Receiptally Privacy Policy
Effective date: 7 July 2026
This Privacy Policy explains how Whispa (Pty) Ltd ("Whispa", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the Receiptally website, the one-scan interactive demo on that website, our waitlist, and — when they launch — the Receiptally apps for iOS and Android. "Receiptally" is a product and brand of Whispa (Pty) Ltd.
This is a single, unified policy covering all of those surfaces. Where a section applies only to a specific surface (for example, the website demo or the apps), we say so.
The short version
- Your receipts stay on your device. When you scan a receipt — in the website demo or in the apps — the receipt image is sent transiently to Google's Gemini service only to extract the data on it. We do not store your receipt images or the extracted data on our servers or backend. In the apps, the extracted receipts and images live only on your device.
- We store your email only if you join the waitlist. If you give us your email to join the launch waitlist, we store it on our backend until Receiptally launches, after which we permanently delete it. You can ask us to delete it earlier at any time.
- We use privacy-respecting website analytics. We use Google Analytics to see how the website is used, with no advertising trackers. For visitors in the EU/UK it runs without cookies, which is why we don't show a cookie banner. In the apps, usage analytics and crash reporting are opt-in — off by default, and collected only if you turn them on.
- You are never required to give us personal information. Everything is voluntary; we explain below what happens if you choose not to.
Who we are
The responsible party (under South Africa's Protection of Personal Information Act, 2013 — "POPIA") and the data controller (under the EU/UK General Data Protection Regulation — "GDPR") for the processing described in this policy is:
- Whispa (Pty) Ltd
- Company registration number: 2025/060253/07
- Registered office: 20C Corsair Road, Milnerton, Cape Town, 7441
Whispa's Information Officer (as required by POPIA) is, by default under the Act, the head of the company. You can reach the Information Officer, and raise any privacy question or request, by email at privacy@receiptally.app.
For general (non-privacy) enquiries, contact us at hello@receiptally.app.
What we collect, and when
The website
You can browse the Receiptally website without creating an account or signing in. To understand how the site is used, we use Google Analytics 4. It tells us, in aggregate, how many people visit, which pages they view, roughly where they come from (the referring site, and an approximate country derived from your IP address), and a small number of product events — for example, starting the demo scan, reaching the demo scan limit, and joining the waitlist. We use this to decide what to build and fix. We do not use advertising trackers, remarketing tags, or tracking pixels, and we have disabled Google's advertising features, so this data is not used for ad personalisation. We do not sell or share it.
We have configured Google Analytics with Google Consent Mode to match where you are:
- If you are in the European Economic Area (EEA) or the United Kingdom, analytics runs without cookies. Google receives only aggregated, cookieless signals and does not set or read any analytics cookie or similar identifier on your device. Because nothing is stored on or read from your device, we do not show a cookie banner.
- If you are elsewhere (including South Africa), Google Analytics sets standard first-party analytics cookies to distinguish visits and returning visitors.
Your IP address is used momentarily by Google to derive approximate location and is not retained by Google Analytics in our configuration; we never see or store your raw IP address through analytics.
The one-scan demo
The demo lets you scan a single receipt in your browser without creating an account. When you use it, the following information is involved:
- An anonymous identifier. We sign you in anonymously through Firebase Authentication so that the demo can enforce its one-scan limit. This anonymous identifier is not linked to your name or email and is held in your browser session and in a backend record used solely to count demo scans.
- The receipt image. When you scan, your receipt image is sent transiently to Google's Gemini service for the sole purpose of extracting the data on the receipt (see "How receipt scanning works", below). The image is not stored on our servers or backend, and is not retained by the demo after the scan completes.
- The extracted receipt data. The merchant, total, line items, and similar fields that Gemini extracts are returned to your browser and stored only in your browser's local storage on your own device. This data is not stored on our backend. It remains until you clear your browser storage.
- A scan counter. We keep a count of how many demo scans you have used (and the configured limit) in your browser's local storage and in a backend record tied to your anonymous identifier, together with timestamps of when you first scanned and last scanned. This is used only to enforce the demo limit.
- Your IP address (transiently, for abuse prevention). When you call the demo, your IP address is used only to apply rate limits. We do not store your raw IP address; it is converted into a salted, hashed value used for short-lived rate-limit records that automatically expire.
- Bot-detection signals. We use Google reCAPTCHA Enterprise (through Firebase App Check) to tell humans apart from automated abuse. reCAPTCHA Enterprise sends browser and interaction signals to Google for this purpose. See "Security", below, and Google's privacy terms for how Google processes those signals.
The waitlist
If you choose to join the launch waitlist, we collect:
- Your email address, which we store on our backend. We store it in plaintext — we do not claim otherwise — so that we can notify you when Receiptally launches and enrol you in our beta-testing programme (see below).
- Your platform preference (iOS, Android, or both).
- A small amount of technical metadata associated with the request (an application identifier and the time you signed up).
Joining the waitlist enrols your email in our beta-testing programme. When you join, your email is added to our beta-tester groups so we can invite you to try Receiptally before public launch. We currently run this through Firebase App Distribution (a Google service). We may move beta testing to Apple TestFlight or Google Play testing in future; if we do, your email may be shared with that programme for the same purpose.
As with the demo, your IP address is used only for rate limiting when you submit the waitlist form and is not stored in raw form.
The apps (applies when the apps launch)
The Receiptally iOS and Android apps are not yet publicly available. When they launch, the following will apply:
- Receipt content and images stay on your device. The receipts you scan — including merchant name, address and phone number, amounts, line items, payment method, the last four digits of a payment card where shown, transaction references, raw extracted text, and any notes you add — and the receipt images are stored only on your device. This content is never stored on our servers or backend.
- Financial information stays on your device. Because receipts can include partial payment-card details (such as a card's last four digits) and purchase amounts, the apps handle that financial information — but only on your device, never on our servers.
- Transient extraction. As in the demo, receipt images are sent transiently to Google's Gemini service only to extract the data, and are not stored on our backend.
- A scan counter and subscription status. To enforce scan limits and (when subscriptions launch) reflect your subscription state, the apps store a small record on our backend tied to your account — a scan count, subscription status, platform, and timestamps. This record does not contain your receipts.
- An anonymous account by default. The apps sign you in anonymously by default. On iOS you may optionally link a Google or Apple account.
- Crash reporting is off by default. The apps include Firebase Crashlytics for crash diagnostics, but it is opt-in and disabled by default. It only runs if you turn it on, and you can turn it off again at any time in the app's settings (see "Your choices", below).
- Opt-in analytics. The apps will include privacy-respecting, aggregate usage analytics to help us improve Receiptally. It is opt-in and off by default — collected only if you turn it on, and you can turn it off again at any time in the app's settings. It is not active today.
On-device storage and backups
In the apps, your receipts and receipt images are stored locally on your device only. If you have enabled your device's own operating-system backup (iCloud on iOS, or Google account backup on Android), your device may include Receiptally's local data in that backup. Those backups are made to your own iCloud or Google account and are governed by Apple's or Google's privacy terms, not ours. We do not operate any cloud sync of your receipts today.
How receipt scanning works (Google Gemini)
To turn a receipt photo into structured data, we use Google's Gemini API. When you scan a receipt — in the website demo or in the apps — the receipt image is sent transiently to Gemini together with instructions describing the fields to extract. Gemini returns the extracted data, which is delivered back to you. The receipt image and the extracted data are not stored on our servers or backend; this is a core privacy commitment of Receiptally.
We use Gemini on a paid tier. On the paid tier:
- Google does not use your prompts or responses to train its models. Google's Gemini API Additional Terms of Service state, for Paid Services: "Google doesn't use your prompts (including associated system instructions, cached content, and files such as images, videos, or documents) or responses to improve our products".
- Google retains data only briefly, for safety. Google's terms state, for Paid Services: "Google logs prompts and responses for a limited period of time, solely for detecting and preventing violations of the Prohibited Use Policy to maintain the safety and security of the Services". Google's logs policy states: "Logs will expire after 55 days by default."
You can read Google's terms at https://ai.google.dev/gemini-api/terms and Google's logs policy at https://ai.google.dev/gemini-api/docs/logs-policy.
How we use your information
- To run the receipt scan you requested — sending the image to Gemini for extraction and returning the result to you.
- To enforce the demo's scan limit — counting your scans against the configured limit.
- To operate the waitlist — notifying you when Receiptally launches and enrolling you in our beta-testing programme.
- To prevent abuse and keep the service secure — bot detection (Google reCAPTCHA Enterprise / App Check) and rate limiting.
- To understand and improve the website — we use aggregate Google Analytics data (visits, pages viewed, referrers, approximate country, and demo/waitlist funnel events) to see what works and prioritise improvements.
- To improve the apps — if you opt in, we use aggregate usage analytics and crash diagnostics to find problems and improve Receiptally.
Whether you have to provide information, and what happens if you don't
Providing personal information to Receiptally is entirely voluntary. No law requires you to supply it, and we do not collect it under any legal obligation. The consequences of choosing not to provide it are simply that you will not receive the related feature, for example:
- If you do not scan a receipt, no receipt image is processed and no data is extracted.
- If you do not join the waitlist, we will not have your email and cannot notify you when Receiptally launches or invite you to the beta.
Legal grounds for processing
Under POPIA
We process personal information in line with the eight conditions for the lawful processing of personal information set out in POPIA: accountability; processing limitation; purpose specification; further processing limitation; information quality; openness; security safeguards; and data subject participation. We collect the minimum information needed for each purpose described above, and we keep it only as long as needed (see "How long we keep your information").
No law authorises or requires the collection of any of the personal information described in this policy; all of it is provided voluntarily, and there is no statutory consequence for declining to provide it beyond not receiving the related feature.
Under the GDPR (for users in the EU/EEA)
Where the GDPR applies, our lawful bases are:
- Consent for the waitlist (your email and platform preference, and your enrolment in the beta-testing programme). You can withdraw this consent at any time, as easily as you gave it, by asking us to remove you (see "Your choices" and "Your rights").
- Necessity to provide the service you requested for scanning a receipt and returning the extracted data, and for enforcing scan limits.
- Our legitimate interests in preventing abuse and keeping the service secure (bot detection and rate limiting); in understanding how our website is used, in aggregate, to improve it — and for visitors in the EEA and UK this website analytics is cookieless and stores no identifier on your device; and — only where you have opted in — in diagnosing crashes to improve reliability.
Providing personal information to us is neither a statutory nor a contractual requirement, nor a requirement necessary to enter into a contract, and you are not obliged to provide it. The only consequence of not providing it is that we cannot deliver the related feature (for example, scanning a receipt or notifying you at launch).
Who we share information with
We do not sell your personal information. We share information only with the service providers needed to operate Receiptally:
- Google / Firebase — we use Firebase Authentication (anonymous sign-in), Cloud Functions (the backend that processes scan and waitlist requests), Firebase App Check, Firebase Crashlytics (opt-in, in the apps), Firebase App Distribution (for beta-testing enrolment), and Google Analytics 4 (website usage analytics, as described above).
- Google reCAPTCHA Enterprise — for bot detection, as described under "Security". This sends browser and interaction signals to Google.
- Google Gemini API — for the transient receipt-data extraction described above.
The transfer of your waitlist email to Google Firebase App Distribution (or, in future, to Apple TestFlight or Google Play testing) is a disclosure to a service provider so that we can run our beta programme. It is not a sale or sharing of your personal information for any independent purpose.
Sending information outside South Africa and the EU/EEA
The Google and Firebase services we use process data on infrastructure that may be located outside South Africa and outside the EU/EEA. This means your personal information may be transferred across borders.
Under POPIA (section 72): where we transfer your personal information to a third party in another country, we rely on the bases permitted by section 72 — namely that the transfer is necessary to provide the service you requested (for example, the receipt extraction you asked for), and/or that you have consented to the transfer after being informed of it (for example, when you join the waitlist). South Africa does not publish a list of countries it recognises as offering an adequate level of protection; we therefore rely on contractual protections with our providers (see below) to require a comparable level of protection for your information.
Under the GDPR: South Africa and certain of Google's processing locations are not the subject of an EU adequacy decision. For transfers that require it, we rely on (and will continue to rely on) Google's Data Processing Addendum and the European Commission's Standard Contractual Clauses as the transfer mechanism. We rely on these safeguards; we do not represent that any particular set of clauses has been executed for your specific data beyond the contractual terms our providers make available.
How long we keep your information
- Receipt images — sent transiently to Gemini; never stored by us. Not retained by us. Google retains logs briefly for safety (logs expire after 55 days by default).
- Extracted receipt data — held in your browser (demo) or on your device (apps) only, never on our backend. Kept until you delete it from your browser or device.
- Waitlist email and platform preference — stored on our backend (email in plaintext). Kept until Receiptally launches, at which point we remove the waitlist form and permanently and irrecoverably delete all collected emails, including any copies held in our beta-testing tool. You can request earlier deletion at any time.
- Demo scan counter and timestamps — held in your browser and in a backend record tied to your anonymous identifier. Retained while the demo operates; you can clear the browser portion by clearing browser storage.
- Rate-limit records (from hashed IP) — held on our backend. Short-lived; automatically expire.
- Website analytics data — aggregate visit and event data held by Google Analytics, retained per Google's retention settings for that service. For EEA/UK visitors this is cookieless and stores no identifier on your device. We do not store analytics data on our own backend.
- App scan counter / subscription status (apps) — held on our backend, tied to your account. Kept while you use the app to enforce limits and reflect subscription state.
- Analytics and crash data (apps) — only if you opt in. Aggregate usage analytics and crash diagnostics are processed through Google Firebase and retained per Google's retention for those services; collection stops when you opt out.
Special categories of personal information
Receiptally is not intended for storing medical or health records, or any other special category of personal information. We minimise what we process to expense-relevant data on your receipts. We recognise that a receipt could incidentally reveal sensitive details (for example, a pharmacy line item); any such information forms part of your own receipt that you choose to scan — we do not solicit it. As with all extracted receipt data, any such information is processed only transiently by Gemini to perform the extraction you requested, and is stored only on your own device (or browser, in the demo) — never on our servers. Please do not use Receiptally as a store of record for medical or other sensitive documents.
Children
Receiptally is not directed to children, and we do not knowingly collect personal information from anyone under the age of 18. If you believe a child has provided us with personal information, please contact us at privacy@receiptally.app and we will delete it.
Security
We take reasonable technical and organisational measures to protect personal information, including:
- Anonymous authentication through Firebase, so the demo and apps do not require you to create a named account.
- Firebase App Check to ensure requests come from genuine instances of our website and apps — using Google reCAPTCHA Enterprise on the web, Apple's DeviceCheck/App Attest on iOS, and Google Play Integrity on Android. Google reCAPTCHA Enterprise is a distinct bot-detection data flow to Google, as noted above.
- Server-side database rules that deny all direct client access — our backend data can only be written by our own server-side code, never directly by a client.
- Log redaction on the backend, so identifiers such as email addresses and account IDs are stripped from logs.
- No backend persistence of receipts — receipt images and extracted data are never written to our servers.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Your rights
Under POPIA
You have the right to:
- Be told what personal information of yours we hold and to access it;
- Request that we correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained;
- Object, on reasonable grounds, to our processing of your personal information; and
- Lodge a complaint with the Information Regulator (details below).
Under the GDPR (for users in the EU/EEA)
You have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing. Where we rely on your consent (the waitlist), you have the right to withdraw it at any time — withdrawal is as easy as giving it, and does not affect processing carried out before you withdrew. You also have the right to lodge a complaint with a supervisory authority in your country.
For users in California (CCPA/CPRA)
We provide the following without asserting whether any particular threshold under California law applies to us. The categories of personal information we may collect (identifiers such as an email address; internet/network activity such as an IP address used for rate limiting and bot-detection signals; and, on your own device, the financial information on your receipts) are described above, along with the sources, the business purposes for collecting them, and the third parties to whom we disclose them. If you are a California consumer, you have the right to know, delete, and correct your personal information, to opt out of the sale or sharing of your personal information, and not to be discriminated against for exercising your rights. We do not sell or share your personal information. Our disclosure of your waitlist email to Google's beta-testing tool is a service-provider disclosure, not a sale.
How to exercise your rights
To make any of these requests, email us at privacy@receiptally.app. We handle rights requests by email; there is no third-party portal. We will respond within the time required by applicable law.
For data that lives only on your device or in your browser — your receipts and the extracted data — you are in control: you can delete individual items where the app or demo allows, clear your browser storage, or uninstall the app (or clear its data) to remove it. We cannot delete on-device data for you, because we never have it.
Your choices
- Waitlist: you can ask us to remove your email from the waitlist (and the beta-testing programme) at any time by emailing privacy@receiptally.app.
- Analytics and crash reporting (apps): off by default; you can turn them on or off at any time in the app's settings.
- Browser/device data: clear your browser storage, delete individual receipts where available, or uninstall the app to remove on-device data.
Complaints to the Information Regulator (South Africa)
If you believe we have not handled your personal information lawfully, you have the right to complain to the Information Regulator (South Africa):
- Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191
- Telephone: 010 023 5200
- Toll-free: 0800 017 160
- POPIA complaints email: POPIAComplaints@inforegulator.org.za
- PAIA complaints email: PAIAComplaints@inforegulator.org.za
- Online submission: eservices.inforegulator.org.za
- Website: https://www.inforegulator.org.za/contact-us
Complaints are made on the Regulator's POPIA/PAIA Form 5, submitted via the email channels above.
Changes to this policy
We may update this Privacy Policy from time to time — for example, when Receiptally's apps launch or when we add new features. When we make material changes, we will update the effective date above and, where appropriate, let you know. Please check this page periodically for the latest version.
Governing law
This Privacy Policy is governed by the laws of the Republic of South Africa. You agree to the non-exclusive jurisdiction of the South African courts in connection with it.
Contact us
- Privacy, data, and rights requests: privacy@receiptally.app
- General enquiries: hello@receiptally.app
- Postal: Whispa (Pty) Ltd, 20C Corsair Road, Milnerton, Cape Town, 7441
Our PAIA manual explains how to request access to the records we hold.