Introduction
In today’s digital age, receipt scanning apps have become essential tools for individuals and businesses aiming to streamline their expense tracking and financial management. However, with the convenience of these apps comes a critical question: Are receipt scanning apps safe? Concerns about data privacy, security breaches, and misuse of sensitive information are valid and worth addressing.
Common Concerns About Receipt Scanning Apps
Data Privacy
- Storage Location: One of the primary concerns users have is about where their data is stored. Users worry that their sensitive financial information could be stored in locations with weak data protection laws, potentially exposing their data to misuse or unauthorized access.
- Access Control: Users also want to know who has access to their data. They are concerned that employees or third parties might have unrestricted access to their financial documents, increasing the risk of data breaches or misuse.
Data Security
- Encryption: Users are often unsure if their data is encrypted during transfer and while at rest. Without proper encryption, data can be intercepted by cybercriminals during transmission or accessed if physical storage devices are compromised.
- Security Breaches: High-profile data breaches in recent years have heightened concerns about the security measures that companies have in place to protect user data. Users want reassurance that robust security protocols are in place to prevent unauthorized access.
Data Misuse
- Third-Party Use: There is a fear that data might be sold to third-party companies for marketing purposes or other uses beyond the user’s intent. This includes concerns about data being used to train AI models without user consent.
- Retention Policies: Users often worry about how long their data is retained and whether it can be permanently deleted upon request. They want assurance that their data won’t be kept indefinitely or used after they have stopped using the service.
Compliance with Regulations
- GDPR and CCPA Compliance: Users in regions governed by strict data protection laws, such as the European Union (GDPR) and California (CCPA), need to know if the apps they use comply with these regulations. Non-compliance can lead to legal issues and potential data mishandling.
- Transparency: Users expect transparency about how their data is collected, processed, and stored. They want clear and straightforward information on the app’s privacy policies and data handling practices.
User Control
- Data Ownership: Users are concerned about retaining ownership of their data. They want to ensure that they have control over their financial documents and can access, modify, or delete their data as needed.
- Ease of Deletion: The ability to easily delete their data from the service is crucial for users. They want assurance that their data will be completely removed from all systems, including backups, if they decide to stop using the app.
Our Commitment to Data Security
At SparkReceipt, we understand these concerns and take data security very seriously. To ensure GDPR compliance and data security, SparkReceipt’s services are strategically located within the EU, except for the OpenAI API, which is also GDPR and CCPA compliant.
Heroku Common Runtime: This refers to a set of virtual machines running in Heroku Common Runtime (EU), which are used as the main application servers. The application servers is the interface between the user applications (iOS, Android, web browser) and the rest of the services in the architecture. The main application database is also located in the same region, and access to it is secured with a long, random and auto-rotating password managed by Heroku.
File Storage: Your files are processed within the Heroku application servers, but they are stored in Amazon Web Services (AWS). More specifically, the main data repository is located in Stockholm, Sweden (EU), with a mirrored backup in an archival storage in an other EU region (Frankfurt).
Brevo: We use Brevo as the SMTP relay, meaning all email communication from within the app (such as intro emails, password reset emails and more) goes through Brevo. The logs are retained for 30 days and might contain relevant traces of your data for the while the logs are retained. Brevo’s data is located within Paris, France (EU).
OpenAI: The OpenAI servers are located within the United States. We have signed the DPA (Data Processing Addendum) and the data processing is under OpenAI’s Enterprise Privacy. In short, the main things this means is:
- Your data is NOT used to train current or future OpenAI models.
- Your data is deleted after a predetermined retention period, currently 30 days.
- The user owns both the input and output of the AI model.
Encryption
Your data is encrypted with a strong cipher in both transit and in rest. In transit means while communicating between SparkReceipt’s core services or with your user client, preventing man-in-the-middle attacks within the network. In rest meaning when data is stored to disk in a data center, preventing reading the data if physical access is gained to the data center hardware, or if an attacker manages to download and clone the storage.
Data Access at Different Levels
Data access programmatically is best described in the above section. This section delves more into human interaction with the data. There are several levels of access:
Database level: A person with admin access to Heroku Services is theoretically able to directly access the system database and read your data. Access to Heroku is restricted with a strong random password and multi-factor authentication.
File system level: A person with admin access to Amazon Web Services infrastructure is able to browse and decrypt the files present in the S3 service. This is never part of any process however. Instead, AWS is always accessed from within the application server. Access to AWS is restricted with a strong random password and multi-factor authentication.
Admin tooling level: We have admin tooling to help with customer support and general monitoring, with limited but still relatively large visibility into the system. These tools allow us to manage and fix your accounts, change emails, reset passwords, debug errors, and even access your documents if there is a problem with them, and you have explicitly requested that we look into the matter. This is very similar to most cloud services. Access to the admin tooling is also restricted with brute-force rate-limiting, a strong random password and multi-factor authentication.
No one outside SparkReceipt (Valorbyte LLC) currently have, or is planned to have access to any of these levels.
Can I Delete My Documents & Data from Your System?
The short answer is yes. Follow these instructions to perform an auto-deletion of your account. This removes all your personal and other data from the live system.