TracklifiedPrivacyTerms

Effective April 4, 2026

Privacy Policy

This Privacy Policy explains what Tracklified collects, how receipt and integration data is used, and how you can disconnect Google integrations or request deletion of your data.

Information We Collect

  • Account information from your login provider, such as your email address and profile name.
  • Receipt files, receipt images, extracted merchant/date/total/item fields, labels, sync status, and duplicate-group metadata.
  • Integration credentials and sync metadata, including Google OAuth access and refresh tokens, token expiry timestamps, and last-sync state.
  • Operational logs, notification records, and security telemetry — including IP addresses, browser user-agent strings, and page URLs — used to operate, rate-limit, and protect the service.
  • If you enable receipt scanning in the mobile app, Tracklified periodically checks your device photo library for new images and runs on-device text recognition to detect receipts. Detected receipts are always presented for your review and approval before being uploaded to your account.
  • If you install the browser extension, it automatically reads transaction details — merchant names, amounts, and dates — from supported banking and credit-card websites listed in the extension permissions to match them against your stored receipts. You can also request a scan on any page you are viewing. Transaction data is processed in memory and not persisted on Tracklified servers. The extension stores your login session in your browser's local storage to communicate with your Tracklified account.
  • The browser extension can also extract receipt emails from Gmail when you explicitly choose to save an email as a receipt. This reads the email subject, sender, date, and body content from the page you are viewing.
  • If you choose to report a site for improved support via the browser extension, an anonymized snapshot of the page structure is sent to Tracklified. All personal information — amounts, dates, and other text — is replaced with placeholders before transmission.

Google API Data

If you connect Gmail, Google Drive, or Google Photos, Tracklified requests only the read-only scopes below and uses the resulting data to import receipts into your account.

Gmail

Tracklified scans your mailbox for messages that look like receipts, reads message headers and bodies, and downloads receipt-like image or PDF attachments to create receipt records in your account.

https://www.googleapis.com/auth/gmail.readonly

Google Drive

Tracklified lists Drive file metadata for images and PDFs, lets you select receipt files, and downloads only the files you choose to import.

https://www.googleapis.com/auth/drive.readonlyhttps://www.googleapis.com/auth/drive.metadata.readonly

Google Photos

Tracklified creates a Photos Picker session, receives the media items you select, and downloads them for receipt extraction.

https://www.googleapis.com/auth/photospicker.mediaitems.readonly

Google Limited Use

Tracklified's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How We Use Your Data

  • To authenticate your account and keep your session active.
  • To import receipt images, PDFs, and receipt emails from the integrations you connect.
  • To extract structured fields such as merchant name, date, totals, line items, and category labels.
  • To detect duplicates, generate export files, and show sync/upload notifications.
  • To match bank and credit-card transactions against your receipts via the browser extension.
  • To detect and upload receipts from your device photo library when background scanning is enabled in the mobile app.
  • To provide customer support and troubleshoot account, sync, billing, and receipt-processing issues you report.
  • To secure the service, prevent abuse, debug errors, and comply with legal obligations.

Automatic and Background Processing

  • When Gmail is connected, Tracklified automatically checks for new receipt-like emails when you open the dashboard (throttled to once every 30 minutes). A server-side process also handles emails forwarded to your dedicated Tracklified address on a recurring schedule.
  • If you enable receipt scanning in the mobile app, a background task runs periodically to check for new photos. Text recognition runs entirely on your device. Detected receipts are presented for your review and approval before being uploaded. You can disable scanning at any time in the app settings.
  • The browser extension automatically reads transaction pages on supported banking and credit-card websites to match charges against your receipts. Transaction data is sent to Tracklified for matching but is not stored beyond the request. The extension automatically activates on sites listed in its permissions and can scan other pages at your request.

Sharing and Subprocessors

  • We do not sell your personal information or Google user data.
  • We do not use Google user data to serve ads.
  • We do not use Google user data to train generalized or non-user-specific AI/ML models.
  • We only transfer Google user data to service providers as needed to provide user-facing Tracklified features, comply with law, or protect the service.
  • Human access to Google user data is restricted to cases where you explicitly ask for support, where access is required for security/abuse investigation, or where required by law.

AI processing providers

Receipt extraction, receipt email parsing, and receipt-email classification.

Cloud hosting and storage providers

Storage and delivery of receipt files, generated image variants, application data, and operational infrastructure.

Authentication providers

User authentication and account session management.

Payment processors

Subscription billing and payment processing.

On-device ML frameworks

The mobile app uses on-device text recognition (Google ML Kit) for initial receipt detection and classification. This screening step happens entirely on your device. Once you approve a receipt for upload, it is processed server-side using AI services listed above.

Security and Retention

Google OAuth tokens are stored with your integration record and encrypted at rest. Receipt files are stored with our cloud storage provider, and receipt metadata is stored in Tracklified's application database. We retain this information while your account is active or as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.

Access to customer data is limited to authorized personnel and only when reasonably necessary to provide support, maintain and secure the service, investigate abuse or incidents, comply with law, or with your consent.

Your Choices and Deletion

  • You can disconnect Gmail, Drive, or Photos from the Integrations page; this revokes your Google tokens and stops future syncs. You can also revoke access directly from your Google Account security settings.
  • You can delete receipts from your dashboard; associated stored receipt images are deleted from cloud storage as part of that flow.
  • You can disable background photo scanning at any time in the mobile app settings.
  • You can uninstall or disable the browser extension to stop transaction matching on banking sites.
  • You can delete your entire account from the Settings page. This permanently removes all receipts, images, integrations, and your user record. You can also request deletion by emailing privacy@tracklified.com.

Children's Privacy

Tracklified is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@tracklified.com.

Contact

Questions or deletion requests: privacy@tracklified.com