Privacy Policy

1. Data We Collect

We collect the following personal data when you use Slipless:

• Account data: Your name, email address, and password (hashed).
• Receipt data: Images of receipts you upload, and the extracted text, amounts, vendor names, dates, and categories.
• Security questions: Your chosen security questions and hashed answers (for password recovery).
• Payment data: Subscription status and Razorpay subscription ID. We do not store your card numbers, UPI IDs, or bank details — Razorpay handles all payment processing.
• Usage data: Pages visited, scan count, and anonymous analytics via Google Analytics.

2. Purpose of Data Collection

We use your data only to:

• Provide the Slipless receipt scanning and expense tracking service.
• Generate PDF, CSV, WhatsApp, and email exports of your receipts.
• Process your subscription payments via Razorpay.
• Send you account-related emails (confirmation, password reset).
• Improve our service through anonymous usage analytics.

We never sell, rent, or share your personal data with third parties for marketing purposes.

3. AI Processing

Receipt images are processed using:

• OCR.space API: For optical character recognition (text extraction from images).
• Groq AI (Llama 3.3): For parsing extracted text into structured data (vendor, items, amounts, GST).

Receipt images are sent to these services only for processing and are not stored by these third-party services after processing is complete. We do not use your data to train any AI models.

4. Data Storage & Security

• All data is stored securely in Supabase (hosted on AWS infrastructure).
• Receipt images are stored in private, encrypted storage buckets.
• Passwords are hashed using industry-standard algorithms.
• Security question answers are hashed using SHA-256.
• All data transmission is encrypted via HTTPS/TLS.
• Row-level security (RLS) ensures users can only access their own data.

5. Third-Party Services

We use the following third-party services:

6. Your Rights (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to:

• Access: View all personal data we hold about you.
• Correction: Update your name and profile information from Settings.
• Erasure: Permanently delete your account and all associated data from Settings → Danger Zone.
• Withdraw consent: You may stop using the service and delete your account at any time.
• Grievance redressal: Contact us at the email below for any data-related concerns.

Upon account deletion, all your data (profile, receipts, images, security questions) is permanently and irreversibly deleted from our systems.

7. Data Retention

• Your data is retained as long as your account is active.
• If you delete your account, all data is permanently deleted immediately.
• We do not retain any data after account deletion.
• Payment transaction records may be retained by Razorpay as per their policies and applicable tax laws.

8. Cookies

Slipless uses only essential cookies for authentication (Supabase session cookies). We use Google Analytics which may set analytics cookies. We do not use any advertising or tracking cookies.

9. Children's Privacy

Slipless is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us for immediate deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of Slipless after changes constitutes acceptance of the updated policy.

11. Contact & Grievance Officer

For any privacy-related questions, data requests, or grievances: