Legal

Privacy Policy

Effective Date: January 1, 2026  ·  Operated by: Kubernyx  ·  Questions? privacy@receiptstream.ai

1. Introduction

ReceiptStream.AI ("Service," "we," "us," or "our") is operated by Kubernyx, a software company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ReceiptStream.AI web application and associated services located at receiptstream.ai and app.receiptstream.ai.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

This policy is effective as of January 1, 2026.

2. Information We Collect

We collect information you provide directly, information generated by your use of the Service, and limited technical data necessary to operate the Service.

Account Information

When you create an account, we collect:

  • Your name
  • Email address
  • Password (stored as a one-way cryptographic hash — never in plaintext)
  • Subscription and billing tier

Receipt Data

When you upload or capture receipts, we collect:

  • Receipt images (JPEG, PNG, PDF)
  • Extracted text from those images (vendor name, transaction date, line items, totals, tax amounts)
  • Any corrections or manual edits you apply to extracted data
  • Expense category assignments

QuickBooks Connection Information

When you connect your QuickBooks Online account, we store:

  • OAuth 2.0 access and refresh tokens (encrypted at rest using AES-256-GCM)
  • Your QuickBooks company identifier (realm ID)
  • The list of accounts, categories, and classes available in your QuickBooks company for mapping purposes
Important

We never store your QuickBooks username, password, or payment information. Authorization is performed entirely through Intuit's secure OAuth 2.0 flow.

Usage Data

We automatically collect limited usage information to improve the Service, including:

  • Pages visited within the application and feature interactions
  • Receipt processing success and failure rates
  • Sync event logs (timestamps, success/failure status)
  • Browser type, operating system, and device type
  • IP address (used for security purposes and truncated after 30 days)

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — process your receipt images, extract expense data using AI OCR, and sync that data to your QuickBooks Online account
  • Generate automated categorization rules — learn from your corrections and preferences to improve auto-categorization accuracy for your account
  • Manage your account — handle authentication, billing, plan limits, and team member access
  • Send transactional communications — sync confirmation emails, error notifications, and billing receipts (these are required for the Service and cannot be opted out of)
  • Improve the Service — analyze aggregate, anonymized usage patterns to identify bugs and improve features
  • Comply with legal obligations — retain records as required by applicable law

We do not sell your personal data. We do not use your data to train any AI models beyond the personalized categorization rules applied to your own account.

4. OCR Processing (Google Cloud Vision)

To extract text from your receipt images, we transmit images to the Google Cloud Vision API, a machine learning service provided by Google LLC. The following governs how this processing works:

  • Transmission: Your receipt image is sent to Google Cloud Vision over an encrypted TLS 1.3 connection for text detection.
  • Retention by Google: Google Cloud Vision API does not retain submitted images after processing. Google's data processing terms apply and are incorporated into our agreement with Google as a data processor.
  • Retention by ReceiptStream.AI: Raw receipt images are stored in your account for the duration of your account lifetime so you can reference the original document. You may delete individual receipts at any time.
  • Parsed data: The structured data extracted from your receipt — vendor name, transaction amount, date, and line items — is stored in your account and used to create QuickBooks expense entries.
Accuracy Notice

AI OCR extraction is highly accurate but not infallible. You are responsible for verifying extracted data before it is synced to QuickBooks. See our Terms of Service for the full accuracy disclaimer.

5. QuickBooks Integration

ReceiptStream.AI integrates with QuickBooks Online through Intuit's official OAuth 2.0 authorization framework. When you connect your QuickBooks account:

  • You are redirected to Intuit's secure authorization page, where you grant ReceiptStream.AI specific, scoped access to your QuickBooks company data (expense creation, account list reading)
  • Intuit returns OAuth 2.0 access and refresh tokens to ReceiptStream.AI, which we store encrypted at rest using AES-256-GCM
  • These tokens are never logged, exposed in API responses, or accessible to any team member in plaintext
  • Tokens are used solely to create expense entries and read account/category information on your behalf

Revoking Access

You can revoke ReceiptStream.AI's access to your QuickBooks account at any time from the QuickBooks Online app permissions page (Settings → Intuit Account → Apps & Connections). Revoking access will immediately prevent future syncs. Your historical receipt data in ReceiptStream.AI will not be affected unless you also delete your account.

6. Data Storage & Security

The Service is hosted on Google Cloud Platform (GCP) infrastructure located in the United States. We implement the following security measures:

  • Encryption at rest: All user data, including receipt images, extracted text, and OAuth tokens, is encrypted at rest using AES-256
  • Encryption in transit: All data transmitted between your browser/device and our servers uses TLS 1.2 or higher
  • Token security: QuickBooks OAuth tokens are stored using AES-256-GCM with envelope encryption; decryption keys are managed through Google Cloud KMS
  • Access controls: Internal access to production data is restricted to authorized personnel on a need-to-know basis, with all access logged
  • Regular backups: Data is backed up daily with point-in-time recovery capability
  • Vulnerability management: We conduct periodic security reviews and promptly apply security patches

No method of electronic storage or transmission over the Internet is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

7. Data Retention

  • Active accounts: All receipt data, account information, and QuickBooks connection data is retained for the lifetime of your active account
  • After account deletion: When you delete your account, all your data is marked for deletion and permanently purged from our systems within 30 days. Backups containing your data are rotated and permanently overwritten within 60 days
  • Billing records: Billing and payment records may be retained for up to 7 years to comply with financial record-keeping obligations
  • Usage logs: Anonymized, aggregate usage logs are retained indefinitely for service improvement. IP addresses in logs are truncated after 30 days

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact privacy@receiptstream.ai.

Right to Access

You have the right to request a copy of the personal data we hold about you. You can export all your receipt data as a CSV file directly from the application at any time through Settings → Export Data.

Right to Deletion ("Right to be Forgotten")

You have the right to request permanent deletion of your account and all associated data. You can initiate account deletion from Settings → Account → Delete Account. After confirmation, your data will be permanently purged within 30 days as described in Section 7.

Right to Data Portability

You have the right to receive your data in a machine-readable format. Use the CSV export feature (Settings → Export Data) to download all your receipts and extracted data in a portable format.

Right to Rectification

You may correct or update your account information at any time through the application settings, and edit extracted receipt data before or after sync.

Right to Restrict Processing (GDPR)

If you are in the European Economic Area, you may request that we restrict processing of your personal data under certain circumstances. Contact privacy@receiptstream.ai to submit a restriction request.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act. We do not sell personal information. To submit a CCPA request, contact privacy@receiptstream.ai. We will respond within 45 days.

9. Third-Party Services

We use the following third-party services to operate ReceiptStream.AI. Each is a data processor acting under our instructions and subject to appropriate data protection agreements:

Google Cloud Platform

Provides compute infrastructure (Cloud Run), database hosting (Firestore), file storage (Cloud Storage), and the Vision API for OCR processing. Data is processed in accordance with Google's Data Processing Addendum.

Intuit QuickBooks Online

The accounting platform we sync your expenses to. When you authorize the integration, Intuit's own privacy policy governs how QuickBooks handles your accounting data. We transmit only expense data you've approved for sync.

Stripe

Handles payment processing for Pro and Enterprise subscriptions. We never see, store, or process your credit card number. All payment information is collected directly by Stripe and governed by Stripe's Privacy Policy. We receive only a customer ID and subscription status from Stripe.

10. Cookies

ReceiptStream.AI uses session cookies only — small files stored in your browser to maintain your authenticated session while you are logged in.

  • We do not use advertising or tracking cookies
  • We do not use third-party analytics cookies (e.g., Google Analytics)
  • Session cookies are deleted when you log out or close your browser
  • You can configure your browser to block cookies, but the application requires session cookies to function

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email (to the address on your account) and update the "Effective Date" at the top of this page at least 30 days before changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with changes, you may delete your account before they take effect.

12. Contact

For privacy-related questions, requests, or concerns, contact us at:

We will respond to all privacy requests within 30 days.