ReceiptGuard logoReceiptGuard

Privacy Policy

Last updated: December 11, 2025

ReceiptGuard ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered receipt fraud detection platform.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address (via Clerk authentication)
  • Organization name and details
  • Password (encrypted and never stored in plain text)
  • Profile information you choose to provide

Receipt Data

When you upload receipts for processing, we collect:

  • Receipt images and documents
  • Extracted data from receipts (amounts, dates, merchant names, line items)
  • Client information associated with receipts
  • Fraud analysis results and risk scores
  • Manual review notes and flags

Usage Information

We automatically collect certain information about how you use our service:

  • Log data including IP addresses, browser type, and operating system
  • API usage patterns and request timestamps
  • Feature usage and navigation patterns
  • Error logs and performance metrics

Integration Data

When you connect third-party services, we may collect:

  • OAuth tokens and API credentials (encrypted at rest)
  • Integration configuration settings
  • Data synchronized from QuickBooks or Slack

Payment Information

Payment processing is handled by Stripe. We store:

  • Subscription tier and billing cycle
  • Payment history and invoice records
  • Stripe customer ID (no raw payment card data is stored on our servers)

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To process receipts, detect fraud, and provide our core services
  • AI Analysis: To perform OCR processing and AI-powered fraud detection
  • Account Management: To create and manage your account and organization
  • Communication: To send service updates, security alerts, and support responses
  • Billing: To process payments and manage subscriptions
  • Integration Management: To maintain connections with third-party platforms
  • Service Improvement: To analyze usage patterns and improve our platform
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with legal obligations and enforce our terms

3. Third-Party Services and Data Processing

We work with trusted third-party service providers who process data on our behalf:

OCR Processing

  • Veryfi: Receipt image processing and data extraction
  • Taggun: Additional OCR processing capabilities

Infrastructure and Authentication

  • Clerk: User authentication and session management
  • Supabase: Database hosting and storage
  • Vercel: Application hosting and deployment

Payment Processing

  • Stripe: Payment processing and subscription management

Communications

  • Resend: Transactional email delivery

All third-party processors are carefully selected for their security practices and GDPR compliance. We have data processing agreements in place with all vendors who handle personal data.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest
  • Organization Isolation: Strict database-level Row Level Security (RLS) policies prevent cross-organization data access
  • Authentication: Secure JWT-based authentication with Clerk
  • Access Control: Role-based permissions and organization membership verification
  • API Security: Rate limiting, input validation, and API key management
  • Monitoring: Continuous security monitoring and logging
  • Regular Audits: Periodic security assessments and vulnerability testing

Despite our security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

5. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active
  • Receipt Data: Retained while your subscription is active and for 30 days after cancellation
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Log Data: Typically retained for 90 days for security and debugging purposes
  • Backup Data: Retained in backups for up to 90 days

After the retention period, we securely delete or anonymize your data. You can request earlier deletion by contacting us.

6. Your Rights (GDPR)

Under GDPR and Dutch data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Request limited processing of your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your data for specific purposes
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise any of these rights, please contact us at support@receiptguard.io. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar tracking technologies to provide and improve our service. For detailed information about the cookies we use, please see our Cookie Policy.

8. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA), including the United States, where our service providers operate. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers certified under EU-US Data Privacy Framework where applicable
  • Adequate data protection measures equivalent to GDPR standards

9. Children's Privacy

ReceiptGuard is a B2B service not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you via email at least 30 days before changes take effect
  • The updated policy will be posted on this page with a new "Last updated" date
  • Continued use of our service after changes constitutes acceptance

11. Data Controller Information

For GDPR purposes, the data controller is:

Untapped
John Franklinstraat 87-2
1056 TB Amsterdam
The Netherlands

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@receiptguard.io

ReceiptGuard logoReceiptGuard
    © Copyright 2025 ReceiptGuard.