Privacy Policy

Last Updated: June 14, 2025

This Privacy Policy describes how Nimbusblue LLC (“we,” “us,” or “our”) collects, uses, and shares information when you use our Xpenznet mobile application (“App”). We respect your privacy and are committed to protecting your personal data.

1. INFORMATION WE COLLECT

1.1 Personal Data: We collect the following personal information:

  • Email address and authentication information (when you create an account)
  • Device information for app functionality and technical support
  • Account preferences and settings

1.2 Expense and Receipt Data: The App collects and stores information about your expenses and receipts, including:

  • Receipt images and metadata
  • Purchase amounts, dates, and categories
  • Vendor/merchant information
  • Any notes or tags you add to expenses

Image Processing: When you capture receipt images, they are processed by Google Cloud Vision API (via Supabase) to extract text and transaction details. The processed text data is then stored locally on your device. Receipt images may be temporarily stored during processing but are not permanently retained by Google or our servers.

1.3 Usage Data: We collect information about how you use the App, including:

  • App features you access and use
  • Time spent on the App
  • Crash reports and performance data
  • Technical diagnostics for app improvement

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the App’s functionality
  • To create and maintain your user account
  • To authenticate your identity and secure your account
  • To sync your account settings across devices
  • To process receipt images and extract transaction data
  • To diagnose and fix technical issues
  • To analyze usage patterns and optimize user experience
  • To communicate with you about updates or changes to the App
  • To provide customer support

3. DATA STORAGE AND SECURITY

3.1 Local Storage: All of your extracted expense and receipt data is stored locally on your device. This data is subject to the security features of your device and operating system.

3.2 Authentication Data Storage: Your email address and authentication information are securely stored and processed by our third-party authentication provider (Supabase) using industry-standard encryption and security measures.

3.3 Receipt Image Processing: When you capture receipts, images are temporarily transmitted to Google Cloud Vision API via Supabase for text extraction and OCR processing. Images are processed in real-time and are not permanently stored by Google or our services. The extracted text data is returned to your device and stored locally.

3.4 Cloud Backup (Optional): If you enable device backup functionality, your expense data will be stored using your device’s backup solution (e.g., iCloud, Google Backup).

3.5 Data Retention: We retain your authentication data for as long as your account remains active. Usage data and crash reports are retained for up to 12 months to assist with troubleshooting and app improvement. Receipt images are not permanently retained by any third-party services. You may request deletion of your data at any time.

4. SHARING YOUR INFORMATION

We do not sell or rent your personal information to third parties. We share your information only in the following circumstances:

  • Service Providers: We share authentication data with Supabase for account management and app functionality. We share usage analytics with Expo for app performance monitoring. Receipt images are temporarily processed by Google Cloud Vision API via Supabase for text extraction – images are not permanently stored by these services.
  • Legal Requirements: When required by law or to respond to legal process
  • Safety and Security: To protect our rights, privacy, safety, or property
  • Business Transfers: In connection with a business transfer (e.g., merger or acquisition)

Important: Your processed expense and receipt data remains on your device. Receipt images are only temporarily transmitted for processing and are not permanently stored by third parties.

5. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request that we correct inaccurate or incomplete information.
  • Deletion: You can request that we delete your personal information.
  • Restriction: You can request that we restrict the processing of your data.
  • Portability: You can request a copy of your data in a structured, machine-readable format.
  • Withdrawal of consent: You can withdraw consent where processing is based on consent.

To exercise these rights, please contact us at privacy@xpenz.net

6. THIRD-PARTY SERVICES

We use the following third-party services that collect and process your personal information:

โ€ข Supabase (Authentication Service): We use Supabase to provide secure user authentication and account management. When you create an account, your email address and authentication credentials are securely stored and processed by Supabase. Supabase maintains security and privacy standards equivalent to our own and is committed to protecting your data in accordance with GDPR and other applicable privacy regulations.

โ€ข Expo EAS (App Platform): We use Expo’s services for app deployment, updates, and performance monitoring. Expo may collect usage analytics, crash reports, and technical diagnostics to help us improve app performance. No personal expense data or authentication information is shared with Expo beyond basic app usage metrics.

โ€ข Google Cloud Vision API (Image Processing): Receipt images you capture are temporarily processed by Google Cloud Vision API via Supabase to extract text and transaction details through Optical Character Recognition (OCR). Images are processed in real-time and are not permanently stored by Google. Only the extracted text data is retained locally on your device. Google maintains security and privacy standards equivalent to our own and complies with applicable privacy regulations.

Data Protection Assurance: All third-party service providers we work with are contractually obligated to provide the same or equal protection of user data as outlined in this privacy policy. They must comply with applicable privacy laws and maintain appropriate security measures.

You can review their privacy policies at:

  • Supabase: https://supabase.com/privacy
  • Expo: https://expo.dev/privacy
  • Google Cloud: https://cloud.google.com/privacy

7. CHILDREN’S PRIVACY

The App is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

8. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. You are advised to review this Privacy Policy periodically for any changes.

9. CONTACT US

If you have any questions about this Privacy Policy, please contact us at privacy@xpenz.net

ยฉ 2025 Nimbusblue LLC. All rights reserved.