Privacy Policy

SnapTrac is built around a single promise: your receipts never leave your phone. This policy explains exactly what that means in practice — and the small set of anonymous app metrics we do collect to keep the app working.

1. What SnapTrac collects from you: nothing.

When you scan or import a receipt, here is what happens:

1. The image is captured by your phone's camera or picked from your device's storage.
2. On-device OCR — Google ML Kit running locally on your phone reads the text from the image. The image and the recognized text are processed entirely on your device. They are never uploaded to us, to Google, or to any third party.
3. Our parser (also on your device) pulls out the merchant, total, tax, and date.
4. The receipt photo is saved to a folder inside SnapTrac's private app sandbox at Documents/receipts/. The structured data is saved to a local SQLite database.
5. Your photos and database stay on your phone.

We do not operate a backend server that stores receipt images, receipt text, totals, merchants, dates, categories, businesses, notes, or any other information about your receipts. There is no place we could send your receipt data to even if we wanted to — that infrastructure does not exist.

Backups are off by design

• iOS: SnapTrac's private documents folder is marked excludeFromBackup. Receipt images and database are not in your iCloud Backup.
• Android: The manifest sets android:allowBackup="false". Google's Auto Backup will not pick up SnapTrac's data.
• Camera roll / Photos: SnapTrac never writes captured receipts to your device's Photos app or camera roll. Your iCloud Photos / Google Photos sync will not see them.

If you uninstall SnapTrac, your operating system deletes the entire app sandbox — including all receipt photos and the database. There is no residue.

2. What we collect to keep the app working

Even though we don't see your receipts, we use three operational services that receive a small amount of anonymous information about how the app is being used. We disclose each below in detail. None of them ever receive your receipt content.

2.1 PostHog (anonymous product analytics)

• What we send: Screen views (e.g., "Home opened", "Scanner opened") and button taps (e.g., "Scan tapped", "Export tapped"). App version, device model, OS version, and a randomly generated anonymous identifier.
• What we never send: Receipt images, OCR text, merchant names, totals, dates, categories, business names, notes, webhook URLs, your name, your email, your IP-address-derived street-level location, or any other personally identifying information.
• Identifier: A random UUID generated on first app open. Not linked to your name, email, phone number, Apple ID, or Google account because we don't have those.
• Purpose: Counting how many people open the Scanner versus the Import flow versus Export, so we know what to improve.
• Provider: PostHog Inc., privacy policy at posthog.com/privacy
• Opt out: Settings → Privacy → "Disable analytics" turns this off.

2.2 Sentry (crash reports)

• What we send: When the app crashes or hits an unhandled error, Sentry receives a crash report containing the stack trace, the file and line number, the app version, the device model, and the OS version.
• What we never send: Receipt images, OCR text, the contents of any receipt field, your webhook URL, your custom categories, your business names, or any of your saved data. We have explicitly configured Sentry to scrub user content from error reports.
• Identifier: The same anonymous UUID, so we can tell whether one user is hitting the same crash repeatedly versus the crash affecting many users.
• Purpose: Fixing bugs.
• Provider: Functional Software, Inc. (Sentry), privacy policy at sentry.io/privacy
• Opt out: Settings → Privacy → "Disable crash reports" turns this off.

2.3 RevenueCat (subscription state)

If you subscribe to SnapTrac Pro, we use RevenueCat to track whether your subscription is active.

• What we send: The anonymous UUID, your subscription status (active / expired / in grace period), the product identifier (e.g., snaptrac_pro_monthly), and the platform receipt token Apple or Google issues when you buy a subscription.
• What we never send: Your name, email, billing address, full payment details, credit card number, or any of your receipt data. Apple and Google handle payment processing; SnapTrac and RevenueCat never see your card.
• Purpose: Knowing whether to unlock Pro features. That is the only reason this exists.
• Provider: RevenueCat, Inc., privacy policy at revenuecat.com/privacy

2.4 Apple and Google

When you install SnapTrac, the App Store and Google Play collect their standard install/usage telemetry per their own policies. We do not control or receive that telemetry. See Apple App Store privacy and Google Play privacy.

3. Cookies and web tracking

SnapTrac is a mobile app. We do not use cookies. We do not use web pixels, advertising trackers, IDFA, or any cross-app/cross-site tracking framework. We do not show ads. We do not request App Tracking Transparency (ATT) permission on iOS because we do not track you across apps or websites.

4. Webhooks (Pro feature, user-controlled)

If you are a Pro subscriber and configure a webhook URL in Settings, SnapTrac will POST receipt JSON to the URL you provided when you tap Export → Webhook. Examples: a Zapier webhook, a Make.com webhook, an n8n endpoint, or your own server.

• The destination is chosen by you, not us. SnapTrac has no default webhook destination.
• Your data leaves your device only because you told it to, by pasting in a URL and tapping Export.
• Once your data reaches the URL you chose, the privacy practices of that service apply, not ours.
• We do not log webhook URLs, request bodies, or response bodies on any server we control.

If you do not configure a webhook URL, SnapTrac will never POST your data anywhere.

5. Children's privacy

SnapTrac is intended for adults (18+) — specifically freelancers, contractors, and sole proprietors tracking business expenses. The app is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly process the personal information of children. If you believe a child has installed and used SnapTrac, please contact us at support@shadowkidsstudios.com and we will work with you to address the situation.

6. Your privacy rights (GDPR, UK GDPR, CCPA, CPA, and similar laws)

These laws give you rights to access, correct, delete, port, and restrict the personal information a business holds about you. SnapTrac's posture changes how those rights apply:

• Right to access / portability: We do not hold a copy of your receipts. The data is on your phone — open the app to access it. Export it any time via Settings → Export.
• Right to correction: Same — your data is on your phone. Use Edit Receipt to correct anything OCR got wrong.
• Right to deletion: See Section 7 below. The deletion mechanism is in your hands.
• Right to opt out of "sale" or "sharing": We do not sell your personal information. We do not share it for cross-context behavioral advertising. Toggling "Disable analytics" / "Disable crash reports" is functionally equivalent to opting out of any such sharing for the limited operational data described in Section 2.
• Right to non-discrimination: Disabling analytics or crash reports does not change the price you pay or the features you receive.

For the anonymous data PostHog, Sentry, and RevenueCat hold:

• PostHog: privacy@posthog.com
• Sentry: dpo@sentry.io
• RevenueCat: privacy@revenuecat.com

You can also email us at support@shadowkidsstudios.com with a privacy request and we will help you submit the corresponding request to those processors. Because the data they hold is tied to a randomly generated UUID, we will need you to provide that UUID (Settings → About → Privacy → "Show my anonymous ID").

7. Deleting your data

You have three independent ways to delete SnapTrac's data:

1. Settings → "Delete All Data" — wipes the local SQLite database and removes the Documents/receipts/ folder containing every saved receipt photo. Runs in under a second. There is no copy on a server because there is no server.
2. Uninstall SnapTrac — your phone's operating system deletes the entire app sandbox.
3. Cancel your subscription in Apple Subscriptions or Google Play Subscriptions. Cancelling does not by itself delete the receipts on your device — use option 1 or 2 if you want the receipts gone too.

A standalone explanation lives at snaptrac-link.pages.dev/delete.

8. Security

The receipts you save in SnapTrac are protected by:

• The standard sandbox isolation that iOS and Android enforce around every app's private storage.
• The exclusion from system backups described in Section 1.
• Your device passcode / Face ID / Touch ID / Android biometrics.

We do not maintain a server holding your receipts, so there is no server-side breach surface. The trade-off, mentioned candidly so you can plan for it: if you lose your phone and have not exported your receipts, those receipts are gone. There is nothing to restore from the cloud, by design. We recommend periodic CSV export for anything tax-relevant.

9. International data transfers

PostHog, Sentry, and RevenueCat each operate infrastructure in multiple regions, including the United States. By using SnapTrac with analytics and crash reports enabled, you acknowledge that the limited anonymous data described in Section 2 may be processed in the United States and other jurisdictions where those processors operate. Each processor implements its own legal mechanisms (Standard Contractual Clauses, etc.) for international transfers — see their policies linked above.

10. Changes to this policy

If we change this policy in any material way, we will:

1. Update the Effective date at the top of this page.
2. Post a notice in the app on next open describing the change in plain English.
3. For changes that affect what we collect, require you to acknowledge the new policy before continuing to use the app.

The current version always lives at snaptrac-link.pages.dev/privacy.

11. Contact

Email: support@shadowkidsstudios.com
Subject line: "SnapTrac privacy"
Publisher: Shadow Kids Studios (Adam Donovan, sole proprietor, USA)

We aim to respond within 7 days. For formal data subject requests under GDPR or CCPA, we will respond within the statutory deadlines (one month and 45 days respectively).