Privacy Policy

Last updated: July 31, 2025

Overview:This privacy policy applies to the Scan receipts & Track expenses app (hereby referred to as "Application") for mobile devices that was created by Tunu analytics Limited (hereby referred to as "Service Provider") as a Freemium service. This policy explains what data we collect when you use the Application, how we use it,how you can control it, and with whom it may be shared. You can access, correct, delete, or export your data, and revoke Gmail access at any time.

Table of Contents

Information Collection and Use
Data Subject Rights
Google User Data Handling
Third Party Access and Sharing
Security Measures
Opt-Out Rights
Data Retention Policy
Children
Security

Information Collection and Use

The Application collects information when you download and use it. This may include:

Your device's Internet Protocol address (e.g., IP address).
The pages of the Application you visit, the time and date of visits, and time spent.
The operating system on your mobile device.
When you import receipts from your email: subject, sender address, date, snippet, and attachment metadata. We process only this metadata to identify and extract receipt information; the full email content is not stored.
Information you provide for identity verification (e.g., via OpenID/email) to associate imported receipts with your account.

We may use collected information to send required notices, important updates, and occasional marketing, as described elsewhere in this policy.

Data Subject Rights

Right to Access: You can view all personal data we hold about you.
Right to Correct: You can update or correct any inaccurate information.
Right to Delete: You can permanently delete your data at any time via the in-app Settings ▶️ “Delete My Data” or by contacting [email protected].
Right to Port: You can export your data in CSV format via Settings ▶️ “Export My Data.”
How to Exercise: All these controls are available in-app or by contacting [email protected].

Google User Data Handling

Access

https://www.googleapis.com/auth/gmail.readonly – to read your emails for receipt-import functionality.
openid / email – to verify your identity and associate imported receipts with your account.
Gmail access authorization is performed within our iOS app, which you can download from the link on our homepage.

Use

We use this access solely to:

List and fetch the minimal set of Gmail messages (subject, snippet, body, attachments) you explicitly choose to import as receipts.
Parse that content via OpenAI’s APIs to extract structured receipt data (merchant, total, date, line items, etc.).
Store and display your imported receipts in your private account dashboard.

We do not scan or process any other emails beyond those you explicitly select, nor do we share any additional Gmail content with third parties.

Storage

Your raw email snippets and attachments are temporarily uploaded to a secured Google Cloud Storage bucket under your user-scoped folder; generated signed URLs expire after 7 days.
Extracted receipt data (merchant, amounts, dates, etc.) is stored encrypted at rest in our database.

Sharing

We share only the selected email attachments (for parsing) with OpenAI’s receipt-parsing endpoint.
Any deletion requests (via in-app settings or [email protected]) will purge all stored email content and extracted receipt data.

Retention & Deletion

Imported receipt data remains in your account until you choose to delete it.
You can revoke Gmail access at any time via your Google account’s “Connected apps” settings; revocation prevents further fetching or parsing.

Third Party Access and Sharing

We may share information with third parties as described below. Only aggregated or anonymized data is periodically transmitted to external services to help improve the Application. We do not share your raw email content or extracted receipt data with advertisers or unrelated third parties.

Service Providers

The Application utilizes third-party services that process data on our behalf. These include:

Google Play Services
Google Analytics for Firebase
Firebase Crashlytics
OneSignal
RevenueCat
OpenAI – used solely to parse receipt content you explicitly select. See OpenAI’s Terms of Use and Privacy Policy.

Security Measures

All data is transmitted over TLS (HTTPS) and stored encrypted at rest using industry-standard AES-256.

Opt-Out Rights

You can stop all collection by uninstalling the Application. Use your device’s standard uninstall process.

Data Retention Policy

We retain user-provided data for as long as you use the Application and for a reasonable time thereafter. If you’d like us to delete your data, contact [email protected]. We’ll respond in a reasonable time.

Children

The Application does not knowingly solicit data from or market to children under 13. If we learn that a child under 13 has provided personal information, we will promptly delete it. Parents or guardians who believe their child has submitted information should contact us at [email protected].

Security

We implement physical, electronic, and procedural safeguards to protect your information. Access is restricted on a need-to-know basis.