SmartReceiptsBack to Home

Privacy Policy

Last updated: April 12, 2026

1. Overview

SnapLedge (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data. By using SnapLedge, you consent to the practices described in this policy.

2. Data We Collect

We collect the following categories of data:

Account Information

  • Email address (used for authentication and communication)
  • Full name (optional, for display purposes)
  • Avatar URL (if signed in via Google OAuth)
  • Account preferences (currency, timezone, date format, notification settings)

Financial Data (from Receipts)

  • Receipt images you upload
  • AI-extracted data: merchant names, dates, amounts, tax amounts, line items, payment methods, categories
  • This data may constitute financial personally identifiable information (PII)

Usage & Technical Data

  • AI processing metadata: tokens used, processing cost (for internal tracking only)
  • Subscription and billing status
  • Browser/device information as automatically collected by our hosting provider

3. How We Use Your Data

  • Receipt processing: Your receipt images are sent to our AI processor to extract structured data, which is then stored in your account.
  • Expense management: Extracted data is used to generate reports, charts, and exports within your dashboard.
  • Account management: Email is used for authentication, password resets, and service-related communications.
  • Billing: Payment information is handled entirely by Stripe; we store only your Stripe customer ID and subscription status.
  • Service improvement: Aggregate, anonymized usage statistics (e.g., total receipts processed) may be used to improve the Service.

4. Third-Party Processors

We use the following third-party services to operate SnapLedge:

ProviderPurposeData Shared
Anthropic (Claude)AI receipt data extractionReceipt images (processed, not retained by Anthropic per their API data policy)
SupabaseDatabase hosting, authentication, image storageAll account data, receipt data, and images
StripePayment processingEmail, subscription plan; payment card details handled directly by Stripe
GoogleOAuth sign-in (optional)Authentication tokens; name and email from Google profile

We do not sell your data to any third party. Data is shared with the above providers solely to operate the Service.

5. AI Processing & Receipt Images

Receipt images are sent to Anthropic's Claude API for data extraction. Images are processed via Anthropic's API, which — under their commercial API data policy — does not use API inputs/outputs for model training. Images are resized and stripped of EXIF metadata before processing to minimize data exposure. Receipt images are stored in Supabase Storage in a per-user folder with row-level security, accessible only to you and system administrators.

6. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with row-level security (RLS) policies ensuring users can only access their own data.
  • Receipt images are stored in a private Supabase Storage bucket with per-user folder isolation.
  • Connections to Supabase are encrypted via TLS.
  • Passwords are managed by Supabase Auth and are never stored in plaintext.
  • Admin access is restricted to designated email addresses and the is_admin database flag.

7. Admin Access

Designated administrators have read access to all user data for the purposes of customer support, abuse prevention, and service monitoring. Administrators can view user profiles, receipt metadata, and usage statistics. Admin access is protected by both email allowlisting and a database flag, and all admin API endpoints require authentication.

8. Data Retention

  • Your data is retained for as long as your account is active.
  • Individual receipts can be deleted at any time, removing the image and all associated extracted data.
  • Account deletion (available in Settings) permanently removes all your data: profile, receipts, images, usage logs, and authentication credentials.
  • Deleted data is not recoverable.
  • Stripe may retain payment records independently per their own data retention policies.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: View all your data through the dashboard.
  • Portability: Export your receipts and reports as CSV files (Basic plan and above). Free tier users can view all their data in the dashboard.
  • Correction: Edit your profile information through the Settings page.
  • Deletion: Delete individual receipts or your entire account at any time.
  • Withdraw consent: You can stop using the Service and delete your account at any time.

10. Cookies & Local Storage

SnapLedge uses essential cookies for authentication session management (managed by Supabase Auth). We set a single functional cookie (sr_admin_ui_hint) on admin sessions as a routing hint for the admin UI; it contains no personal data. We do not use advertising or tracking cookies. No third-party analytics or tracking scripts are loaded by the application.

We operate a small first-party server-side analytics pipeline to measure aggregate funnel performance (e.g., how many landing visitors complete signup). Three httpOnly cookies are involved: _sl_anon (an anonymous ID we generate, 365 days, persists across visits), _sl_session (a session ID that resets after 30 minutes of idle), and _sl_utm (the marketing campaign tags from the URL that brought you here, 30 days, first-touch only). Events are written server-side to our own database; we do not load PostHog, Plausible, Fathom, Google Analytics, or any other third-party tracker. We honor the DNT (Do Not Track) and Sec-GPC (Global Privacy Control) headers at both the proxy and tracker layers — if either is set, no cookies are written and no events are recorded.

EU visitors: ePrivacy regulators consider first-party analytics cookies non-strictly-necessary, which strictly read requires explicit consent before they are set. We do not display a consent banner today; DNT/GPC are honored as a partial mitigation. A TCF v2.2-compatible consent banner is planned for a future release once we have measurable EU traffic to design against.

Lifecycle emails. When you sign up, we send up to 5 onboarding emails over your first 14 days (Day 0, 1, 3, 7, 14). You can disable these at any time in Settings → Notifications, or via the one-click unsubscribe link in any of those emails. If you join the launch waitlist, we may also send occasional product-update emails — those carry the same one-click unsubscribe. Email delivery uses Resend (a transactional-email provider); we do not enable open tracking or click tracking, and we do not append UTM tags to links inside the email. Delivery status (delivered / bounced / spam-flagged at the queue layer) is the only signal we collect.

11. International Data Transfers

Your data may be processed in regions where our service providers operate (including the United States). By using the Service, you consent to the transfer of your data to these regions. We ensure all third-party providers maintain appropriate data protection standards.

12. Children's Privacy

SnapLedge is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Contact

For questions, concerns, or data requests related to your privacy, contact us at [email protected].

← Terms of UseBack to Home