Plain-English summary: We collect your email to create your account and receipt images to extract expense data. We use AI services to read your receipts. Your data is stored on secure servers in Germany (EU). You can delete your data anytime by emailing
[email protected]. We never sell your data.
Who we are
Expense Pal is a mobile application that helps individuals and small businesses track expenses by automatically extracting data from receipt photographs using artificial intelligence. The app is available on iOS and Android.
For privacy matters, we can be reached at [email protected].
Information we collect
We collect the following categories of information when you use Expense Pal:
- Account information: Your email address and a securely hashed password when you register. We never store your plain-text password.
- Receipt images: Photos or PDF files you upload, forward by email, or send via WhatsApp for processing. These may contain merchant names, prices, dates, and any other information visible on a receipt.
- Extracted receipt data: Structured data extracted from your receipts, including merchant name, date, total, tax, tip, currency, payment method, and individual line items.
- Profile information: Names you assign to expense profiles (e.g. "Personal", "Business").
- Categories and rules: Custom expense categories and automation rules you create within the app.
- WhatsApp number (optional): If you enable WhatsApp receipt ingestion, we store and verify your WhatsApp phone number.
- Subscription information: Your subscription tier (Free or Pro) and status, managed via RevenueCat. We do not store payment card details directly.
- Waitlist email: If you submit your email on our pre-launch waitlist, we store it solely to notify you at launch.
- Basic server logs: API request timestamps and error messages for debugging. We do not use third-party behavioral analytics SDKs.
How we use your information
- Service delivery: Processing receipts, storing extracted data, generating analytics, and enabling all app features.
- Authentication: Verifying your identity when you log in.
- Transactional emails: Account verification, password resets, and (for waitlist members) a launch notification. We do not send marketing emails without your explicit consent.
- AI extraction: Transmitting receipt images to third-party AI services to extract structured data (see Section 4).
- Service improvement: Reviewing anonymised error logs to fix bugs and improve reliability.
We do not sell your personal data. We do not use your receipt content for advertising purposes.
Third-party services
Expense Pal relies on the following third-party providers. By using the app, you acknowledge that your data may be processed by these services under their own privacy policies:
-
Google Gemini (Google LLC) — Our primary AI vision model. Receipt images are sent to Google's API for data extraction. Google processes this data under its Gemini API Terms. Google states that API data is not used to train models unless you explicitly opt in.
-
Anthropic Claude (Anthropic, PBC) — A fallback AI model used when Gemini returns a low-confidence result. Receipt images may be sent to Anthropic's API, governed by Anthropic's Privacy Policy.
-
Mailgun (Sinch) — Sends transactional emails (verification, password resets). Your email address is transmitted to Mailgun for delivery. Governed by Mailgun's Privacy Policy.
-
Meta WhatsApp Business API (Meta Platforms, Inc.) — Optional. If you enable WhatsApp ingestion, your phone number and messages are processed by Meta under the WhatsApp Privacy Policy.
-
RevenueCat, Inc. — Manages subscription state and in-app purchase validation. Processes your device identifier and subscription status. See RevenueCat's Privacy Policy.
Regarding AI processing: Receipt images are sent to Google and/or Anthropic APIs solely for data extraction. We select providers whose API terms are compatible with user privacy. If receipts contain sensitive information, we recommend reviewing each provider's API data usage policies.
Data storage and security
Your data is stored on servers operated by Hetzner Online GmbH, located in Falkenstein, Germany (European Union). Hetzner is ISO/IEC 27001 certified.
Security measures we apply:
- All data in transit is encrypted with TLS 1.2 or higher (HTTPS).
- Passwords are hashed using bcrypt and never stored in plain text.
- Authentication uses short-lived JWT tokens.
- Receipt images are stored in private directories, inaccessible without authentication.
- The database runs on an internal Docker network with no direct public access.
No method of electronic storage is 100% secure. While we apply industry-standard protections, we cannot guarantee absolute security.
Data retention
- Account and receipt data: Retained while your account is active.
- Deleted receipts: Permanently removed from our servers within 7 days of deletion.
- Deleted accounts: All personal data — receipts, images, categories, profiles — permanently deleted within 30 days of account deletion.
- Waitlist emails: Deleted within 90 days after we send the launch notification.
- Server logs: Retained for up to 30 days for debugging, then deleted.
Your rights
- Access: Request a copy of the personal data we hold about you.
- Correction: Correct inaccurate data directly in the app or by contacting us.
- Deletion: Delete individual receipts in-app, or request full account deletion by email.
- Data portability: Export your receipts as CSV or PDF via the app's export feature.
- Objection / Restriction: Object to or request restriction of certain processing activities.
To exercise any of these rights, email [email protected]. We respond within 30 days.
GDPR — European users
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) grants you additional rights.
Legal bases for processing:
- Contract performance: Processing necessary to provide the service you signed up for (account creation, receipt processing, analytics).
- Legitimate interests: Security logging and service reliability.
- Consent: Waitlist emails. You may withdraw consent at any time by contacting us.
International transfers: Some providers (Google, Anthropic, RevenueCat) are US-based. Data transfers to these providers are covered by Standard Contractual Clauses (SCCs) or equivalent mechanisms under GDPR Article 46.
You have the right to lodge a complaint with your national data protection authority.
CCPA — California users
If you are a California resident, the California Consumer Privacy Act (CCPA) provides the following rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: Request deletion of your personal information, subject to certain legal exceptions.
- Right to opt out of sale: We do not sell your personal information to third parties.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise these rights, contact us at [email protected].
Children's privacy
Expense Pal is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of Expense Pal after changes are posted constitutes acceptance of the revised policy.
Contact us
For privacy questions, data requests, or concerns:
We aim to respond to all privacy inquiries within 30 days.