Privacy Policy

Privacy Policy

Effective April 17, 2026 · Last updated April 17, 2026

Budget Lens AI is built privacy-first. Your receipts, spending, and insights are processed on your iPhone. We never sell your data, never show ads, and never upload your financial activity to our servers without your explicit opt-in.

1. Summary (plain English)

  • All receipt scanning and categorization happens on your device using Apple Vision and Apple Intelligence.
  • We do not operate a server that stores your transactions.
  • iCloud Backup is optional, off by default, and end-to-end encrypted by Apple.
  • We do not sell, rent, or share your personal data with advertisers or data brokers.
  • We collect the minimum data needed to run the service (account email, crash reports).

2. Information we collect

We collect only what is necessary to operate the app:

  • Account information. If you create an account, we collect your email address and an authentication token issued by Firebase Authentication.
  • Subscription status. If you subscribe, Apple provides us with a receipt confirming your plan. We do not receive your credit card.
  • Diagnostics. Anonymous crash logs and performance data via Sentry. These contain stack traces and device model, not your receipts or financial data.
  • Anonymous analytics. Aggregate usage counts via Cloudflare Web Analytics on our marketing website. No cookies. No cross-site tracking.

3. Information that stays on your device

The following never leaves your iPhone unless you opt in to encrypted iCloud Backup:

  • Photos or scans of receipts.
  • OCR text extracted from receipts.
  • Line items, categories, totals, and merchant names.
  • AI-generated spending insights.
  • Group expense splits, members, and settlement history.

4. How we use information

  • To authenticate you and provide the service.
  • To process subscriptions through Apple and RevenueCat.
  • To diagnose crashes and improve reliability.
  • To respond to your support requests.

5. Third-party services

We use a minimal set of vetted service providers:

  • Apple — Apple Vision OCR, Apple Intelligence, iCloud Backup, App Store billing.
  • Firebase Authentication (Google) — account sign-in.
  • RevenueCat — subscription state management (no payment details).
  • Sentry — anonymous crash reports.
  • Cloudflare — website hosting, DNS, and privacy-preserving web analytics (no cookies).
  • Resend — transactional email (waitlist confirmations, launch notifications).

We do not share your personal data with advertisers, data brokers, or social networks.

6. iCloud Backup (optional)

If you enable iCloud Backup for Budget Lens AI, your data is stored in your personal iCloud account and encrypted by Apple. We do not have access to it. You can disable backup at any time from iOS Settings → Apple ID → iCloud.

7. Children's privacy

Budget Lens AI is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

8. Your rights

Because your financial data stays on your device, you control it directly. You can:

  • Delete any receipt, category, or group at any time from within the app.
  • Delete your account — which removes your email from Firebase Authentication and cancels any active subscription renewal through the App Store.
  • Request a copy of the limited account information we hold by emailing us.

If you reside in the European Economic Area, United Kingdom, California, or another jurisdiction with specific privacy laws (GDPR, UK-GDPR, CCPA/CPRA), you have additional rights to access, correct, delete, restrict, or object to the processing of your data. Contact us to exercise them.

9. Data retention

Account email is retained while your account is active. Crash reports are retained by Sentry for 90 days. Subscription receipts are retained as long as legally required for accounting.

10. Security

We use industry-standard safeguards: HTTPS for all network traffic, Apple Keychain for on-device secrets, and vendor SOC 2 compliance for Firebase, RevenueCat, and Sentry. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you promptly.

11. International transfers

We operate in the United States. If you use Budget Lens AI from outside the U.S., your limited account data may be transferred to, stored, and processed in the United States.

12. Changes to this policy

We may update this policy from time to time. If changes are material, we will notify you through the app or by email. The "Last updated" date at the top of this page reflects the most recent version.

13. Contact us

Questions, requests, or concerns? Email privacy@budgetlens.ai or use the Support page.