ExpenseLense

Your records are private by default.

Last updated: July 12, 2026

This plain-language privacy summary explains what ExpenseLense stores and why.

Fake privacy control proof

The source trail stays useful without becoming public.

This example uses fake data to show the controls around a saved receipt, analytics, export, deletion, and upload safety.

Cafe receipt.jpg

Fake source attached to one saved record

Private source

Opening or downloading the original requires the owner account.

Upload safety

ExpenseLense checks supported type, signature, size, and basic PDF validity. Malware scanning and PDF sanitization are not part of the current upload path.

Owner check

Signed-in account only

Analytics boundary

No merchant, amount, filename, email body, or Insight text

Export

Records and source trail can be exported

Deletion

Product data deletion is available from privacy controls

What you add

We store the files, notes, and records you choose to create: receipts, screenshots, PDFs, statements, pasted text, merchant names, dates, totals, categories, payment methods, and line items.

How scanning works

When you use Scan, receipt, invoice, image, PDF, statement, or pasted content may be sent to OpenAI so ExpenseLense can read it into a clean record. Manual typing does not use scan quota.

Email intake

If you forward receipts or invoices, the configured email provider receives the message and attachments so ExpenseLense can process them into records.

Billing

Paid plans and billing status are processed through Stripe. ExpenseLense stores the billing state needed to unlock scans, billing management, and plan limits.

Product analytics

ExpenseLense records first-party product analytics such as page views, pricing, demo, signup, checkout, activation milestones, referral host, campaign parameters, and an anonymous browser ID stored in browser storage. IP address and browser user agent are hashed before storage. Analytics should not include receipt contents, merchant names, amounts, filenames, Insight questions, answers, email bodies, or line items.

Error monitoring

ExpenseLense uses Sentry for technical error monitoring and limited performance traces. Session replay, log capture, default personal data, request bodies, cookies, headers, and AI content capture are disabled. Error messages and dynamic routes are sanitized before sending. Receipt contents, email bodies, merchant names, amounts, filenames, line items, and Insight questions or answers must not be included.

Who can access it

Your account can access your records. Server-side services access them only to authenticate you, process uploads, save records, enforce billing, and keep the product secure.

Delete and export

You can edit, delete, and export records from the app. Account deletion removes product data associated with your account, subject to operational and billing records that may need to be retained.

Support

Questions about privacy, export, deletion, or billing can be sent to aiacobe@icloud.com.

What this is not

ExpenseLense is not a bank, card provider, tax advisor, or accountant. It helps you keep clearer private records.