ReceiptFox - Privacy Policy
Effective Date: March 23, 2026
Version: 1.0
1. Introduction
This Privacy Policy describes how ReceiptFox ("Service"), operated by Mixed Beans Studio Inc. ("we," "us," or "our"), collects, uses, and shares your information.
ReceiptFox is operated by Mixed Beans Studio Inc., a corporation organized under the laws of British Columbia, Canada, with its registered address at 329 Howe St, Unit #830, Vancouver, BC V6C 3N2, Canada. For purposes of data protection law, Mixed Beans Studio Inc. is the "data controller" of your personal data when you use the Service.
We are committed to protecting your privacy and handling your data transparently, particularly given the sensitive financial nature of the information you entrust to us. Please read this policy carefully to understand our practices.
2. Information We Collect
2.1 Information You Provide
Account Information:
- Email address
- Password (securely hashed using industry-standard algorithms; we never store your password in plain text and cannot view or retrieve it)
- Name
- Google account information (if you choose to sign in with Google)
Payment Information:
- Payment method details (processed and stored by Stripe; we store only card type, last four digits, and expiration date for display purposes)
- Billing address
- Transaction history
Receipt and Financial Data:
- Receipt images (photos, scans, PDFs) that you upload or email to the Service
- Extracted receipt data: vendor names, amounts, dates, currency, tax amounts, line items
- Account codes, categories, and classifications assigned to receipts
- Vector embeddings generated from receipt data for similarity matching
Xero Connection:
- Xero OAuth 2.0 access tokens and refresh tokens (encrypted at rest)
- Xero organization name and tenant ID
- Chart of accounts, tax rates, and contact data synced from Xero
Two-Factor Authentication (if enabled):
- Authentication secrets (encrypted)
- Recovery codes (encrypted)
2.2 Information Collected Automatically
Service Usage Data:
- Number of receipts processed
- Receipt processing status and confidence scores
- Xero sync status and history
- Feature usage patterns
Email Ingestion Data:
- Sender email address when receipts are emailed to your unique ReceiptFox email address
- Email metadata (subject, timestamp)
- Attached receipt files
Technical Data:
- IP address
- Browser type and version
- Device information
- Operating system
- Server logs (access times, request data)
Cookies:
- Session cookies only (required for login and authentication)
- We do not use analytics or tracking cookies (see Section 11)
2.3 Information from Third Parties
Xero:
- Chart of accounts and account codes
- Tax rates and tax types
- Contact and supplier information
- Organization details
Google (if using Google Sign-In):
- Name and email address from your Google account
- Google account identifier
Payment Processor (Stripe):
- Payment confirmation
- Subscription status
3. How We Use Your Information
3.1 Provide the Service
- Create and manage your account
- Process receipt images using OCR (optical character recognition)
- Classify receipts into accounting categories using AI
- Sync processed receipt data to your Xero organization
- Process payments and manage subscriptions
- Receive and process receipts sent via email
3.2 Communicate With You
- Send service notifications (processing results, sync status, usage alerts)
- Respond to support requests
- Send important updates about the Service
3.3 Improve the Service
- Analyze usage patterns to improve features
- Debug issues and ensure reliability
- Improve OCR accuracy and classification models
- Develop new features
3.4 Protect the Service
- Detect and prevent fraud
- Enforce our Terms of Service
- Comply with legal obligations
3.5 Legal Bases for Processing (GDPR)
For users in the European Economic Area, we process data based on the following legal bases:
| Purpose |
Legal Basis |
| Providing the Service (OCR, classification, sync) |
Contract performance |
| Processing payments |
Contract performance |
| Sending service notifications |
Legitimate interests |
| Marketing communications |
Consent |
| Security and fraud prevention |
Legitimate interests |
| Legal compliance |
Legal obligation |
4. Receipt and Financial Data Handling
4.1 Our Commitment
Your receipt images and financial data are among the most sensitive information you share with us. We treat this data with the highest level of care.
We do not:
- Sell, share, or monetize your receipt data or financial information
- Use your receipt data for advertising or profiling
- Train our own AI or machine learning models on your receipt data
- Allow human review of your receipt images except when you request support assistance
4.2 Receipt Processing Flow
- You upload a receipt image (via web, mobile, or email)
- The image is stored securely on Cloudflare R2 (encrypted at rest)
- The image is sent to a third-party AI provider for OCR text extraction
- Extracted data is sent to a third-party AI provider for classification into accounting categories
- Classified data is matched against your Xero chart of accounts
- Processed receipt data is synced to Xero as a bill or spend money transaction
4.3 Data Isolation
ReceiptFox uses a schema-per-tenant architecture in our database. This means each organization's data (receipts, vendors, settings) is stored in a completely separate database schema, ensuring strict isolation between customers. Your data is never co-mingled with other organizations' data.
4.4 Receipt Image Storage
- Receipt images are stored on Cloudflare R2 with server-side encryption at rest
- Images are accessible only through authenticated, time-limited signed URLs
- Thumbnail images are generated for display purposes and stored alongside the originals
- Images are retained for the duration of your account (see Section 6 for retention details)
5. AI and Machine Learning
5.1 How We Use AI
ReceiptFox uses artificial intelligence to provide its core service. The following AI processing occurs on your data:
- OCR (text extraction): Receipt images are sent to a third-party AI provider to extract text, amounts, dates, and vendor information.
- Classification: Extracted receipt data (text, vendor name, amount) and your chart of accounts are sent to a third-party AI provider to suggest an accounting category.
- Similarity matching: Vendor names and receipt descriptions are used to generate vector embeddings via a third-party AI provider, enabling duplicate detection and vendor matching.
5.2 AI Provider Data Handling
When your data is sent to AI providers for processing:
- Data is transmitted securely over encrypted connections (TLS)
- We do not send customer-identifying information (such as your name, email, or account details) to AI providers — only the receipt content itself and your chart of accounts are shared for processing
- AI providers process the data solely to generate the requested output (extracted text, classifications, embeddings)
- We use API configurations that do not allow AI providers to use your data for training their models
- AI providers do not retain your data beyond the time needed to process each request, in accordance with their data processing terms
5.3 AI Limitations
AI-generated results (extracted text, suggested categories, matched accounts) are automated suggestions. They may contain errors. You are responsible for reviewing and confirming the accuracy of AI-processed data before it is synced to Xero. ReceiptFox is not a substitute for professional accounting judgment.
6. Data Retention
| Data Type |
Retention Period |
| Account information |
Duration of account, plus a reasonable period after deletion |
| Payment records |
As required by law for tax and accounting purposes |
| Receipt images |
Duration of account; available for export for 30 days after account cancellation |
| Receipt metadata and extracted data |
Duration of account; deleted after account cancellation |
| Xero OAuth tokens |
Duration of Xero connection; deleted immediately upon disconnection |
| Email ingestion logs |
Up to 30 days for deduplication and troubleshooting |
| Error and application logs |
Up to 30 days |
| Support communications |
As needed to provide ongoing support |
We retain data only as long as necessary to provide our services and fulfill the purposes described in this policy, unless a longer retention period is required by law.
7. How We Share Your Information
7.1 Service Providers
We share data with third parties who help us operate the Service:
| Provider |
Purpose |
Data Shared |
| Xero |
Accounting sync |
Receipt data, vendor names, amounts, categories, receipt images |
| Third-party AI providers |
OCR, classification, and similarity matching |
Receipt images, extracted text, vendor names, account codes (no customer-identifying information) |
| Cloudflare R2 |
File storage |
Receipt images (encrypted at rest) |
| Stripe |
Payment processing |
Payment details, billing info |
| Google |
OAuth sign-in (optional) |
Email address, name |
| Postmark |
Email ingestion and transactional email |
Email addresses, receipt attachments, email metadata |
| Fathom Analytics |
Privacy-respecting page analytics |
Anonymous page views (no personal data, no cookies) |
| Flare |
Error tracking |
Application errors, stack traces, request metadata |
| Oh Dear |
Uptime monitoring |
Service availability data (no personal data) |
| Hosting providers |
Infrastructure |
Data as needed to operate the Service |
These providers process personal data either on our behalf as service providers (processors) or as independent controllers for their own services. Your use of connected services such as Xero, Stripe, and Google is also governed by their own terms and privacy policies.
7.2 Legal Requirements
We may disclose information if required by:
- Law, regulation, or legal process
- Lawful government request
- To protect our rights, property, or safety
- To investigate potential violations of our Terms
7.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
7.4 With Your Consent
We may share information with other parties when you give us explicit consent.
7.5 What We Don't Do
We do NOT:
- Sell your personal information or financial data
- Share data with advertisers
- Use your data for targeted advertising
- Share your receipt images or financial data with anyone except the service providers listed above for the purposes described
8. International Data Transfers
8.1 Where Data is Processed
Your data may be processed in:
- United States
- Canada
- Other locations where our service providers operate (including AI model providers and cloud infrastructure)
8.2 Transfer Safeguards
When your data is transferred to or processed in a country other than your own, we take steps to ensure it remains protected. Our service providers maintain appropriate data protection measures and contractual commitments to safeguard your information.
9. Your Rights and Choices
9.1 All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your data
- Export: Export your receipt data in a portable format (CSV)
- Opt-out: Unsubscribe from marketing emails
- Disconnect: Revoke the Xero connection at any time from your account settings
9.2 European Users (GDPR)
If you are in the European Economic Area, you also have:
- Right to Object: Object to processing based on legitimate interests
- Right to Restrict: Request restriction of processing
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge Complaint: File a complaint with your supervisory authority. A list of EU data protection authorities is available at ec.europa.eu
9.3 California Users (CCPA)
If you are a California resident, you have certain rights under California privacy laws (including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)), such as:
- Right to Know: What personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of exercising rights
- Authorized Agent: You may designate an authorized agent to make requests on your behalf
9.4 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: [email protected]
- Account Settings: Some options are available directly in your dashboard (data export, Xero disconnection, account deletion)
We will respond as quickly as possible, and in any event within the timeframe required by applicable law.
10. Data Security
10.1 Technical Measures
We protect your data with:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for receipt images (Cloudflare R2) and sensitive credentials (Xero tokens)
- Secure password hashing (bcrypt)
- Schema-per-tenant database isolation
- Regular security audits
- Access controls and authentication
- Rate limiting on API endpoints and authentication attempts
10.2 Organizational Measures
- Limited employee access to personal data
- Security training for staff
- Incident response procedures
- Regular backup and recovery testing
10.3 Your Responsibilities
You are responsible for:
- Keeping your password secure
- Not sharing your account credentials
- Protecting your unique ReceiptFox email ingestion address
- Reporting suspicious activity immediately
10.4 Breach Notification
If we experience a data breach affecting your personal information, we will:
- Notify you within 72 hours (or as required by law)
- Describe what happened and what data was affected
- Explain steps we're taking to address the breach
- Provide guidance on protecting yourself
11. Cookies and Tracking
11.1 Essential Cookies
We use only essential cookies required for the Service to function:
- Session management
- Authentication
- Security tokens (CSRF protection)
11.2 Analytics
We use Fathom Analytics, a privacy-focused analytics service that does not use cookies or track you across sites. Fathom collects anonymous usage data to help us understand how the Service is used, without collecting any personally identifiable information.
No cookie consent banner is required for our analytics because no cookies are used.
12. Children's Privacy
ReceiptFox is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn we have collected such information, we will delete it promptly.
If you are a parent or guardian and believe your child has provided personal information to us, please contact us so we can investigate and delete the information if appropriate.
13. Third-Party Links
Our Service may contain links to third-party websites or services, including Xero, Stripe, and Google. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
14. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email to your registered address
- Notice on our website
- In-app notification
The "Effective Date" at the top indicates when the policy was last revised.
15. Contact Us
For questions or concerns about this Privacy Policy or our data practices:
Email: [email protected]
Website: https://receiptfox.app
Address: Mixed Beans Studio Inc., 329 Howe St, Unit #830, Vancouver, BC V6C 3N2, Canada
By using ReceiptFox, you acknowledge that you have read and understood this Privacy Policy.
