Privacy Policy
Last updated: December 2025
SNAPT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered receipt analyzer and budget categorizer service through Telegram and our web application.
Please read this privacy policy carefully. By using SNAPT, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information
- Telegram user ID and chat ID (for bot communication)
- Email address (via Clerk authentication for web access)
- Display name or username (if provided)
Receipt Data
- Receipt images you send for processing
- Extracted receipt information (merchant, items, amounts, dates)
- Category assignments and transaction splits
Financial Connections
- YNAB Personal Access Token (initially) or OAuth credentials
- YNAB budget ID and account preferences
- Category mappings from your YNAB budget
Usage Information
- Number of receipts processed
- AI models used for analysis
- API usage and associated costs
- Feature usage patterns and preferences
2. How We Use Your Information
We use your information to:
- Process receipt images using AI providers (Google AI Gemini, OpenAI)
- Extract and categorize transaction data from receipts
- Create split transactions in your YNAB budget
- Track usage for billing and subscription management
- Provide customer support and respond to inquiries
- Improve our service quality and accuracy
- Detect and prevent fraud or abuse
- Comply with legal obligations
3. Third-Party Services
We use the following third-party services to provide SNAPT:
Google AI (Gemini)
Receipt image analysis and data extraction. Your receipt images are processed by Google's AI models. See Google's Privacy Policy.
OpenAI
Alternative AI provider for receipt analysis. See OpenAI's Privacy Policy.
YNAB API
Transaction creation and category synchronization with your budget. See YNAB's Privacy Policy.
Telegram Bot API
Message handling and bot communication. See Telegram's Privacy Policy.
Clerk
Web authentication and user management. See Clerk's Privacy Policy.
Stripe
Payment processing and subscription management. We do not store your payment card details. See Stripe's Privacy Policy.
4. Data Storage and Security
Storage Location
Your data is stored in PostgreSQL databases hosted on Railway with data centers in the United States. All data is encrypted at rest.
Security Measures
- HTTPS encryption for all data in transit
- AES-256-GCM encryption for YNAB tokens and sensitive credentials
- Secure webhook verification for Telegram communications
- Rate limiting to prevent abuse (10 receipts/hour, 30 messages/minute)
- Input sanitization and file size validation
- Regular security audits and updates
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Receipt images | Deleted immediately after processing |
| Transaction data | Retained until account deletion |
| Usage logs | 12 months |
| Account information | Retained until account deletion |
6. Your Rights
You have the right to:
- Access your data: Request a copy of all personal data we hold about you
- Export your data: Receive your data in a portable, machine-readable format
- Delete your account: Request complete deletion of your account and associated data
- Revoke YNAB access: Disconnect your YNAB account at any time through settings or by revoking access in YNAB
- Correct inaccurate data: Update or correct any personal information we have
- Object to processing: Object to certain types of data processing
To exercise these rights, contact us at support@snapt.app.
7. Data Sharing
We do not sell, rent, or trade your personal information.
We may share your information only in the following circumstances:
- With third-party service providers as described above, solely to provide the service
- To comply with legal obligations, court orders, or law enforcement requests
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice to you)
8. Children's Privacy
SNAPT is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws. By using SNAPT, you consent to such transfers. We take appropriate safeguards to ensure your data remains protected.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: support@snapt.app