Overview
teamofai ("we", "us", or "our") is a receipt management platform that helps users organize receipts and invoices from their Gmail inbox. This privacy policy explains how we collect, use, store, and protect your data when you use our Service.
1. Data Accessed
What Gmail Data We Access:
When you connect your Gmail account, we request read-only access through the gmail.readonly scope. Specifically, we access:
- Email messages: We scan emails that match receipt-related keywords (invoice, receipt, order confirmation, purchase, payment)
- Email metadata: Subject lines, sender information, date/time stamps
- Email attachments: PDF files that may contain receipt or invoice information
- Search results: Results from Gmail searches for receipt-related content
What We Do NOT Access:
- We do NOT read personal emails unrelated to receipts or business transactions
- We do NOT modify, delete, or send emails from your account
- We do NOT access emails outside of receipt-related searches
2. Data Usage
How We Use Your Gmail Data:
- Receipt Detection: We use AI to identify emails containing receipts, invoices, and purchase confirmations
- Data Extraction: We extract key information including vendor name, amount, date, and category from receipts
- Organization: We organize extracted receipt data in your dashboard for easy viewing and management
- Search & Query: We enable you to search and query your receipt data using natural language
- Export: We allow you to export your receipt data to CSV format or accounting software
Purpose Limitation:
We use your Gmail data solely for receipt management purposes. We do not use your Gmail data for advertising, marketing to third parties, or any purpose unrelated to providing our receipt organization service.
3. Data Sharing
We Do NOT Share Your Data:
Your Gmail data and extracted receipt information is never sold, rented, or shared with third parties for advertising or marketing purposes.
Limited Sharing for Service Operation:
- AI Processing: We use OpenAI's API to process receipt data. Data sent to OpenAI is used only for processing your request and is not used for training their models
- Cloud Infrastructure: We use Supabase (PostgreSQL) for secure data storage and Vercel/Railway for hosting. These providers have strict data protection agreements
- Legal Requirements: We may disclose data if required by law, court order, or government regulation
Your Export Control:
When you choose to export your receipt data to external accounting software (e.g., QuickBooks), you control what data is shared and when.
4. Data Storage & Protection
How We Secure Your Data:
- Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
- Encryption at Rest: Your data is encrypted in our Supabase database using industry-standard encryption (AES-256)
- OAuth Token Security: Gmail access tokens are stored encrypted and never exposed in your browser. Tokens are automatically refreshed securely
- Access Controls: Only you can access your data through secure authentication. Our team cannot view your Gmail messages or receipt data
- Row-Level Security: Database policies ensure users can only access their own data
- Regular Security Updates: We maintain up-to-date dependencies and security patches
Note: While we implement industry-standard security measures, no system is 100% secure. You are responsible for maintaining the security of your Google account credentials.
5. Data Retention & Deletion
How Long We Keep Your Data:
- Receipt Data: We retain your extracted receipt data for as long as your account is active
- Gmail Access: We only access your Gmail when you explicitly trigger a scan or when scheduled scans run (if enabled)
- OAuth Tokens: Gmail access tokens are stored until you disconnect Gmail or delete your account
Your Right to Delete Data:
You have complete control over your data and can:
- Delete Individual Receipts: Remove specific receipts from your dashboard at any time
- Disconnect Gmail: Revoke our access to Gmail, which stops all future scans and email access
- Delete Your Account: Permanently delete your entire account and all associated data
- Revoke via Google: You can revoke access directly from your Google Account settings at myaccount.google.com/permissions
Data Deletion Timeline: When you delete your account or disconnect Gmail, all your data is permanently deleted from our systems within 30 days. Backups are purged within 90 days.
6. Children's Privacy
Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.
7. Compliance with Google API Services
teamofai's use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, we:
- Only request the minimum Gmail API scope necessary (gmail.readonly)
- Use Gmail data only for providing receipt management features
- Do not use Gmail data for serving advertisements
- Do not allow humans to read your Gmail data unless necessary for security, compliance, or with your explicit consent
- Do not transfer Gmail data to third parties except as necessary for service operation
8. International Users
If you are accessing our Service from outside the United States, please be aware that your data may be transferred to and stored on servers in the United States. By using our Service, you consent to this transfer.
9. Changes to Privacy Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or through a notice on our Service. Your continued use after changes constitutes acceptance of the updated policy.
Your Rights Summary
- You can view what data we have about you
- You can delete individual receipts or all your data
- You can disconnect Gmail access at any time
- You can export your receipt data
- You can request account deletion
- You can revoke permissions via Google Account settings