Privacy Policy

Plain English. No lawyer-speak. Last updated June 2026.

The short version

We never store your raw bank statement. We read it once, extract the subscription list, and throw the original away. We don't sell your data. We don't share it with advertisers. If you don't sign up for monitoring, we don't even keep your email.

What we process

When you paste or upload a statement

  • We send the text/image to Claude (Anthropic) to identify transactions
  • We strip anything that looks like an SSN or full account number before it leaves our servers
  • We keep only the structured subscription list (merchant name, amount, category)
  • The raw statement text or image is discarded immediately after processing

What we actually store (in our database)

  • A structured list: merchant names, amounts, subscription categories, and verdicts
  • Your payment confirmation (we record that you paid, not your card details — Stripe handles that)
  • If you sign up for monitoring: your email address and the subscription list
  • Nothing else

Where AI runs

All AI processing happens server-side through Anthropic's API. Your statement data is never processed in your browser and never exposed client-side. Anthropic may retain API inputs for up to 30 days per their data retention policy — we use their zero-data-retention API tier where available.

Monitoring subscribers

If you subscribe to $3/month monitoring, we store your email and a structured list of your known subscriptions. We use this to alert you when new charges appear. The subscription list is encrypted at rest. You can cancel and request deletion at any time by emailing us.

Third parties

AnthropicProcesses statement text to identify subscriptions. Subject to Anthropic's privacy policy.
StripeHandles payment processing. We never see or store your card details.
SupabaseDatabase hosting. Data stored in the US. SOC 2 compliant.
VercelHosting and CDN. Standard web traffic logs.

Your rights

Email support@receiptroast.app to:

  • Request deletion of any data we hold about you
  • Ask what data we have stored
  • Request a refund
  • Cancel your monitoring subscription

We respond within 48 hours. We're reasonable humans, not a faceless data company.

Cookies

We use one session cookie to remember your roast session between page loads. No tracking cookies. No ad pixels. No analytics beyond standard server logs.

Roast my subscriptions →