email — Resend for password reset and account access emails.
• Payments — DodoPayments (merchant of record) for billing, subscriptions, and tax compliance.
• Analytics — Google Analytics and Vercel Analytics.
• Error monitoring — Sentry for error tracking, performance monitoring, and session replay.
• Legal and safety — when required by law, subpoena, or court order, or to protect rights, safety, or property.

The following third-party services process data on our behalf:

We maintain data processing agreements with each sub-processor. This list is updated when we add or remove providers.

• Account data — retained while active. Deleted within 30 days of account deletion, except where longer retention is required by law.
• Receipt drafts — retained while your account is active. Deleted when you delete your account or individual receipts.
• Payment records — transaction metadata retained for up to 7 years for tax and legal compliance, as required by applicable law.
• Usage and analytics — retained in aggregated or anonymized form. Raw analytics data is retained for up to 26 months (Google Analytics default).
• Error reports — Sentry retains error data for 90 days.
• Guest data — stored locally in your browser only. Never retained on our servers.

We implement industry-standard technical and organizational measures including encrypted data transmission (TLS/SSL), secure cloud infrastructure, and access controls. No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

Your information may be transferred to and processed in countries other than your own, including the United States (where our infrastructure providers operate). When transferring data internationally, we use appropriate safeguards such as standard contractual clauses to protect your information.

We use cookies and similar technologies to:

• Essential cookies — keep you signed in and maintain session security.
• Analytics cookies — understand how the Service is used (Google Analytics, Vercel Analytics).

You can manage cookie preferences through your browser settings. Disabling cookies may affect some features, particularly authentication.

We honor Global Privacy Control (GPC) opt-out signals sent by your browser. If your browser sends a GPC signal, we treat it as a valid request to opt out of any non-essential data collection.

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, contact support@receiptmint.com.

To exercise any of these rights, contact us at support@receiptmint.com or through our contact page. We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA).

The Service may contain links to third-party websites. We are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any external services you visit.

We may update this policy to reflect changes in our practices or the law. When material changes are made, we update the "Last updated" date and notify you by email or through the Service at least 30 days before changes take effect. We review this policy at least annually.

If you have questions about this Privacy Policy or your personal data, you can reach us through:

• Email: support@receiptmint.com
• Web: receiptmint.com/contact