Privacy Policy
Last updated: July 3, 2026
Bank connections are optional, you turn them on, and they’re read-only — we can never move your money.
We never sell your personal data.
Export or delete everything, anytime.
ReceiptRaven (“ReceiptRaven,” “we,” “us”) is a receipt-capture and routing service: you capture a receipt by photo, forwarded email, or point-of-sale QR code, and we extract its details, categorize the expense, and deliver it to the destinations you configure. This policy explains what data we collect, how we use it, who processes it on our behalf, how long we keep it, and the choices you have.
ReceiptRaven is operated in and offered to users in the United States. If you have any questions, contact us at [email protected].
1. Information we collect
Account information
- Your name (if provided), email address, and authentication credentials.
- Your plan, billing status, and payment method details — payment card numbers are collected and stored by our payment processor (Stripe), not by us.
Receipt data (the product)
- Receipt images and documents you photograph or upload, and receipt emails (including attachments) you forward to your private ReceiptRaven capture address.
- Extracted fields: merchant, amount, date, payment card reference (such as the last four digits — never a full card number), line items, tax, and category. Extraction never invents values; unreadable fields are flagged as gaps.
- Bank-feed transactions, if you connect a bank or card feed so receipts can be matched to transactions. We receive transaction records (merchant, amount, date, card reference) for matching — we never receive your online banking credentials and we cannot move money.
- Structured QR data when you capture a receipt via a point-of-sale QR code.
Connected-service data
- When you connect a destination (for example QuickBooks or Mercury), we store the OAuth tokens or API credentials needed to deliver receipts there, encrypted at rest (see Security below).
- For QuickBooks specifically: we read your chart of accounts (to let you map receipts to accounts) and we create purchase records and attach receipt images in your QuickBooks company, at your direction. We do not access payroll or payments data, and we request only the minimum accounting scope.
Usage and technical data
- Log data (IP address, browser/device type, timestamps, pages and actions) used for security, debugging, and abuse prevention.
- Cookies: we use cookies only to keep you signed in and to secure your session. We do not use advertising or cross-site tracking cookies.
2. How we use your information
- To provide the service: extracting receipt fields, categorizing expenses, matching receipts to transactions, and routing receipts to the destinations you configure.
- AI processing: receipt images and text are processed by our AI provider (Anthropic) to extract and categorize fields. This processing is performed solely to provide the service; under the API terms we rely on, data submitted through the API is not used to train the provider’s models.
- Billing and account management via Stripe.
- Service communications: transactional email (receipts of capture, routing failures, account notices) — not marketing spam.
- Security, fraud, and abuse prevention, including enforcement of fair-use limits.
We do not use your receipt data for advertising, and we do not sell personal data.
3. Service providers (subprocessors)
We use a small set of infrastructure providers to run ReceiptRaven. Each processes data only to provide its service to us:
| Provider | What it does | Data involved |
|---|---|---|
| Supabase | Database, authentication, and file storage | Account data, receipt images, extracted fields |
| Vercel | Application hosting and content delivery | Request/log data passing through the app |
| Anthropic | AI extraction and categorization | Receipt images and text during processing |
| Stripe | Payments and subscription billing | Payment details, billing contact info |
| Postmark | Inbound email capture (forwarded receipts) | Forwarded receipt emails and attachments |
| Resend | Outbound transactional email | Your email address, notification content |
In addition, when you configure a destination connector (an email inbox, QuickBooks, Mercury, or your own REST endpoint), we transmit receipt data to that destination at your direction. Once delivered, that data is governed by the destination’s own terms and privacy policy.
4. Sharing
- We do not sell your personal data. We do not share it with third parties for their own advertising or marketing.
- We share data with the service providers listed above, with destinations you configure, and with members of a shared workspace (Duo/Family plans) or organization you belong to, according to that workspace’s roles and settings.
- An optional, opt-inanonymized data program may make aggregated, de-identified receipt insights available to partners. It is off by default, requires your explicit consent, and can be revoked at any time in settings. Non-consenting users’ data is never included.
- We may disclose data if required by law, to enforce our terms, or to protect the rights, safety, and security of ReceiptRaven and its users.
5. Retention
- Receipts are tax records. On paid plans, receipts and their extracted data are retained for 7 years, consistent with common US tax record-keeping guidance, unless you delete them sooner.
- On the Free plan, receipt storage is limited to 1 year.
- When you delete a receipt, or delete your account, the associated images and extracted data are removed from production systems within 30 days, except where we are legally required to retain specific records (for example, billing records).
- Encrypted backups age out on a rolling schedule after deletion.
6. Your rights and choices
- Access and export: you can view your receipts in the app and request an export of your data.
- Correction: extracted fields can be edited in the app at any time.
- Deletion: you can delete individual receipts, disconnect destinations, or delete your entire account. Contact [email protected]for deletion requests you can’t complete in the app.
- Data-sharing opt-out: the anonymized data program is opt-in only, and consent can be revoked at any time.
- Depending on your state of residence (for example, under the California Consumer Privacy Act), you may have additional rights to know, delete, and correct personal information, and to be free from discrimination for exercising those rights. We honor such requests regardless of state.
7. Security
- All data is encrypted in transit (TLS) and at rest.
- Connected-service credentials (such as QuickBooks OAuth tokens) are additionally encrypted at the application layer with AES-256-GCM and are accessible only to server-side code — never to browsers or other users.
- Tenant isolation is enforced at the database layer with row-level security, so one account’s data is not visible to another.
- When you disconnect a connected service, we revoke its tokens with the provider and delete the stored credentials.
8. Children
ReceiptRaven is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.
9. Changes to this policy
We may update this policy as the product evolves. We will post the updated version here with a new “last updated” date, and for material changes we will notify you by email or in the app before they take effect.
10. Contact
Questions, requests, or concerns: [email protected].
Draft — pending founder/legal review.