Privacy Policy
Last updated: 12 March 2026
Billfold ("we", "us", "our") is a mobile application for managing receipts and gift cards. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
In short: Your data stays in Australia (Sydney region). We don't sell your data. We don't share it with advertisers. You can delete your account and all data at any time from within the app.
1. Information We Collect
1.1 Account Information
- Email address — used for authentication and account recovery
- Password — stored as a salted hash (bcrypt); we never store or see your plaintext password
1.2 Receipt Data
- Receipt images you photograph or upload
- Extracted data: merchant name, date, amount, line items, category
- Tags and notes you add
1.3 Gift Card Data
- Merchant name, balance, expiry date, category, notes
- Card numbers and PINs — encrypted at rest using AES-256-GCM with per-user derived keys (see Section 4)
- Barcode values for display purposes
1.4 Automatically Collected Data
- Crash reports — collected via Sentry to diagnose app errors. Includes device model, OS version, and stack traces. No personal content (receipts, gift cards) is included in crash reports.
- Subscription status — managed by RevenueCat to verify your Pro subscription entitlement. RevenueCat receives your anonymous app user ID and purchase receipts from Apple/Google.
1.5 Information We Do NOT Collect
- Location data
- Contacts or address book
- Browsing history
- Advertising identifiers for ad targeting
- Biometric data
2. How We Use Your Information
| Purpose | Data Used | Legal Basis (APP) |
| Provide the service (store receipts, gift cards) | Account info, receipt data, gift card data | APP 3 — primary purpose of collection |
| OCR text extraction from receipt images | Receipt images | APP 3 — primary purpose |
| Diagnose and fix crashes | Crash reports (device info, stack traces) | APP 3 — maintaining service quality |
| Manage subscriptions | Anonymous user ID, purchase receipts | APP 3 — billing and entitlement |
| Send gift card expiry reminders | Gift card expiry dates | APP 3 — primary purpose |
We do not use your data for advertising, profiling, or selling to third parties.
3. Third-Party Services
| Service | Purpose | Data Shared | Location |
| Supabase | Database, authentication, file storage | All account and app data | Sydney, Australia (ap-southeast-2) |
| Sentry | Crash and error reporting | Device info, OS version, stack traces | United States |
| RevenueCat | Subscription management | Anonymous user ID, purchase receipts | United States |
| Google Cloud Vision | Cloud OCR (Pro feature, optional) | Receipt images (processed, not stored) | Google Cloud infrastructure |
| Apple / Google | In-app purchases | Purchase transactions | Per Apple/Google policies |
Where data is transferred outside Australia (Sentry, RevenueCat), these providers maintain security practices consistent with APP 8 (cross-border disclosure). We rely on their published data processing agreements and security certifications.
4. Data Security
- Encryption in transit: All communication uses HTTPS (TLS 1.2/1.3)
- Encryption at rest: Gift card numbers and PINs are encrypted using AES-256-GCM with HKDF-derived per-user keys. The encryption master key is stored in a secure server environment and never reaches client devices.
- Authentication tokens: Stored in the iOS Keychain / Android Keystore via Expo SecureStore
- Row-Level Security: Database policies ensure you can only access your own data
- Password storage: Bcrypt-hashed with salt; plaintext passwords are never stored
- Two-factor authentication: Optional TOTP-based 2FA available in Settings
5. Data Retention
- Your data is retained for as long as your account is active.
- Deleted receipts and gift cards are soft-deleted and permanently removed within 30 days.
- When you delete your account (Settings → Delete Account), all data — including database records, uploaded images, and encrypted fields — is permanently deleted within 24 hours.
6. Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access your personal information — all your data is visible in the app
- Correct inaccurate information — edit receipts, gift cards, and tags directly in the app
- Delete your data — delete individual items by swiping, or delete your entire account from Settings
- Export your data — Pro subscribers can export receipts and gift cards as PDF or CSV
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached
7. Children's Privacy
Billfold is not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.
9. Contact Us
If you have questions about this Privacy Policy, wish to make a privacy complaint, or want to exercise your rights under the Privacy Act, contact us at:
We will respond to privacy enquiries within 30 days as required by APP 1.