ShutterVault

Privacy Policy

Last updated: March 15, 2026

ShutterVault (“we,” “us,” or “our”) is a household receipt and document intelligence application. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and services (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

What We Collect

We collect the following categories of personal data:

Account Information

Name, email address, and password when you create an account. If you sign up via Google OAuth, we receive your name and email from Google.

Household Data

Household name and membership information. ShutterVault is designed for household use — members you invite can access shared receipts and documents.

Documents & Receipts

Photos of receipts, invoices, and warranty documents you scan or forward via email. We extract merchant names, dates, amounts, line items, and warranty details automatically from your uploads.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number. We receive your Stripe customer ID and subscription status.

Usage Data

Scan counts, chat queries, and feature usage for quota enforcement and service improvement. We also log API costs internally for operational monitoring.

Device & Analytics Data

If you accept cookies, we collect anonymized analytics data (page views, referral source, device type) via a third-party analytics service. This data is collected only on public marketing pages — never within the authenticated application. We do not use analytics cookies without your explicit consent.

Email Import Data

If you use the email forwarding feature, we receive the email content, attachments, and sender information. Emails are processed securely and unsafe content is removed before storage.

How We Use Your Data

  • Providing the Service: Scanning receipts, extracting data, tracking warranties, delivering notifications, and enabling household sharing. Receipt processing uses third-party services for text recognition and data extraction. We do not use your data to train AI models.
  • Billing: Processing payments, managing subscriptions, and enforcing plan limits via Stripe.
  • Notifications: Sending warranty expiry and return deadline alerts via a third-party email delivery service.
  • Cloud Backups: If enabled, syncing your receipt images to your connected cloud storage account. Connection credentials are encrypted at rest.
  • Analytics: Understanding how visitors interact with our public pages to improve the experience. Analytics are never used within the authenticated app.
  • Security & Compliance: Detecting abuse, enforcing terms of service, and responding to legal requests.

How We Protect Your Data

  • Your data is isolated to your household — other users cannot access it.
  • All data is encrypted in transit and at rest.
  • Passwords are securely hashed and never stored in plain text.
  • We do not sell your personal data to third parties or share it with advertisers.
  • Third-party services we use (such as payment processors and AI providers) receive only the minimum data required to perform their function.
  • We do not use your data to train AI models.

Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core functionality. These cannot be declined.
  • Analytics Cookies: Used only on public marketing pages after you explicitly accept via our cookie consent banner. If you decline, no analytics cookies are set and no analytics data is collected.
  • Preference Cookies: Theme preference (light/dark mode) and billing interval selection. Stored in your browser only.

You can change your cookie preference at any time by clearing your browser’s local storage, which will re-display the consent banner on your next visit.

Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (documents, receipts, warranties, chat history, and household information) is permanently deleted. Soft-deleted documents (moved to trash within the app) can be recovered until permanently purged.

Anonymized usage logs for cost monitoring may be retained for up to 12 months after account deletion for operational purposes.

Children’s Privacy

ShutterVault is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your account and all associated data.
  • Export your data in a portable format.
  • Withdraw consent for analytics cookies at any time.
  • Object to processing of your data for certain purposes.

To exercise any of these rights, please contact us at the address below.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

privacy@shuttervault.app