Last updated · 24 May 2026

Privacy Policy

CasaTally is built on trust. You upload receipts, invoices, and personal financial detail. This page explains what we collect, why, and how you can control it. Plain English, no dark patterns.

The short version

• We collect only what we need to run the app.
• We never sell your data to anyone.
• We never show ads.
• You can export and delete everything at any time.

1. Who's responsible

The data controller is the individual or entity publishing CasaTally on the App Store and Google Play. Contact: privacy@casatally.com.

2. What we collect

Account information, via our auth provider Clerk:

• Email address
• Display name (whatever you choose)
• Authentication identifiers (Apple, Google, or email + password)

Project data you create in the app:

• Project names, budgets, dates, notes
• Expenses (supplier, amount, category, status, dates)
• Categories and supplier mappings
• Documents you upload (receipts, invoices, quotes, photos)

Subscription state, via our billing provider RevenueCat:

• Which plan you're on (Free, Pro, Lifetime)
• Subscription expiry date, store of purchase (App Store / Play Store)
• Webhook events for renewals, cancellations, refunds

Diagnostic logs:

• Anonymous error reports and API request logs we use to debug the service. We don't include receipt contents or project data in these logs.

3. What we don't collect

• We don't read your messages, contacts, location, or microphone.
• We don't track you across other apps or websites.
• We don't run advertising trackers, analytics that profile you, or third-party SDKs that fingerprint your device.

4. Why we use it

• To provide the service — store your projects and documents, sync between your devices, calculate budgets.
• AI extraction — when you upload a receipt or invoice, we send the document image to OpenAI to extract structured data (supplier, total, tax, line items). OpenAI does not use this data to train models. See OpenAI's enterprise privacy.
• Subscription management — to know which features you have access to.
• Support — to answer questions when you contact us.
• Service improvements — anonymous error logs help us find and fix bugs.

5. Who we share it with

We use these processors to run the service. Each is bound by contract to handle your data only on our behalf:

• Clerk — authentication. Clerk privacy.
• RevenueCat — subscription billing. RevenueCat privacy.
• OpenAI — AI receipt extraction. Documents sent for extraction are not used for model training. OpenAI privacy.
• Microsoft Azure — hosting (backend API, database, file storage). Microsoft Trust Center.
• Apple and Google — your subscription is purchased and billed via the App Store / Play Store. They have their own privacy policies that apply to the purchase itself.

We never sell your data. We don't share it with anyone outside the processors above except when required by law (e.g. a court order).

6. Where your data lives

Your data is stored on Microsoft Azure servers. We default to data centres in the European Union for EU customers and the United States for everyone else. Some sub-processors (e.g. OpenAI) may process data in the United States.

7. How long we keep it

• Account and project data: as long as you have an account.
• Deleted projects: removed permanently within 30 days of deletion.
• Deleted account: all your data is removed permanently within 30 days. Backups are purged within 90 days.
• Diagnostic logs: 30 days.
• Billing records: kept as long as required by tax law (typically 6–7 years).

8. Your rights

You have the right to:

• Access — see what data we hold about you
• Correct — change inaccurate data (you can do most of this yourself in the app)
• Delete — remove your account and all associated data
• Port — export your data in a machine-readable format
• Object — ask us to stop processing your data

To exercise any of these rights, email privacy@casatally.com. We will respond within 30 days. If you are in the EU/UK you also have the right to complain to your local data protection authority.

9. Children

CasaTally is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have, please contact us and we will delete it.

10. Security

We use industry-standard security practices: encrypted transport (TLS), encrypted-at-rest storage, scoped API tokens, and least-privilege access. No system is perfectly secure; if a breach affects you we will notify you within 72 hours of becoming aware.

11. Changes to this policy

We may update this policy. The date at the top of the page tells you when we last did. For material changes we will notify you in the app or by email.

12. Contact

Privacy questions: privacy@casatally.com.
General support: support@casatally.com.