Privacy Policy

Last updated: February 22, 2026

1. Introduction

ReceiptLyzer ("we," "our," or "us") operates the receiptlyzer.com website and the ReceiptLyzer platform (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service. By using ReceiptLyzer, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your name and email from Google. We do not store your Google password.

2.2 Receipt and Financial Data

When you upload receipts, invoices, or bank statements, we process and store the uploaded files and the data extracted from them. This includes vendor names, transaction amounts, dates, categories, payment methods (last 4 digits only), line items, and other financial details. Files are stored in encrypted cloud storage (AWS S3) and are only accessible to you and our automated processing systems.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, IP address, and timestamps. This data is used to improve the Service and troubleshoot issues.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number. We receive and store your Stripe customer ID and subscription status to manage your plan.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process and extract data from your uploaded receipts using AI (Anthropic Claude)
  • To authenticate your identity and manage your account
  • To process payments and manage your subscription
  • To send transactional emails (receipts, password resets, account notifications)
  • To generate anonymized, aggregated insights and benchmarks (Insights feature)
  • To improve the accuracy and performance of our AI extraction
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

4. AI Processing

We use Anthropic's Claude AI to extract data from your uploaded documents. Your receipt images and PDFs are sent to Anthropic's API for processing. Anthropic's data retention and privacy policies apply to this processing. We do not use your receipt data to train AI models. Anthropic does not use API inputs to train their models. For details, see Anthropic's Privacy Policy.

5. Data Storage and Security

  • Encryption at rest: All files are stored in AWS S3 with AES-256 server-side encryption.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
  • Database: User and financial data is stored in AWS RDS PostgreSQL with encryption at rest enabled.
  • Authentication: User authentication is managed by AWS Cognito with JWT tokens. Passwords are hashed and never stored in our database.
  • API keys: API keys are stored as SHA-256 hashes. Plaintext keys are never retained after creation.
  • Access controls: Data access is scoped per user. You can only access your own data.

6. Data Sharing

We do not sell your personal information. We share data only in the following limited circumstances:

  • Service providers: AWS (hosting, storage, authentication), Anthropic (AI processing), Stripe (payments), Amazon SES (email). These providers process data on our behalf under contractual obligations.
  • Anonymized insights: The Insights feature displays aggregated, anonymized benchmarks across all users. Individual data is never identifiable. We apply k-anonymity (minimum 5 records per group) and strip all PII before aggregation.
  • Legal requirements: We may disclose information if required by law, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

7. Data Retention

We retain your account data and uploaded receipts for as long as your account is active. When you delete a receipt, the file is removed from storage and the database record is permanently deleted. When you delete your account, all associated data is permanently deleted within 30 days. Anonymized aggregate data used for insights may be retained indefinitely.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated data.
  • Export: Export your data in CSV, XLSX, or JSON format at any time from the dashboard.
  • Objection: Object to certain processing activities.

To exercise any of these rights, contact us at receiptlyzer.com/contact.

9. Cookies

We use essential cookies and local storage for authentication (Cognito session tokens). We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies for authentication.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at receiptlyzer.com/contact.