ReceiptExtractor

Privacy Policy

Last updated: November 9, 2025

1. Information We Collect

Account Information

When you create an account, we collect: email address, name, and password (encrypted). We use NextAuth for authentication with industry-standard security practices.

Document Data

You upload pricing agreements and invoices for processing. We extract data using AI (Claude by Anthropic) and store: vendor names, item descriptions, prices, and invoice metadata. Original documents may be stored temporarily.

Usage Data

We automatically collect: invoice processing counts, feature usage, login timestamps, and browser information for analytics and service improvement.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We receive from Stripe: customer ID, subscription status, and billing history.

2. How We Use Your Information

  • Provide the Service: Process your documents and detect invoice discrepancies
  • Improve AI Accuracy: Anonymized data may be used to improve our AI models
  • Send Notifications: Email alerts for discrepancies and account updates
  • Billing: Process payments and manage subscriptions
  • Support: Respond to customer service requests
  • Analytics: Understand usage patterns and improve the product

3. Data Sharing and Third Parties

AI Processing

Your documents are processed by Anthropic's Claude AI. Data sent to Anthropic is covered by their privacy policy and is not used to train their models (per our enterprise agreement).

Service Providers

We use these third-party services:

  • Railway: Database and API hosting
  • Vercel: Web hosting
  • Stripe: Payment processing
  • Resend: Email delivery
  • Anthropic: AI document processing

We Never

  • Sell your data to third parties
  • Share your pricing agreements or invoices publicly
  • Use your data for advertising
  • Train AI models on your confidential business data

4. Data Security

We implement industry-standard security measures including: HTTPS encryption for all data in transit, password hashing with bcrypt, JWT-based authentication, SQL injection prevention, multi-tenant data isolation, and regular security audits.

5. Data Retention

We retain your data as long as your account is active. After account deletion, we retain data for 30 days for recovery purposes, then permanently delete it. Some data may be retained longer for legal compliance.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (account deletion)
  • Export your data
  • Opt-out of marketing emails
  • Restrict data processing

7. GDPR Compliance

If you are in the European Union, you have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

8. CCPA Compliance

California residents have the right to know what personal information we collect, request deletion of data, and opt-out of the sale of personal information (which we don't do).

9. Cookies

We use essential cookies for authentication (NextAuth session cookies). We do not use tracking or advertising cookies.

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email and update the "Last updated" date at the top of this policy.

12. Contact Us

Questions about this Privacy Policy? Contact our privacy team at privacy@receiptextractor.com