ReceiptCraft Logo
ReceiptCraft

Privacy Policy

Last Updated: December 10, 2025Back to Home

Effective Date: 2025-12-10


1. Introduction


Welcome to ReceiptCraft.com - the receipt generator app ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our receipt generation service (the "Service").


By using our Service, you agree to the collection and use of information in accordance with this policy.


2. Information We Collect

2.1 Personal Information


When you create an account or use our Service, we may collect:


  • Email address - For account creation, authentication, and communication
  • Name - If you choose to provide it during registration
  • Payment information - Processed securely by Stripe (we do not store credit card details)
  • Subscription status - To manage your account tier and features

    • 2.2 Usage Data


    We automatically collect certain information when you use our Service:


  • Generated receipts - Receipt images you create are temporarily stored for preview and download
  • Download history - We track which receipts you've downloaded to prevent accidental deletion
  • Device information - Browser type, operating system, device identifiers
  • IP address - For security and fraud prevention
  • Log data - Server logs including access times, pages viewed, and errors

    • 2.3 Cookies and Tracking Technologies


    We use:


  • Authentication cookies - Managed by Clerk to keep you logged in (essential)
  • Session cookies - To maintain your session state (essential)
  • Preference cookies - To remember your settings (optional)

    • You can control cookies through your browser settings, but disabling essential cookies may limit functionality.


    3. How We Use Your Information


    We use your information to:


  • Provide the Service - Generate, store, and deliver receipt images
  • Process payments - Via Stripe for paid subscriptions
  • Manage your account - Authentication, subscription status, feature access
  • Communicate with you - Account updates, support, service announcements
  • Improve our Service - Analytics, bug fixes, feature development
  • Prevent fraud - Security monitoring and abuse prevention
  • Comply with legal obligations - Tax, financial reporting, law enforcement requests

    • Legal Basis (GDPR)


    We process your data based on:

  • Contract - To provide the Service you signed up for
  • Legitimate interests - Service improvement, fraud prevention
  • Consent - Optional features and marketing (where required)
  • Legal obligation - Compliance with laws and regulations

    • 4. Data Sharing and Third Parties


    We share your information with:


    4.1 Service Providers


  • Clerk (clerk.com) - Authentication and user management

    • - Privacy Policy: https://clerk.com/privacy

  • Stripe (stripe.com) - Payment processing

    • - Privacy Policy: https://stripe.com/privacy

  • Cloudinary (cloudinary.com) - Image storage and delivery

    • - Privacy Policy: https://cloudinary.com/privacy

  • Supabase (supabase.com) - Database hosting

    • - Privacy Policy: https://supabase.com/privacy


    4.2 Legal Requirements


    We may disclose your information if required by law or in response to:

  • Court orders or legal processes
  • Government/law enforcement requests
  • Protection of our rights, safety, or property
  • Investigation of fraud or security issues

    • 4.3 Business Transfers


    If we are acquired, merge, or sell assets, your information may be transferred to the new owner.


    5. Data Storage and Security


    5.1 Where We Store Your Data


  • User accounts - Stored in Clerk's secure infrastructure (US-based)
  • Subscription data - Stored in Supabase PostgreSQL (AWS US-East-1)
  • Receipt images - Stored in Cloudinary CDN (globally distributed)
  • Payment data - Stored by Stripe (PCI-DSS compliant)

    • 5.2 Security Measures


    We implement industry-standard security practices:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (database and file storage)
  • Secure authentication (JWT tokens, password hashing)
  • Regular security audits and updates
  • Access controls and monitoring

    • However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.


    6. Data Retention


    We retain your information for as long as necessary:


  • Account data - Until you delete your account, plus 30 days for backups
  • Downloaded receipts - Permanently (protected from automatic deletion)
  • Preview receipts - Deleted within 6 hours if not downloaded (orphaned image cleanup)
  • Payment records - Retained for 7 years for tax/legal compliance
  • Logs - Retained for 90 days for security and debugging

    • 7. Your Rights


    Depending on your location, you may have the right to:


    7.1 GDPR Rights (EU/UK Users)


  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate or incomplete data
  • Erasure - Delete your data ("right to be forgotten")
  • Restriction - Limit how we process your data
  • Portability - Receive your data in a portable format
  • Object - Opt out of certain processing activities
  • Withdraw consent - For consent-based processing

    • 7.2 CCPA Rights (California Users)


  • Know - What personal information we collect and how we use it
  • Delete - Request deletion of your personal information
  • Opt-out - Of the "sale" of personal information (we do not sell your data)
  • Non-discrimination - Equal service regardless of privacy choices

    • 7.3 How to Exercise Your Rights


    To exercise any of these rights, contact us at support@receiptcraft.com. We will respond within:

  • 30 days (GDPR)
  • 45 days (CCPA)

    • 8. Account Deletion


    You can delete your account at any time:


    1. Log in to your account

    2. Go to Settings → Account

    3. Click "Delete Account"


    Upon deletion:

  • Your account and personal data will be permanently deleted within 30 days
  • Downloaded receipts will be retained (you can manually delete them first)
  • Payment records will be retained for legal compliance (7 years)
  • Some data may remain in backups for up to 30 days

    • 9. Children's Privacy


    Our Service is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children.


    If you believe we have collected information from a child, please contact us immediately, and we will delete it.


    10. International Data Transfers


    Your information may be transferred to and processed in countries outside your own, including:

  • United States - Primary data storage (Clerk, Supabase, Cloudinary)
  • EU - Cloudinary CDN nodes
  • Other regions - For CDN delivery and service optimization

    • We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Privacy Shield frameworks (where applicable)
  • Service provider compliance with GDPR/privacy laws

    • 11. Do Not Track


    Our Service does not respond to "Do Not Track" browser signals. You can control cookies through your browser settings.


    12. Changes to This Policy


    We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.


    For material changes, we will:

  • Notify you via email (if you have an account)
  • Display a prominent notice on our website
  • Require re-acceptance for continued use (if legally required)

    • Continued use of the Service after changes constitutes acceptance of the updated policy.


    13. Contact Us


    If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:


    Email: support@receiptcraft.com


    Response time: We aim to respond within 48 hours for general inquiries, and within legal timeframes for data rights requests.


    14. Supervisory Authority (GDPR)


    If you are located in the EU/UK and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority:


  • EU: https://edpb.europa.eu/about-edpb/board/members_en
  • UK: Information Commissioner's Office (ICO) - https://ico.org.uk/

    • 15. Additional Information


    15.1 Marketing Communications


    We will only send marketing emails if you have opted in. You can unsubscribe at any time via:

  • Unsubscribe link in emails
  • Account settings
  • Email us at support@receiptcraft.com

    • 15.2 Data Breach Notification


    In the event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours (GDPR requirement)
  • Describe the nature of the breach
  • Explain potential risks and our response
  • Provide steps you can take to protect yourself

    • 15.3 Automated Decision-Making


    We do not use automated decision-making or profiling that produces legal or similarly significant effects.


    Document Version: 1.0

    Jurisdiction: EU


    Appendix: Data Processing Summary


    | Data Type | Purpose | Legal Basis | Retention | Third Party |

    |-----------|---------|-------------|-----------|-------------|

    | Email | Authentication | Contract | Until account deletion | Clerk |

    | Password | Authentication | Contract | Until account deletion | Clerk (hashed) |

    | Subscription status | Feature access | Contract | Until account deletion + 30 days | Supabase |

    | Payment info | Billing | Contract | 7 years (Stripe holds) | Stripe |

    | Receipt images | Service delivery | Contract | Downloaded: Permanent<br>Preview: 6 hours | Cloudinary |

    | Download history | Image protection | Legitimate interest | Until account deletion | Supabase |

    | IP address | Security, fraud prevention | Legitimate interest | 90 days (logs) | None |

    | Cookies | Authentication, preferences | Contract/Consent | Session/1 year | Clerk |

    Quick Links

    Privacy PolicyTerms of ServiceContact Support