Privacy Policy

Effective date: April 20, 2026 · Last updated: April 20, 2026

This policy explains how Zachary Lo (“we”, “us”) handles your information when you use the ReSnapt mobile app (the “App”). We try to keep this short and plain-language. If anything is unclear, email [email protected].

Summary

• We don’t track you across apps or websites.
• We don’t sell your data to anyone.
• Your expenses and receipt images are stored in your own account and are not used to train third-party models.
• You can delete your account and all associated data from Settings › Delete Account.

What we collect and why

The App collects the following information, all of which is tied to your account and used only to make the App work (“App Functionality”). None of it is used for advertising or tracking.

Account information

• Email address — so you can sign in, reset your password, and we can contact you about the service.
• User identifier — an opaque account ID generated by our authentication provider.

If you sign in with Apple or Google, we receive your email address (or a relay address, if you choose that option with Sign in with Apple) and a stable user identifier. We do not receive your Apple/Google password.

Content you create

• Receipt images you capture or import.
• Expenses, categories, and line items you save (merchant, date, total, per-item prices, notes, etc.).

This content is stored in your account so it can sync across your devices.

Technical information

We use standard iOS APIs (file timestamps, disk space, UserDefaults, system uptime) in the course of running the App. We do not combine that information with an advertising identifier.

How receipt scanning works

When you scan a receipt, the image is sent to our OCR service to extract the merchant, date, total, and line items. Processing happens in two tiers:

• On-device (when available): iOS Vision and Apple Intelligence Foundation Models run text recognition locally on your phone. Nothing is transmitted.
• Cloud fallback: if on-device OCR is unavailable or returns low-confidence results, the image is sent over TLS to our Cloudflare Worker, which forwards it to OpenRouter’s Qwen model for a single inference call. The image is not retained by our Worker or by OpenRouter after the response is returned, and it is not used to train any model.

Who processes your data

We use a small number of third-party processors to run the service. Each one is contractually limited to processing data on our behalf.

• Supabase, Inc. — hosts the App’s database (accounts, expenses, categories, line items) and object storage for receipt images. See their privacy policy.
• Cloudflare, Inc. — serves our OCR Worker and, if applicable, this website. See their privacy policy.
• OpenRouter, Inc. (which routes to the Qwen model) — performs receipt OCR when the cloud fallback is used. See their privacy policy.
• Apple Inc. — Sign in with Apple and in-app iOS services. See their privacy policy.
• Google LLC — only if you choose to sign in with Google. See their privacy policy.

What we don’t do

• We do not track you across other apps or websites. The App is not linked to any mobile advertising network.
• We do not sell, rent, or share your data with data brokers.
• We do not use your receipts, expenses, or images to train AI models.
• We do not knowingly collect information from children under 13.

Data retention and deletion

You can delete your account at any time from Settings › Delete Account inside the App. Doing so:

• Deletes your authentication record;
• Deletes all of your expenses, categories, and line items;
• Deletes all of your receipt images from object storage;
• Is irreversible.

If you would prefer we handle the deletion on your behalf, email [email protected] from the address on your account and we will process the request within 30 days.

Security

All network traffic is encrypted in transit (HTTPS / TLS). Your data at rest is protected by the security controls of our processors (Supabase uses row-level security so that users can only read and write their own rows). No system is perfectly secure; please use a strong, unique password and enable your device’s screen lock.

Your rights

Depending on where you live (for example, Hong Kong, the EU/EEA, UK, California), you may have the right to access, correct, export, or delete your personal data, or to object to certain processing. You can exercise most of these rights directly in the App (export via CSV/ZIP, delete from Settings). For anything else, email [email protected].

Hong Kong users (PDPO)

ReSnapt is operated from the Hong Kong Special Administrative Region and Zachary Lo is the “data user” for the purposes of the Personal Data (Privacy) Ordinance (Cap. 486) (the “PDPO”). We handle personal data in accordance with the six data protection principles of the PDPO.

Purpose. We collect and use your personal data only for the purposes described above under “What we collect and why” and “How receipt scanning works”. We do not use your personal data in direct marketing.

Data Access and Correction Requests. Under sections 18 and 22 of the PDPO you have the right to request a copy of the personal data we hold about you, and to request that we correct any inaccurate data. To make a request, email [email protected] from the address on your account. We will respond within 40 days. The PDPO permits us to charge a reasonable fee for complying with a data access request; where we do, we will tell you the amount before proceeding.

Retention. We keep your personal data for as long as your account is active and delete it when you use Settings › Delete Account (see “Data retention and deletion” above).

Complaints. If you believe we have mishandled your personal data you can contact us first at [email protected]. You also have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).

International transfers

Our processors are based outside Hong Kong, so by using the App you acknowledge that your personal data will be transferred to and stored in the United States or other countries where those processors operate (see “Who processes your data” above). All transfers are protected by contractual confidentiality and security obligations with each processor. Where additional safeguards are required by local law (for example, EU Standard Contractual Clauses), those safeguards are in place.

Changes to this policy

If we make material changes we will update the “Last updated” date above and, where appropriate, notify you inside the App. Continued use of the App after an update means you accept the revised policy.

Contact

Zachary Lo, Hong Kong
Email: [email protected]