Privacy Policy – ReceiptBrain

Effective Date: March 22, 2026 · Last Updated: April 28, 2026

🌎 ReceiptBrain is available exclusively in the United States and Canada. This Privacy Policy is written for users in those jurisdictions.

ReceiptBrain ("the App", "we", "our") is developed and operated by the developer of ReceiptBrain ("Developer"). This Privacy Policy explains how the App handles your information. We are committed to protecting your privacy and being fully transparent about our data practices.

Short version: ReceiptBrain stores all your receipt data locally on your device and in your personal iCloud account. We have no servers. We never see your data. For AI-powered receipt parsing, we send only sanitized text (all sensitive fields removed) to OpenAI's API via a Cloudflare Worker proxy. These are the only third-party services that handle any data from the App.

1. Scope and Geographic Availability

ReceiptBrain is available exclusively on the Apple App Store in the United States and Canada. This Privacy Policy is governed by and construed in accordance with the laws of Canada (including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25)) and the laws of the United States (including the California Consumer Privacy Act (CCPA/CPRA) and the Children's Online Privacy Protection Act (COPPA)).

Use of the App outside the United States and Canada is not authorized. If you access the App from outside these territories, you do so at your own risk and you are responsible for compliance with local laws. This Privacy Policy does not extend rights or obligations under the laws of any other jurisdiction, including the European Economic Area (EEA) or the United Kingdom.

2. Information We Collect

2.1 Information You Provide

When you use ReceiptBrain, you may provide:

Receipt images (captured via camera or imported from your photo library)
Receipt data (store name, items, amounts, dates, return deadlines)
Warranty information
Budget settings and spending categories
Optional profile name and photo (stored locally only)
Notes and tags you add to receipts

2.2 Information Collected Automatically

ReceiptBrain does not collect analytics, crash reports, usage statistics, advertising identifiers, or any telemetry data. We do not use Firebase, Crashlytics, Sentry, Amplitude, Mixpanel, or any similar third-party analytics SDK.

2.3 In-App Purchases

Subscription purchases (ReceiptBrain Pro and Ultra Pro) are processed entirely by Apple through the App Store. We never receive, store, or process your payment card information. Apple's privacy policy governs all payment transactions: apple.com/legal/privacy.

3. How We Use Your Information

Your receipt data is used exclusively to provide the App's features:

Displaying your receipts, warranties, and spending summaries
Sending return deadline and warranty expiry notifications
Generating spending insights, budgets, and Year in Review summaries
AI-powered receipt parsing (see Section 5 for full details)

We do not use your data for advertising, profiling, sale to third parties, or any purpose other than providing the App's features directly to you.

4. Where Your Data Is Stored

    On your device: All receipt data is stored locally using Apple's SwiftData framework.
In your iCloud account: If iCloud is enabled, your data syncs to your personal iCloud CloudKit container — encrypted and accessible only to you.
No ReceiptBrain servers: We operate no backend servers. Your data never passes through our infrastructure.
iCloud encryption: Data stored in iCloud is encrypted in transit and at rest by Apple. Only you can access it with your Apple ID.

  

You can disable iCloud sync at any time in your device's Settings → [Your Name] → iCloud → ReceiptBrain. Disabling iCloud sync keeps all data local to that device only.

5. AI-Powered Receipt Parsing (OpenAI via Cloudflare)

📋 Your Consent Is Required Before Any Data Is Sent

ReceiptBrain asks for your explicit permission before sending any receipt data to a third-party AI service. During onboarding (and again before your first AI-powered scan if you skipped onboarding), the app presents a dedicated consent screen that discloses exactly what data is sent, identifies who receives it (OpenAI and Cloudflare), and requires you to tap "I Agree — Enable AI Scanning" before any data leaves your device. You may decline at any time — the app continues to work with manual entry, and no data is sent to any AI service. Note: receipt scanning via camera requires AI processing and is not available without consent. You can also revoke consent at any time in Settings → AI Scanning.

ReceiptBrain uses OpenAI's API to extract structured data (store name, items, totals, dates) from your receipts. API requests are routed through a Cloudflare Worker proxy — a serverless intermediary that handles the network request on your behalf. OpenAI and Cloudflare are the only third-party services that handle any data from the App.

5.1 What Is Sent to OpenAI

What is sent: Sanitized plain text extracted from your receipt by Apple's on-device OCR (Vision framework). The text is processed through a privacy filter before sending that is designed to remove certain categories of personal information (see below). Receipt images are never sent.

What the sanitization pipeline is designed to strip before sending:

Credit/debit card numbers
Customer phone numbers
Customer email addresses
Customer names
Loyalty card numbers and membership IDs
Social Insurance Numbers (SIN) and Social Security Numbers (SSN)

What may be present in the text sent to OpenAI (because it is needed for parsing or is not actively stripped):

Store name, store address, and store phone number
Receipt / transaction numbers
Payment method type (e.g., "Visa", "Debit", "Cash") — not card numbers
Cashier names or employee IDs if printed on the receipt
Item names, quantities, prices, subtotals, taxes, and totals
Purchase date and time

See Section 5.2 for important limitations of the automated sanitization pipeline. If you have concerns about a receipt containing sensitive personal information, use the manual entry option instead of AI-powered scanning.

5.2 Sanitization Limitations

The sanitization pipeline is automated and operates on a best-efforts basis. While it is designed to remove the categories of information listed above, no automated system can guarantee 100% removal of all possible personal information across all receipt formats. Unusual receipt layouts, handwritten annotations, novel merchant formatting, or OCR misrecognition may result in information not being fully redacted.

By using AI-powered scanning features, you acknowledge and accept this residual risk and agree that the Developer is not liable for any personal information that may inadvertently remain in sanitized text transmitted to OpenAI. If you have concerns about a particular receipt containing sensitive information, you should use the manual entry option instead of AI-powered scanning.

5.3 OpenAI's Privacy Practices

OpenAI's handling of any data submitted via their API is governed solely by OpenAI's own Privacy Policy and API Terms of Service — not by this Privacy Policy. We make no representations or warranties regarding OpenAI's data practices, security, or availability, and we are not responsible for OpenAI's privacy or security practices.

We have reviewed the publicly available privacy policies and data handling practices of both OpenAI and Cloudflare and believe they maintain appropriate safeguards for the limited sanitized data transmitted. We selected these services based on their published security standards and industry reputation. We are not responsible for their practices and make no guarantee regarding their security or availability. Users are encouraged to review these policies directly using the links below.

We encourage you to review OpenAI's privacy practices before using AI-powered features:

By using AI-powered receipt parsing features, you acknowledge that your sanitized receipt text will be processed by OpenAI and routed via Cloudflare, each subject to their own terms and privacy policies.

5.4 Spending Coach (AI Savings Suggestions)

💡 Spending Coach — Separate Consent, Separate Data

The Spending Coach is a Pro-only feature that generates personalised, AI-powered savings suggestions at the end of each month. It uses a separate, explicit consent prompt within the app — you must actively tap "Generate My Savings Plan" before any data is sent. No data is sent automatically or in the background.

What is sent when you use Spending Coach:

Spending category totals and historical averages (e.g. "Dining: $180 this month, avg $140")
Item names and store names from your receipts (e.g. "Oat Milk at Whole Foods: 3×, $14.97")
Subscription names and monthly costs (e.g. "Netflix: $17.99/month")
Budget limits and overrun amounts (if you have budgets set)
Returnable item counts and values still within return window

What is never sent:

Receipt images
Card numbers, phone numbers, email addresses, or personal names
Individual transaction amounts or full receipt text
Any data from receipts you have not scanned

The Spending Coach is available to Pro subscribers only. Suggestions are generated at most once per month and are cached locally on your device. The data sent is used solely to generate your personalised savings plan and is not used to train AI models (subject to OpenAI's API data usage policies — see Section 5.3).

⚠️ Not Financial Advice

Spending Coach suggestions are AI-generated estimates based on your spending history and are provided for informational purposes only. They do not constitute financial, investment, tax, or legal advice. ReceiptBrain is not a financial advisor, broker, or fiduciary. Always consult a qualified financial professional before making financial decisions.

5.5 Pro vs. Free Tier

Free tier: Sanitized OCR text is sent to GPT-4o mini for parsing.
Pro tier: Sanitized OCR text is sent to GPT-4o mini as the primary model, with GPT-4o used as a fallback for higher accuracy when needed. Pro subscribers also have access to the Spending Coach feature (see Section 5.4).
In both cases, only sanitized plain text is transmitted — no images, no PII.

6. Notifications

ReceiptBrain may send local push notifications for return deadlines, warranty expiry reminders, and weekly spending summaries. These notifications are generated entirely on your device — no notification data is sent to any server. You can manage notification permissions in your device's Settings → Notifications → ReceiptBrain, or within the App's Settings screen.

7. Camera and Photo Library Access

ReceiptBrain requests access to your camera and photo library solely to capture or import receipt images. Images are processed on-device by Apple's Vision OCR framework. Images are stored locally on your device (and in iCloud if enabled). We do not upload images to any server.

8. Children's Privacy

ReceiptBrain is rated 4+ on the App Store and is intended for general audiences. The App does not knowingly collect personal information from:

United States: Children under the age of 13, as defined by the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.
Canada: Minors below the age of majority in their province or territory, as applicable under PIPEDA and provincial privacy legislation.

The App does not contain advertising, social features, or any mechanism for children to share personal information.

Because all data is stored locally on your device and in your personal iCloud account — and we operate no servers — we do not have the ability to access or delete data on your device on your behalf. If you believe a child has used the App and you wish to remove any data, a parent or guardian can do so directly:

Open the App → Settings → Delete All Data to permanently remove all receipts and data from the device
To also remove iCloud data: delete the App from the device, or go to Settings → [Your Name] → iCloud → Manage Account Storage → ReceiptBrain → Delete Data

If you have questions about this process or concerns about data that may have been transmitted to OpenAI via AI-powered scanning, please contact us at the address in Section 13. We will respond within 30 days and assist to the extent technically possible.

9. Your Privacy Rights

9.1 General Rights (All Users)

Because all your data is stored locally on your device and in your personal iCloud account, you have full control at all times:

Access: All your data is visible within the App at any time.
Correction: You can edit any receipt or warranty directly in the App.
Deletion: Use Settings → Delete All Data to permanently delete all receipts and warranties from your device. To remove iCloud data, delete the App or disable iCloud sync in your device Settings.
Portability: Use the CSV or PDF export features to export your data at any time.

9.2 CCPA / CPRA (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

The right to know what personal information is collected about you
The right to delete personal information we hold about you
The right to opt out of the sale or sharing of personal information
The right to non-discrimination for exercising your privacy rights
The right to correct inaccurate personal information
The right to limit use of sensitive personal information

ReceiptBrain does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. Because all data is stored locally on your device, you can exercise your deletion and access rights directly within the App. For any additional requests, contact us at the address in Section 13.

9.3 Canadian Privacy Rights (PIPEDA / Quebec Law 25)

ReceiptBrain is developed in Canada and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25). We collect only the minimum information necessary to provide the App's features. You have the right to:

Access your personal information held by us
Correct inaccurate personal information
Withdraw consent to the collection or use of your personal information (subject to legal or contractual restrictions)
Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Commission d'accès à l'information du Québec (for Quebec residents)

10. Data Security

We implement the following security measures:

All communication with the Cloudflare Worker proxy and OpenAI's API uses HTTPS with TLS 1.2 or higher, enforced by Apple's App Transport Security (ATS)
iCloud data is encrypted in transit and at rest by Apple
The OpenAI API key is stored as a server-side secret in the Cloudflare Worker and is never embedded in the iOS app binary or transmitted to users
No user credentials or payment information are stored by the App
API calls use ephemeral URL sessions — no disk cache, no persistent cookies

Security Disclaimer: While we take reasonable and industry-standard steps to protect your information, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

11. Third-Party Services

ReceiptBrain uses the following third-party services:

OpenAI API — Used for AI receipt parsing. Only sanitized text is sent. No PII is transmitted. Privacy policy: openai.com/privacy
Cloudflare Workers — Used as a serverless proxy to route AI parsing requests from the App to OpenAI. Cloudflare's servers handle the network request in transit and may process standard HTTP metadata (such as IP address, user agent, and timestamp) in accordance with Cloudflare's privacy policy. Cloudflare does not receive your receipt images or any data beyond the sanitized text payload. Privacy policy: cloudflare.com/privacypolicy
Apple iCloud / CloudKit — Used for cross-device sync. Data is stored in your personal iCloud account, not on our servers. Privacy policy: apple.com/legal/privacy
Apple App Store — Used for subscription purchases. We never receive payment information. Privacy policy: apple.com/legal/privacy

We do not use any advertising networks, analytics SDKs, data brokers, or any other third-party services beyond those listed above. We are not responsible for the privacy practices, security, or content of any third-party services. Your use of those services is governed by their respective privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the App and delete it from your device.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

ReceiptBrain
Location: Ottawa, Ontario, Canada
Email: receiptbrain.support@gmail.com

We will respond to privacy inquiries within 30 days of receipt.