Your personal data is secure with us. We never sell, rent, or share your information with advertisers or data brokers — ever. Your receipt data belongs to you.
Contents
When you register, we collect your name, email address, and a hashed password (plaintext passwords are never stored). We also record account creation date and your preferences.
When you scan or upload a receipt, we collect and store:
Important: Do not upload receipts that display a full payment card number. If one is visible, redact it before uploading. We only retain the last four digits where they appear on a receipt.
We automatically collect IP address (for security only, not stored long-term), device type, browser version, session tokens, error logs, and aggregated/anonymised feature usage data.
We use your data solely to provide and improve Receift:
We do not use your data for advertising, profiling for marketing, or any purpose beyond delivering the service described above.
All OCR processing runs on our own servers in the EU. Your receipt images are never sent to third-party AI providers, advertising networks, or any external service for processing.
We use PaddleOCR running on infrastructure we control. No receipt image or its contents leaves our systems except as described in Section 4 below.
We implement the following measures to protect your data:
| Measure | Detail |
|---|---|
| Encryption in transit | TLS 1.2+ for all communications |
| Encryption at rest | All receipt images and database contents |
| Password storage | Hashed and salted — never plaintext |
| Access control | Row-level security; users can only access their own data |
| Rate limiting | Brute-force protection on all authentication endpoints |
| Session security | Automatic expiry and token rotation |
No internet service can guarantee 100% security. You accept this inherent risk when using any online service.
We retain your data for as long as your account is active. Upon account deletion:
Some data may be retained longer where required by law or to resolve disputes.
Regardless of your location, you have the following rights:
| Right | How to exercise |
|---|---|
| Access your data | View in the app, or email codingkansvce@gmail.com |
| Correct your data | Edit receipts directly in the app |
| Delete your data | Delete receipts in the app, or email us for full account deletion |
| Export your data | Email codingkansvce@gmail.com — we respond within 30 days |
| Withdraw consent | Close your account or email us |
| Object to processing | Email codingkansvce@gmail.com |
Receift is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact codingkansvce@gmail.com and we will delete it promptly.
The Service is operated from New Zealand. If you access it from outside New Zealand, your data may be processed in New Zealand or in the jurisdictions where our infrastructure providers operate. By using the Service you consent to these transfers. We take appropriate safeguards to ensure adequate protection in all jurisdictions.
We will notify you of material changes by email at least 14 days before they take effect. Continued use of the Service after that date constitutes acceptance. If you disagree, you may delete your account before the changes apply.
Questions or concerns? Email codingkansvce@gmail.com — we respond within 30 days.
If you are unsatisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner of New Zealand (privacy.org.nz) or with the data protection authority in your country of residence.