Your records are private by default.
Last updated: July 12, 2026
This plain-language privacy summary explains what ExpenseLense stores and why.
Fake privacy control proof
The source trail stays useful without becoming public.
This example uses fake data to show the controls around a saved receipt, analytics, export, deletion, and upload safety.
Cafe receipt.jpg
Fake source attached to one saved record
Private source
Opening or downloading the original requires the owner account.
Upload safety
ExpenseLense checks supported type, signature, size, and basic PDF validity. Malware scanning and PDF sanitization are not part of the current upload path.
Owner check
Signed-in account only
Analytics boundary
No merchant, amount, filename, email body, or Insight text
Export
Records and source trail can be exported
Deletion
Product data deletion is available from privacy controls
What you add
We store the files, notes, and records you choose to create: receipts, screenshots, PDFs, statements, pasted text, merchant names, dates, totals, categories, payment methods, and line items.
How scanning works
When you use Scan, receipt, invoice, image, PDF, statement, or pasted content may be sent to OpenAI so ExpenseLense can read it into a clean record. Manual typing does not use scan quota.
Email intake
If you forward receipts or invoices, the configured email provider receives the message and attachments so ExpenseLense can process them into records.
Billing
Paid plans and billing status are processed through Stripe. ExpenseLense stores the billing state needed to unlock scans, billing management, and plan limits.
Product analytics
ExpenseLense records first-party product analytics such as page views, pricing, demo, signup, checkout, activation milestones, referral host, campaign parameters, and an anonymous browser ID stored in browser storage. IP address and browser user agent are hashed before storage. Analytics should not include receipt contents, merchant names, amounts, filenames, Insight questions, answers, email bodies, or line items.
Error monitoring
ExpenseLense uses Sentry for technical error monitoring and limited performance traces. Session replay, log capture, default personal data, request bodies, cookies, headers, and AI content capture are disabled. Error messages and dynamic routes are sanitized before sending. Receipt contents, email bodies, merchant names, amounts, filenames, line items, and Insight questions or answers must not be included.
Who can access it
Your account can access your records. Server-side services access them only to authenticate you, process uploads, save records, enforce billing, and keep the product secure.
Delete and export
You can edit, delete, and export records from the app. Account deletion removes product data associated with your account, subject to operational and billing records that may need to be retained.
Support
Questions about privacy, export, deletion, or billing can be sent to aiacobe@icloud.com.
What this is not
ExpenseLense is not a bank, card provider, tax advisor, or accountant. It helps you keep clearer private records.