Privacy Policy

Last updated — April 20, 2026

1. Data controller

Publisher: [Éditeur — nom à compléter], natural person residing in Switzerland. Contact: privacy@moneydocs.app

2. Data storage on your device

All your financial data (expenses, projects, reports, categories, merchants) is stored exclusively on your device in a database encrypted with SQLCipher (AES-256). MoneyDocs has no central server and no user accounts. Your data never leaves your device unless you explicitly export or share it (PDF, CSV, .moneydocs package).

3. Data sent to our OCR backend

When you scan a receipt, the following information is transmitted to our extraction backend over an encrypted HTTPS connection, through a server-side proxy (Supabase):

  • The receipt image (resized). Currently, the image is not retained after processing. We may in the future retain it in an anonymous form to improve the quality of the OCR engine — if this option is activated, this policy will be updated and you will be notified within the application.
  • A random, persistent device identifier (device_id) — does not contain your name, email, phone number or advertising identifier. It is used to manage your usage quotas and to associate your corrections with your extractions.
  • The data extracted from the receipt: merchant, amount, currency, date, category, taxes, VAT number, subtotal, optional comment. This data is retained in anonymous form to continuously improve the quality of the OCR engine.
  • Other technical metadata printed on the receipt: invoice number, store loyalty card number (when printed), point-of-sale code, payment type (“card”, “cash”, “check”, etc.), as well as the raw output returned by our OCR provider, for diagnostic and service improvement purposes.
  • Text region coordinates (bounding boxes) and detected text.
  • Your corrections, if any: when you correct a misrecognized merchant, category or amount, your correction is transmitted and retained in anonymous form to improve future extractions for all users.

What we NEVER collect, even if printed on your receipt:

  • No digits of your bank card number, including the last 4 digits that are sometimes printed by certain terminals. This data is intentionally excluded from collection and purged from historical records.
  • Your name, email, personal phone number, or home address.

No human reviews individual receipts.

4. Third-party services and transfers

  • Veryfi / Google Document AI — OCR processing of images through our backend proxy. Only the image and text needed for extraction are transmitted; your API keys are never embedded in the app.
  • Supabase — hosts our OCR backend and technical databases.
  • ExchangeRate-API — real-time currency exchange rates.

No analytics SDK, no Firebase, no crash reporting, no advertising framework.

5. Security and legal basis (GDPR / Swiss nFADP)

The processing described in article 3 is based on the publisher’s legitimate interest in improving the quality of their OCR service, balanced against your right to privacy through the following measures:

  • Retained data is not nominative: it is linked only to a random technical identifier (device_id).
  • It is retained for OCR model improvement for an indefinite period while the publisher operates the service; it can be purged at your request by simple email (see article 9).
  • It is not resold, not shared with advertisers, and not used for any commercial purpose other than improving the MoneyDocs service and its OCR engine.
  • The local database is encrypted with SQLCipher (AES-256).
  • Local receipt image files are stored in the app’s private sandbox, accessible only to MoneyDocs. They do not benefit from additional file-level encryption — this is a planned improvement for a future release.
  • Encryption keys are stored in your device’s secure hardware (Android Keystore).
  • All network traffic goes over HTTPS with certificate pinning on Supabase and ExchangeRate endpoints.
  • Optional PIN and biometric lock.

Your right to opt out: you can always enter expenses manually to avoid any transmission to the OCR backend.

6. Your rights (GDPR / Swiss nFADP)

In accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP), you have the following rights:

  • Access and rectification — data stored on your device is at your disposal; you access and modify it freely in the application.
  • Local erasure — uninstalling the app deletes all locally stored data.
  • Remote erasure — on simple request sent to privacy@moneydocs.app with your device_id (available in the app settings), we purge from the OCR backend all extractions, corrections and logs associated with it.
  • Portability — you can export all your local data at any time (PDF, CSV, .moneydocs package).
  • Opt-out — enter expenses manually to avoid any transmission to the OCR backend.
  • No account to delete — there is no user account with us.

7. Children

MoneyDocs is not directed at children under 13 and does not knowingly collect data from children.

8. Changes

We may update this policy. The current version is always available on this page and in the app settings. In case of substantial modification (e.g. activation of image retention), you will be notified directly in the application.

9. Contact

For any question regarding this policy, or to exercise any of the rights mentioned in article 6, contact privacy@moneydocs.app.

10. Governing law

This policy is governed by Swiss law. Jurisdiction: Switzerland.