Privacy Policy

Last updated: May 12, 2026

Nyktora Group, LLC (“we,” “our,” or “us”) operates the Keipt mobile application (“App”). This Privacy Policy explains how we collect, use, and protect your information when you use our App.

Information We Collect

Information You Provide

  • Account information: Email address, display name, and authentication provider (Apple or Google Sign-In)
  • Receipt data: Merchant names, purchase amounts, dates, line items, and categories that you scan and save
  • Business information: Business names and expense categorizations you create
  • Preferences: App settings, notification preferences, and subscription tier

Information Collected Automatically

  • Usage analytics: Screen views, feature usage, scan counts, and app performance metrics (via Firebase Analytics)
  • Crash data: Device model, OS version, app version, and crash stack traces (via Firebase Crashlytics)
  • Device information: Device type, operating system, and unique installation identifier

Receipt Image Processing

Receipt images you scan are securely transmitted to our backend (hosted on Cloudflare) and sent to Google Gemini (via OpenRouter) for extraction of purchase information (merchant name, date, items, amounts). The AI provider processes the image in real time and does not retain it after processing. The extracted text data (merchant name, item descriptions, amounts) is saved to your account.

Receipt Image Storage

  • Free tier: receipt images are stored only on your device. They never leave your phone except for the ephemeral OCR call described above.
  • Pro and Max tiers: if you sign in, your receipt images are stored in our cloud (Cloudflare R2) so you can access them from other signed-in devices, including any web interfaces we provide for your Keipt account. Images are retained for the life of the receipt — delete a receipt in the app and the image is removed from our cloud within seconds. Delete your account and every image you uploaded is removed (see “Data Retention” below).

Transaction Statements (Max tier)

If you import a transaction statement (CSV file) from your card issuer on the Max tier, we store the following fields from each transaction on your device and, because Max includes cloud sync, on our servers (Cloudflare D1) under your account:

  • Transaction date
  • Merchant name as shown on your statement, plus a normalized version of it used to match against your scanned receipts
  • The amount and currency of the transaction
  • Whether the transaction is a debit or credit
  • The last four digits and network (Visa, Mastercard, Amex, etc.) of the card used, if your CSV includes them

We do not store full card numbers, CVVs, account numbers, bank-login credentials, or the raw CSV row itself. We never contact your bank on your behalf in this flow; you bring your own data by exporting the CSV from your card issuer.

Information We Do NOT Collect

  • We do not collect your device location. Merchant addresses attached to receipts are looked up from a static merchant database and reflect the store’s location, not yours.
  • We do not access your contacts, calendar, photos (beyond the image you explicitly pick for a scan), or other personal data.
  • We do not sell your personal information. Ever.

How We Use Your Information

  • To provide and maintain the App’s functionality
  • To process and display your scanned receipts
  • To generate spending insights and categorization
  • To send you notifications you’ve opted into (e.g., scan reminders, weekly summaries)
  • To diagnose crashes and improve app performance
  • To communicate service updates and important notices

Local-First Architecture

Keipt is designed with a local-first architecture. Your receipt data is stored on your device in a local SQLite database. Receipt scanning requires an internet connection so we can OCR the image via our AI provider; after OCR the extracted data is saved locally and (on Pro/Max) synced to our cloud as described below.

Cloud Sync (Pro and Max)

Pro and Max subscribers get cloud sync so receipts are backed up and accessible across their signed-in devices and any web interfaces we provide for the Keipt account. Cloud sync is operated by us — your data is stored on Cloudflare infrastructure (D1 database for receipt data, R2 object storage for images) under accounts we control. It is not stored in your iCloud or Google Drive.

Cloud sync is automatic on Pro and Max. You can disable it by downgrading to Free (local-only) or by deleting your account.

Shared Households (Pro and Max)

Pro and Max subscribers can create or join a shared household so family members can contribute receipts to one shared ledger across their separate Apple IDs. This section describes what’s shared and what stays private.

What’s shared with other household members

When you assign a receipt to a household, every other household member can see:

  • The merchant name, transaction date, and total amount
  • The receipt image
  • The category you tagged it with
  • That you (by your display name) were the contributor

That’s it. Members do NOT see:

  • Your notes on the receipt — those stay private to you
  • Your business / personal entity tag on the receipt — that’s your own categorization
  • Receipts you scan that you do NOT explicitly assign to the household

How invites work

The household owner generates a 6-character invite code (or universal link) and shares it via the iOS share sheet. Anyone with the code can join, up to a 5-member cap (matching Apple Family Sharing’s own cap). Codes expire after 7 days. The owner can revoke a member at any time, and any member can leave at any time. Receipts a leaving member already contributed stay in the household — the scanner consented to share them. Members can also recall a specific contribution at any time.

Member data we store

For each household member we store: a per-membership display name (snapshotted when you joined — falls back to your account display name), your role (owner / member), and the timestamp you joined. We do not collect or share any contact-list data, location, or anything beyond what’s needed for the household ledger to work.

Recall and deletion

  • The receipt’s owner (the scanner) can remove their own contribution at any time. The receipt stays in their personal list; it just leaves the household.
  • The household owner can remove any contribution from the household.
  • The household owner can dissolve the household entirely. Receipts each member contributed remain in their own personal lists.
  • If you delete your Keipt account, your account is removed from any households you joined and any receipts you contributed are removed from those households (because they cascade-delete with your account).

Apple Family Sharing

If you receive Pro through Apple Family Sharing, your Pro tier covers your participation in shared households at no extra charge — Family Sharing already paid for it. Business entities (Schedule C tracking, multi-entity Max features) are single-user only and not part of the shared-household feature; those stay private to your account.

Bookkeeper Pass (Max)

Max subscribers can grant a bookkeeper, accountant, or tax preparer read-only access to a single business entity via secure email link. The recipient does not need a Keipt account.

What we collect from the bookkeeper

  • Email address, supplied by the inviting Max user. We hash the address (SHA-256) and use the hash as the lookup key for sessions and access checks. The plaintext address is also stored in a short-lived cache (1-year TTL on Cloudflare KV) so the inviter can re-send invitations without re-typing it; deleting the pass purges the plaintext.
  • Bookkeeper session metadata: a session identifier, the timestamp of the last action, and a 30-day rolling expiration. Stored on our backend (Cloudflare D1).
  • We do not collect the bookkeeper’s name, IP address, location, contacts, or any identifier beyond the email.

What’s shared with the bookkeeper

For the single business the pass is granted on, the bookkeeper can view:

  • Receipt list (merchant, date, subtotal, tax, tip, total, payment method, card last 4, category, your typed notes, the receipt image)
  • Schedule C line mapping for each receipt
  • Aggregate spending by category for any date range
  • A printable PDF tax report (Schedule C summary + business profile if you set one)
  • The business profile fields you choose to add (legal name, EIN, address, fiscal year end, accounting method)

The bookkeeper can also post notes back to you on individual receipts and flag receipts with questions; those notes and flags are stored on our backend under the receipt and visible to you in the mobile app.

What stays private from the bookkeeper

  • Other businesses you own (passes are per-business)
  • Receipts not assigned to the granted business
  • Your account credentials, payment information, or subscription history
  • Any receipts in your shared household that aren’t tagged to the granted business

Bookkeeper invitation emails

Invitation emails and recovery emails are sent through Google Workspace (Gmail API) from the address support@getkeipt.com. The email contains a one-time, single-use magic link that expires in 7 days; clicking the link establishes the bookkeeper’s session.

Revocation

You can revoke a bookkeeper’s pass at any time from the Business detail screen in the app. Revocation is immediate — the bookkeeper’s next request returns 401 and they’re logged out. You can grant up to 5 active passes per business.

Third-Party Services

We use the following third-party services, each with their own privacy policies:

ServicePurposeData Shared
CloudflareHosts our backend, databases, and receipt-image storage (Workers, D1, R2, KV)All cloud-synced data for Pro/Max users (receipt metadata, line items, images, search embeddings)
OpenRouter + Google GeminiReceipt image OCR and parsingReceipt images and extracted text — processed in real time, not retained after the response
Voyage AISemantic-search embeddings (Pro/Max smart search)Extracted receipt text (merchant name + item descriptions), sent once per receipt to generate a search embedding
Firebase AnalyticsUsage analyticsAnonymized usage events, device info
Firebase CrashlyticsCrash reportingCrash logs, device model, OS version
Firebase Cloud MessagingPush notificationsDevice token
RevenueCatSubscription managementPurchase receipts, subscription status, Keipt user ID
Sign in with AppleAuthenticationEmail (may be an Apple relay address), auth token
Sign in with GoogleAuthenticationEmail, display name, auth token
Google Workspace (Gmail API)Sending bookkeeper invitation and recovery emails (Bookkeeper Pass, Max only)Recipient email address (one-time, transactional). We send from support@getkeipt.com.

We do not sell your personal information to any third party. Ever.

Data Storage and Security

  • Receipt data is stored locally on your device using encrypted SQLite
  • Cloud-synced data is encrypted in transit (TLS) and at rest (by the platform provider)
  • Account authentication uses industry-standard OAuth 2.0 via Apple and Google
  • We follow security best practices, but no method of electronic storage is 100% secure

Your Rights

You have the right to:

  • Access your data: View all stored receipts and businesses in the App
  • Export your data: Export your receipt data as JSON or CSV from Settings → Export Data, or email us at support@getkeipt.com and we’ll send you your data
  • Delete your data: Delete your entire account and all associated data from Profile → Delete Account. Deletion is immediate and permanent — all receipts, images, businesses, and account records are removed from our servers
  • Opt out of analytics: Settings → Privacy → “Share usage analytics” turns off Firebase Analytics collection at the SDK level. Crash reporting (Crashlytics) remains on so we can keep fixing bugs that affect your experience; contact support@getkeipt.com if you want that off too.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, email us at support@getkeipt.com.

European Residents (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing is legitimate interest (providing the service) and consent (analytics, notifications). To exercise these rights, email us at support@getkeipt.com.

Children’s Privacy

Keipt is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at support@getkeipt.com and we will promptly delete it.

Data Retention

  • Active accounts: Your data is retained as long as your account is active
  • Deleted accounts: All personal data is deleted within 30 days of account deletion
  • Anonymized analytics: Aggregated, non-identifiable analytics data may be retained for up to 2 years

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the App and updating the “Last updated” date. Your continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Nyktora Group, LLC Email: support@getkeipt.com