Back to homepage

Privacy & data

Last updated 2026-05-05. Plain language; the exact contractual version available on request.

Who we are

UnReceipt is operated from Sweden. The data controller for personal data processed through this product is the company behind unreceipt.com. For any privacy-related question, write to support@unreceipt.com.

What we collect

  • Account email. Used to send you sign-in magic links and product communications.
  • Receipts you forward or upload. The image plus the structured fields we extract or you provide (merchant, amount, date, category, notes).
  • Subscription status.Whether you're trialing, active, or canceled — synced from Stripe.
  • Standard request metadata. IP, user agent, and timestamps captured by our hosting provider for security and abuse prevention.

Why we process it

  • To deliver the service— we can't build a dashboard of your receipts without storing your receipts. Legal basis: contract performance.
  • To bill you — Stripe handles the actual cardholder data; we only see the subscription state. Legal basis: contract performance.
  • To prevent abuse and meet our security obligations — minimal request logs. Legal basis: legitimate interest.

Who else processes your data (sub-processors)

We use a small set of third parties under data processing agreements. They process your data only as needed to run UnReceipt and never for their own purposes.

  • Supabase — database, authentication, file storage. Hosted in the EU.
  • Stripe — subscription billing, payment processing, automatic VAT calculation.
  • Vercel — application hosting, request routing, CDN.
  • Resend — transactional email delivery (welcome emails, magic links).

How long we keep it

  • Active accounts:for as long as your subscription is active or you've used the service in the last 12 months.
  • After cancellation: 30 days for billing reconciliation, then your account and receipts are permanently deleted unless legal record-keeping requires longer (e.g., Swedish bookkeeping law for invoiced amounts).
  • Request immediate deletion at any time by emailing support@unreceipt.comfrom your account email — we'll confirm within 30 days.

Your rights

Under GDPR you have the right to access, correct, export, restrict, object to processing of, or delete your personal data. To exercise any of these, email support@unreceipt.com from your account email. We respond within 30 days.

You can also lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we're mishandling your data.

Cookies

We set a small number of strictly-necessary cookies to keep you signed in and to remember a couple of UI preferences. We do not use advertising or cross-site tracking cookies. Anonymous, aggregated traffic measurement is provided by Vercel Web Analytics and Speed Insights.

Changes to this policy

We'll update this page when our practices change, and email account holders for material changes. The version date at the top tells you when it was last revised.

Contact

support@unreceipt.com for anything about your data, this policy, or to raise a concern.

Back to homepage