Privacy Policy

We built Receipto so you'd stop losing money on expired warranties. That mission is a lot easier to trust when we're transparent about how we treat your data — so this policy is written in plain English, not lawyer-speak. The legal basis is the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Who we are

Receipto is operated by Krenn Tobias, based in Austria. We're the data controller under GDPR. You can reach us at tobiaskrenn06@gmail.com.

2. What data we collect

Data you give us directly

• Account data: your email address (or Apple ID if you use Sign in with Apple) and an optional display name.
• Receipt photos and data: the images you capture or upload, plus the fields extracted by our OCR (merchant, date, total, VAT breakdown, category, warranty period, your notes and tags).
• Settings: your notification preferences, language, region, and tax-advisor email if you choose to save one.
• Subscription data: if you buy Pro, your purchase status (handled by Apple and our subscription provider RevenueCat — we never see your payment details).

Data collected automatically

• Diagnostic data: crash reports and basic technical info (iOS version, device model, app version) to fix bugs. We use Firebase Crashlytics for this; data is anonymised.
• Privacy-friendly analytics: aggregate, anonymous usage signals via TelemetryDeck — no IP addresses, no individual tracking, no advertising IDs.

Data we do not collect

• We do not collect your contacts, location, microphone, calendar, or photo library beyond the specific photos you choose to add to Receipto.
• We do not use third-party advertising trackers.
• We do not sell, rent, or license your data to anyone, ever.
• We do not train AI models on your receipts. OCR runs on your device using Apple's Vision framework.

3. Why we collect it

We process your data on the following GDPR legal bases:

• Contract (Art. 6(1)(b) GDPR): to provide the core service — storing your receipts, syncing across devices, sending warranty reminders, generating exports.
• Legitimate interest (Art. 6(1)(f) GDPR): diagnostic data to keep the app from crashing, fraud prevention, and security.
• Consent (Art. 6(1)(a) GDPR): for optional features like push notifications. You can revoke consent at any time in iOS settings or in the app.
• Legal obligation (Art. 6(1)(c) GDPR): for accounting and tax records required by Austrian law if you purchase a subscription.

4. Where it's stored

Your data is stored on Google Firebase servers in Frankfurt, Germany (region europe-west3). This means your data never leaves the European Union for storage purposes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Receipt photos themselves are stored in Firebase Cloud Storage with the same encryption and regional guarantees. You can also choose to back them up to your personal iCloud Drive — in which case Apple's privacy terms apply.

Some sub-processors operate from the United States (see next section). For these, we rely on the EU Standard Contractual Clauses and require equivalent protection under GDPR Article 46.

5. Who we share it with

We use a small number of carefully chosen sub-processors:

• Google (Firebase): Authentication, database, file storage, and crash reporting. Servers in Frankfurt, EU.
• Apple: Sign in with Apple, In-App Purchases, push notifications via APNs.
• RevenueCat: Subscription management. They receive your anonymous user ID and purchase status, never your receipts or personal data.
• TelemetryDeck: Privacy-friendly product analytics. Servers in Iceland and Germany.
• SendGrid: Transactional emails (account confirmations, password resets) only — no marketing.

We do not share your data with anyone else unless legally required (for example, a court order from an Austrian or EU authority). If that ever happened, we'd notify you unless legally prohibited from doing so.

6. How long we keep it

• While you're a user: as long as your account exists. You're in control.
• After deletion: when you delete your account in-app, all your receipts, photos, and personal data are permanently erased within 30 days. Backups are purged within 90 days.
• Subscription records: we keep invoice records for 7 years to comply with Austrian tax law (Bundesabgabenordnung §132), but these contain no receipt content.
• Anonymised analytics: aggregated, non-personal usage data may be retained indefinitely.

7. Your rights under GDPR

You have the right to:

• Access a copy of all the personal data we hold about you (Art. 15 GDPR).
• Rectify incorrect data (Art. 16 GDPR).
• Erase your data — the "right to be forgotten" (Art. 17 GDPR).
• Restrict processing in certain cases (Art. 18 GDPR).
• Port your data to another service in a machine-readable format (Art. 20 GDPR).
• Object to processing based on legitimate interest (Art. 21 GDPR).
• Withdraw consent at any time, where processing is based on consent (Art. 7(3) GDPR).
• Lodge a complaint with your supervisory authority. In Austria, that's the Datenschutzbehörde; in Germany, the BfDI.

The fastest way to exercise most of these rights is to use the "Delete account & data" or "Export my data" buttons in the app's Settings. For anything else, just email us.

8. Children

Receipto is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

If we change this policy in any meaningful way, we'll notify you in the app and by email at least 30 days before the change takes effect. Minor clarifications and typo fixes don't trigger a notification.

10. Contact

We aim to respond to privacy-related requests within 7 working days, and always within the 30-day GDPR deadline.