Legal

Privacy Policy

Last updated: April 7, 2026.

Effective date: April 02, 2026
Operator: CanDev Agency Inc. (“we,” “us,” or “our”)

This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Receni mobile application and related services (the “Service”). It should be read together with our Terms & Conditions. By using the Service, you acknowledge the practices described here.

Summary

Scope & what this policy covers

This policy applies to personal information we process in connection with the Service. It does not govern third-party sites or services that we link to or that you use with the Service (for example, app stores, social login providers, or your bank); those providers have their own policies.

Personal information we collect

Depending on how you use the Service, we may collect:

  • Account & profile: name, email address, password hash (if you register with email/password), profile details you choose to provide, authentication identifiers, and security settings (such as two-factor status where enabled).
  • Receipt & expense data: images you capture or upload, extracted or entered fields (merchant, amounts, tax, dates, categories, notes, payment method labels, and similar), duplicate-detection or integrity signals we derive, and related metadata (timestamps, device or app version where logged).
  • Usage & diagnostics: feature usage, API interactions, subscription tier, quota consumption, crash or error reports, and performance logs. We may use Firebase or similar platforms for push delivery and, where enabled, analytics or crash reporting.
  • Device & technical data: device type, operating system, app version, language, IP address, push notification tokens, and cookies or similar technologies on web properties we operate for Receni.
  • Payment-related data: subscriptions and purchases are typically processed by app stores or payment partners (for example, Apple, Google, Stripe, RevenueCat). We receive limited transactional or entitlement information (such as subscription status, product identifiers, and event timestamps), not your full card number.
  • Communications: messages you send us (support requests), and email delivery or engagement metadata when we send service or marketing messages.
  • Marketing preferences: whether you opted in to marketing communications at signup or in settings, and related timestamps.
  • Social sign-in: if you use Google, Apple, Facebook, or similar, we receive information from that provider as permitted by your settings (for example, name, email, and provider subject identifier).
How we use personal information

We use personal information to:

  • Provide, operate, maintain, and improve the Service (including AI-assisted extraction, storage, search, dashboards, budgets, notifications, and account management).
  • Authenticate users, prevent fraud and abuse, enforce our Terms, and protect security.
  • Process subscriptions, entitlements, usage limits, and billing events through our payment and subscription partners.
  • Communicate with you about the Service, security, and (where permitted) marketing.
  • Comply with legal obligations and respond to lawful requests.
  • Analyze usage in aggregated or de-identified form to understand product performance.
  • Provide data export, import, or portability features where available in the Service.

Automated decision-making: We do not make solely automated decisions that produce legal or similarly significant effects about you as defined under GDPR without a lawful basis and any disclosures required by law.

AI processing (OpenAI & similar)

To interpret receipt images and generate structured fields, we may send images or derived representations and minimal context to AI vendors (for example, OpenAI). Outputs are used to present suggested fields for your review. We do not permit our AI vendors to use your content to train their general models for their own products where we can contractually prohibit that; vendor practices may still be described in their policies.

Subprocessors & service providers

We use vendors who process personal information on our behalf or receive it as part of integrated services. This list is representative and may change; we will update this policy or an online page for material changes where appropriate.

Category Examples / providers Typical purpose
Cloud infrastructure & storage Microsoft Azure (including Blob storage), hosting providers Host application, store receipt images and backups
Database Microsoft SQL Server / managed database services Store accounts, receipts, usage, preferences
AI / machine learning OpenAI Receipt understanding and structured extraction
Subscriptions & payments RevenueCat, Stripe, Apple App Store, Google Play Entitlements, purchases, billing events
Email SendGrid or similar Transactional and, if applicable, marketing email
Push notifications & device services Google Firebase (FCM), Apple Push Notification service Deliver notifications; may include analytics/crash tools if enabled
Authentication Google, Apple, Facebook sign-in Social login and identity verification
Legal bases (EEA, UK & similar)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases:

  • Contract: processing necessary to provide the Service you request.
  • Legitimate interests: securing the Service, improving features, fraud prevention, and internal analytics, balanced against your rights.
  • Consent: where required (for example, certain marketing cookies or non-essential communications).
  • Legal obligation: compliance with law, regulatory requests, and tax or accounting obligations.

You may withdraw consent where processing is consent-based, without affecting prior processing’s lawfulness.

Disclosure of information

We may disclose personal information:

  • To service providers and subprocessors under written terms requiring appropriate protection.
  • To professional advisers (lawyers, auditors) under confidentiality obligations.
  • In connection with a merger, financing, or sale of assets, subject to safeguards.
  • To comply with law, regulation, legal process, or governmental requests, or to protect rights, safety, and security.
  • With your direction or consent.

We do not sell personal information in the traditional sense of selling lists for money. We may use or disclose aggregated or de-identified information that cannot reasonably identify you.

International transfers

We are primarily located in Ontario, Canada, but vendors may process data in Canada, the United States, the European Union, the United Kingdom, and other countries. Where required, we implement appropriate safeguards (such as standard contractual clauses or comparable mechanisms) for transfers from the EEA, UK, or Switzerland. By using the Service, you understand your information may be processed outside your country of residence.

Retention

We retain personal information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Receipt images and structured data are kept until you delete them (where the Service allows) or delete your account, subject to backup and logging retention for a limited period. Usage logs and security records may be retained longer where justified by security or legal needs. Marketing consents and suppression lists may be retained to honor opt-outs.

Security

We implement technical and organizational measures designed to protect personal information (including encryption in transit, access controls, and vendor diligence). No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Your rights (Canada — PIPEDA)

Subject to applicable law, Canadian users may request access to their personal information we hold and ask for correction where inaccurate. You may also raise concerns with us at support@candev.agency. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner where applicable.

Your rights (EEA & UK)

If GDPR or UK GDPR applies, you may have the right to access, rectify, erase, restrict, or object to certain processing, and to data portability where technically feasible. You may lodge a complaint with your local supervisory authority. To exercise rights, contact support@candev.agency. We may verify your identity before responding.

United States — state privacy notices

Residents of certain US states (including California, Colorado, Virginia, and others with comprehensive privacy laws) may have additional rights, such as to know, access, delete, correct, or opt out of certain processing (including, where applicable, “sale,” “sharing,” or targeted advertising as defined by those laws). We do not discriminate against you for exercising rights. To submit a request, contact support@candev.agency. We may need to verify your identity. You may use an authorized agent where permitted by law.

California “Shine the Light”: California residents may request certain information about disclosure of personal information to third parties for direct marketing; submit requests to support@candev.agency.

Marketing communications

We send transactional and service-related messages as needed. If you opt in to marketing, we may send promotional communications. You can opt out of marketing via the unsubscribe link in emails or in-app settings where available. Opting out does not affect non-promotional notices (for example, billing or security alerts).

Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact support@candev.agency and we will take appropriate steps to delete it.

Cookies & similar technologies (web)

If we operate web pages for Receni, we may use cookies and similar technologies for essential operation, preferences, analytics, or advertising where permitted. You can control cookies through browser settings and any consent banner we provide.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where appropriate, provide additional notice. Continued use after the effective date constitutes acknowledgment of the update, subject to legal requirements.

Contact

CanDev Agency Inc.
Toronto, ON, Canada
Email: support@candev.agency

Back to home