Privacy Policy

Tapsayve ("Tapsayve", "we", "us") provides an AI expense management application that lets users log expenses by voice or by scanning receipts. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have.

By using Tapsayve you agree to this policy. If you do not agree, do not use the service.

Account information: name, email address, and authentication identifiers (e.g., Supabase user ID) you provide when you sign up.

Expense data: amounts, currencies, merchants, categories, dates, and notes you create, by typing, by voice, or by scanning a receipt.

Voice recordings and receipt images: when you use voice or receipt entry, we send the audio or image to our AI provider(s) for transcription and extraction. The structured result is stored in your account; the original media is stored encrypted in your account's storage bucket and is accessible only to you and any workspace members you invite.

Device & log data: IP address, browser/device type, and basic event logs (e.g., feature used, error encountered) used for security, debugging, and product analytics.

Payment data: processed by our payment provider (RevenueCat / underlying processors). We do not store full card details on Tapsayve servers.

To provide the service: transcribe voice, extract data from receipts, categorize and store expenses, generate exports.

To support paid plans: process subscriptions, manage entitlements, and provide receipts/invoices.

To improve the service: aggregate, anonymized analytics on feature usage and AI quality. We do not sell your data.

To communicate with you: account notifications, security alerts, and (only with consent) product updates.

Voice transcription and receipt extraction rely on third-party AI models (e.g., Google Gemini, OpenAI). Inputs are sent to these providers solely to produce the structured result.

We instruct providers not to use your inputs to train their models, where they offer that option. Providers may temporarily cache inputs for abuse monitoring under their own privacy terms.

We do not use your voice recordings or receipt images to train Tapsayve's own models without separate, explicit opt-in.

We share data only with sub-processors that help us run the service: hosting and database (Supabase), AI providers (Google, OpenAI), payments (RevenueCat and the underlying app stores), and analytics. Each is bound by a data-processing agreement.

We may disclose information if required by law, to enforce our Terms, or to protect rights and safety.

In the event of a merger or acquisition, your data may transfer to the surviving entity, subject to this policy.

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, logged, and reviewed. We follow industry best practices for authentication, key management, and least-privilege access.

No system is 100% secure. If we ever discover a breach affecting your account, we will notify you in accordance with applicable law.

We retain account and expense data for as long as your account is active. You can delete individual expenses, receipts, and your entire account from in-app settings at any time.

Deleted data is removed from active systems immediately and from encrypted backups within 30 days.

Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. You can exercise most of these rights yourself in-app.

To make a written request, contact us at the email below. We respond within 30 days.

Tapsayve is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has provided personal data to us, contact us so we can delete it.

We may update this policy as the product evolves. Material changes will be announced in-app or by email. The "last updated" date below reflects the current version.

Questions or requests: privacy@tapsayve.com. For general support, see the in-app help menu.