Privacy Statement

Last updated: August 2025

                
                     Your Privacy is Absolute
                
                        Zero personal data collection - We
                        don't collect any personal information
                    
                        No servers - This is a static website
                        with no backend
                    
                        Privacy-focused analytics only - We use
                        Umami for basic usage statistics without tracking you
                    
                        No middleman - Your receipts go
                        directly from your device to your Google Drive
                    
                        You own your data - Everything stays in
                        your Google Drive account
                    
                        Error reporting only - We use
                        Honeybadger to record technical errors (no receipt
                        content)

How Keep a Receipt Works

Keep a Receipt is designed with a privacy-first architecture. We achieve this by having no infrastructure that could store or process your data.

Our Architecture

The entire application runs in your web browser
We serve only static HTML, CSS, and JavaScript files
There is no backend server, database, or data processing
All image processing happens locally on your device
Files are uploaded directly from your browser to your Google Drive

Technical Details

Keep a Receipt uses the Google Drive API with OAuth 2.0 authentication. The authentication token is stored only in your browser's local storage and is never transmitted to us. We cannot see, access, or retrieve this token.

What We Don't Do

We don't store your receipts - They go directly to your Google Drive
We don't see your receipts - Images are processed locally in your browser
We don't know who you are - No user accounts or registration
We don't have access to your Google Drive - Only you control your data
We don't sell or share data - We have no data to sell or share

Google Drive Integration

When you connect your Google Drive account:

You authenticate directly with Google (we never see your credentials)
The app requests permission only to create and manage files it creates
The authentication happens between your browser and Google's servers
You can revoke access at any time through your Google Account settings

Local Storage

The app uses your browser's local storage to save:

Your Google Drive authentication token (encrypted by your browser)
Your preference for the Google Drive folder name
Temporary queue of uploads if you're offline

This data never leaves your device and can be cleared at any time by clearing your browser data.

Privacy-Focused Analytics

We use Umami Analytics, a privacy-focused analytics tool that:

Does not collect any personal information
Does not use cookies
Does not track users across websites
Is GDPR, CCPA, and PECR compliant
Only collects aggregated, anonymous data

The only data collected is:

Page views (which pages are visited)
Referrer (how you found our site)
Browser type (Chrome, Firefox, etc.)
Operating system (Windows, Mac, etc.)
Device type (Desktop, Mobile)
Country (derived from IP address, which is not stored)

This anonymous data helps us understand how people use Keep a Receipt so we can improve the service. Your IP address is never stored, and you cannot be identified from this data.

Error Reporting (Honeybadger)

We use Honeybadger to record application errors so we can investigate and fix problems. Error reports include only technical information and never include your receipts or Google Drive file contents.

Information that may be sent when an error occurs:

Error details: name, message, and stack trace
Runtime context: current page URL, browser and OS information
Console error parameters, serialized as text (if any)

Information that is not sent:

Receipt images or files
Google account credentials or access tokens
Google Drive file contents

Third-Party Services

Keep a Receipt uses the following third-party services:

Google Drive API - For storing your receipts (you authenticate directly with Google)
CDN for libraries - We load JavaScript libraries from content delivery networks
Umami Analytics - Privacy-focused analytics (see section above)
Honeybadger (Error Monitoring) - Technical error reports only (error message, stack trace, page URL, browser/OS info, and serialized console parameters). No receipt images, Google credentials, or Drive file contents are sent.

These services may have their own privacy policies. We encourage you to review Google's privacy policy for information about how they handle your data.

Data Security

Your data security is ensured by our architecture:

All data processing happens locally in your browser
Connections to Google Drive use HTTPS encryption
We have no servers that could be compromised
We have no database that could be breached
Your receipts are protected by your Google Account security

Changes to This Policy

If we make changes to this privacy statement, we will update the "Last updated" date at the top of this page. Since we don't collect user information, we cannot notify you directly of changes.

Your Rights

Since we don't collect or store any of your data:

There's no data for us to delete (it's all in your Google Drive)
There's no data for us to correct (you control everything)
There's no data for us to export (you already have it)
You have complete control over your data at all times

Questions or Concerns?

If you have any questions about this privacy statement or how Keep a Receipt works, please contact us at:

humans@keepareceipt.app