Back to home

Your privacy is not negotiable

We built receiptbot with privacy as the foundation, not an afterthought. Here's exactly how we handle your data.

What we access

  • Email metadata (sender, subject, date) to identify receipts from known vendors
  • Attachment content only for emails matching known receipt senders (Apple, Spotify, etc.)
  • That's it. Nothing else. Ever.

What we NEVER do

  • Read your personal emails
  • Store your email content on our servers
  • Sell or share any data with third parties
  • Access your contacts, drafts, or sent mail
  • Keep access after you disconnect your account

Technical details

Read-only OAuth

Gmail: gmail.readonly
Outlook: Mail.Read

Encrypted in transit

All connections use TLS 1.3 encryption. Your tokens are encrypted at rest.

Minimal data storage

We only store receipt metadata (vendor, amount, date). PDFs are cached temporarily.

EU data residency

All data is stored in EU data centers, compliant with GDPR requirements.

You're always in control

Disconnect anytime

Revoke access with one click. We immediately lose all access to your email.

Delete your data

Request complete data deletion at any time. We'll remove everything within 24 hours.

About that Google warning...

You'll see a scary "unverified app" screen when connecting Gmail. Here's why:

Google charges $5,000+/year to verify apps. We're a bootstrapped tool built by one person trying to solve their own receipt headache. We can't afford verification yet — but we're working toward it as we grow.

Read-only access
Can never modify your inbox
No storage
Emails processed in real-time
Open playbook
See exactly what we access

To proceed: Click "Advanced" → "Go to receiptbot.io (unsafe)" → Review permissions → Allow

Questions about security? poyan@lifeinside.io

Get started securely