NEW: Auto-import receipts from your email inbox β†’

Data Security & Privacy

Your financial data deserves serious protection. Here's exactly how we handle it.

Last updated: March 30, 2026

Where Is My Data Stored?

All services apart from the OpenAI API are located in the EU to make SparkReceipt GDPR compliant as effortlessly as possible. OpenAI is also GDPR and CCPA compliant as of late 2023.

Application servers β€” Heroku Common Runtime interfaces user applications with backend services. The main application database resides in this region with access secured through long, random, auto-rotating passwords managed by Heroku.

File storage β€” Data is processed within Heroku servers but stored in AWS. The primary repository is in Stockholm, Sweden with mirrored backup in Frankfurt.

Email relay (Brevo) β€” Functions as SMTP relay for all app email communications. Logs retained for 30 days and may contain data traces. Located in Paris, France.

OpenAI β€” Servers located in the United States. Data processing agreement signed with Enterprise Privacy terms:

  • Your data is NOT used to train current or future models
  • Data deleted after 30-day retention period
  • Users own both input and output

How Is My Data Protected?

Your data is encrypted with a strong cipher in both transit and at rest.

Data access at different levels:

  • Database level β€” Admin access to Heroku restricted with strong password and multi-factor authentication
  • File system level β€” AWS admin access restricted; AWS accessed only from application servers
  • Admin tooling level β€” Limited visibility for customer support and monitoring. Access restricted with brute-force rate-limiting, strong password, and multi-factor authentication
  • No outside entities have access to these levels

Can I Delete My Documents & Data?

Yes. Account auto-deletion removes all personal data from the live system. Data may persist up to 30 days in logs, database backups, and file system backups for disaster recovery only.

We Do Not Sell Your Data

We monetize SparkReceipt through paid subscriptions, nothing more. Our business model is simple: users who love the product upgrade to a paid plan for more monthly documents and power features.

We do not sell, share, or monetize your receipt, invoice, or financial data in any way. Ever.

Is OpenAI Safe to Use?

The OpenAI API differs from the ChatGPT application. We have signed a Data Processing Agreement with Enterprise Privacy terms:

  • Your data is NOT used for model training
  • Data is deleted after a 30-day retention period
  • Users own both input and output