PocketReceipt

Controller: PocketReceipt (United Kingdom)

Contact (privacy): hello@pocketreceipt.co.uk

ICO registration: PocketReceipt is registered with the Information Commissioner's Office (ICO). Registration reference: C1899958.

PocketReceipt is operated from the United Kingdom and complies with UK GDPR (the UK General Data Protection Regulation) and the Data Protection Act 2018.

2.1 Data you provide App

• Expense and receipt data: receipt photos/images (if you take or attach them), supplier/store name, date, amounts, VAT details, categories, and notes/business purpose.
• Mileage data: journey distance, purpose, vehicle, start/end addresses, and (for GPS-recorded trips) start/end coordinates plus the GPS polyline of the trip. Stored on your device. See Section 11 for details.
• Support: email address and message contents if you contact support.
• Payment method per receipt: card, cash, bank transfer, or other.
• Business type classification: sole trader, limited company, partnership, or LLP.
• VAT registration status and VAT number: if voluntarily provided by you.
• Capital item designation: whether an expense is capital expenditure or a revenue expense.
• Vehicle information: name, registration, fuel type (petrol, diesel, electric, hybrid), and mileage cost method (AMAP or actual vehicle costs).
• Receipt entry method indicator: whether the receipt was scanned via AI or entered manually.
• CIS payment data: if you are a construction worker using the CIS feature, contractor names, gross payment amounts, materials amounts, CIS deduction rates, net payments, and statement references.
• Onboarding situation data: employment status (also employed via PAYE), whether you receive cash payments, whether you use a mixed personal/business bank account, vehicle ownership status, and whether you started self-employment in the current tax year. This data is collected during onboarding and stored locally.
• Secure document transfer data: if you choose to send financial documents (such as bank statements, platform earnings reports, or phone bills) to your linked accountant, the document image, document type, month/year, and any notes you add.
• Accountant messages: if you are linked to an accountant, your accountant may send you messages through the Dashboard. These messages (including text, category, priority, and timestamps) are stored in your account and visible in your Messages screen. You can acknowledge messages from within the app.
• Accountant corrections: if you are linked to an accountant, your accountant may correct certain fields in your records (such as expense categories and mileage purposes). These corrections are stored temporarily and applied to your local data when you next refresh your records.

2.2 Data collected via the website Website

• Email address (lead capture): if you submit the email capture form on the PocketReceipt website, your email address and the page you submitted it from are stored in our database. This is used solely to send you the requested guide or information.
• Founding Partner application data: if you submit a Founding Partner application on our website, we collect your full name, business email address, firm name, firm size, and optional reason for joining. This data is stored in our database and used solely to evaluate your application and contact you about the Founding Partners programme.
• Analytics data (Google Analytics 4): our website uses Google Analytics 4 (GA4) to collect anonymised usage data including pages visited, scroll depth, button clicks, session duration, referral source, device type, browser, approximate location (city-level), and language. Google Analytics sets cookies on your device. Data is processed by Google LLC.
• Session recording data (Microsoft Clarity): our website uses Microsoft Clarity to record anonymised session replays and heatmaps including mouse movements, clicks, scrolls, and page interactions. Clarity may set cookies on your device. Form inputs are masked by default. Data is processed by Microsoft Corporation.

2.3 Data collected when app features are enabled App

• Diagnostics: limited technical data for reliability and security (e.g., crash reports), if enabled in your device/app settings.
• Authentication data: account identifiers (e.g., user ID) used to sign in and (if enabled) access cloud features. For accountants using the Accountant Dashboard, WebAuthn credential IDs are stored when a passkey is registered for login. Biometric data (fingerprint, face) is processed solely on your device by the operating system and is never transmitted to PocketReceipt servers.
• Scan usage data: number of AI receipt scans used per calendar month, for the purpose of enforcing plan limits. This data is stored locally and, if you use cloud features, synced to our servers.
• Accounting preferences: accounting basis (cash or accruals), business type, and VAT registration status, stored locally and synced to your linked accountant if applicable.
• Precise location (optional): if you enable mileage tracking with location permissions, location data is processed to calculate trip distance, recorded as a GPS polyline for the journey, and the start/end coordinates are sent to your device's platform geocoder to resolve a human-readable address. All resulting data is stored on your device. See Section 11.

2.4 Data collected via the Accountant Dashboard Dashboard

• Passkey credentials: if you register a WebAuthn passkey for Dashboard login, the credential ID and associated public key are stored in Firestore at accountants/{uid}/passkeys/{credId}. Recovery codes are stored as SHA-256 hashes. Biometric data never leaves your device.
• Audit log: every accountant action taken within the Dashboard is recorded, including: viewed client, edited receipt, sent message, marked quarter reviewed, requested document, and exported CSV. Each entry records the action type, affected client ID, detail, timestamp, and accountant email. Audit log entries are immutable — they cannot be edited or deleted by the accountant. Stored at accountants/{uid}/auditLog/{entryId}.
• AML Customer Due Diligence (CDD) records: where an accountant records client identity verification data in compliance with the Money Laundering Regulations 2017 (MLR 2017), the following data is stored: identity verification status, document type (Passport or Driving Licence), verification date, risk rating (Low, Standard, or High), PEP (Politically Exposed Person) check status, and source of funds declaration. Stored at accountants/{uid}/clientCompliance/{clientId}.
• Practice compliance information: ICO registration number, professional indemnity insurance details, and professional body membership, stored on the accountant's profile.

• Provide core record-keeping features (expenses, mileage, reports, exports).
• Provide optional AI receipt scanning (if you choose to use it).
• Provide optional cloud backup/restore (if enabled).
• Respond to support requests.
• Maintain security and reliability (diagnostics where applicable).
• Analyse website usage patterns to improve our website and marketing (Google Analytics 4, Microsoft Clarity).
• Send requested guides or information to email addresses submitted via the website lead capture form.
• Evaluate Founding Partner applications and contact applicants about the programme.

• Contract: to provide app functionality you request.
• Consent: for optional features such as AI scanning, cloud backup, and location-based mileage tracking.
• Legitimate interests: app security and diagnostics.
• Legitimate interests (audit logging): the Accountant Dashboard audit log is processed on the basis of legitimate interests under UK GDPR Article 6(1)(f), specifically: compliance with MLR 2017 record-keeping obligations and fraud prevention. The audit log is immutable to preserve the integrity of these records.
• Legal obligation (AML CDD): Customer Due Diligence data collected via the Dashboard is processed on the basis of a legal obligation under UK GDPR Article 6(1)(c), specifically the accountant's obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
• Consent (website analytics): Google Analytics 4 and Microsoft Clarity cookies are set only after you accept analytics cookies via the cookie consent banner on our website. If you reject cookies, these services are disabled.
• Consent (email capture): if you submit your email via the website form, processing is based on your explicit action of submitting the form.

5.1 Local storage (default) App

By default, your data is stored locally on your device. We do not access data that remains only on your device.

5.2 Cloud backup (optional) App Dashboard

• If you enable cloud backup, data may be stored using Google Firebase services (e.g., Authentication, Firestore, Storage).
• Data is protected using encryption in transit and at rest by the provider.
• Access is linked to your authenticated account.
• Cloud backup of records and receipt images is available to Essential/Professional subscribers and to clients linked to an accountant. Clients linked to an accountant have access to image backup while the link is active; however, this access ends if the accountant's subscription lapses, the link is revoked, or the user changes accountants. For long-term HMRC record-keeping (up to 6 years), users may purchase a personal Storage Pack add-on to ensure their receipt images are retained independently of any accountant relationship. If the subscription or add-on that provides image backup expires, backed-up receipt images are retained for a 30-day grace period before being permanently deleted from the server.
• If you link to an accountant and enable access, a summary of your expense and mileage data is stored in Google Firestore and is accessible to the linked accountant. Receipt images are stored in Google Firebase Storage and made accessible via time-limited secure URLs when access is enabled. Your accountant can view and download receipt images from the Dashboard.

5.4 AI receipt scanning (optional) App

• If you use AI scanning, receipt images are transmitted securely for extraction.
• We use a third-party AI provider to process the image and return extracted fields.
• You should review and confirm extracted results before saving.

5.5 Cookies and local storage (website) Website

The PocketReceipt website uses the following cookies and local storage:

• Google Analytics 4 cookies (_ga, _ga_*): used to distinguish users and sessions for website analytics. Set only after you accept analytics cookies. Duration: up to 2 years. Third-party (Google LLC).
• Microsoft Clarity cookies (_clck, _clsk, MUID, CLID): used for session recording and heatmaps. Set only after you accept analytics cookies. Duration: up to 1 year. Third-party (Microsoft Corporation).
• Cookie consent preference (cookie_consent): stores your accept/reject choice for analytics cookies. First-party localStorage. No expiry (until cleared).
• Theme preference (theme): stores your light/dark mode choice. First-party localStorage. No expiry (until cleared).

You can manage cookies at any time by clearing your browser data. Rejecting analytics cookies does not affect the functionality of the website.

We use service providers to operate certain features:

• Google Firebase (authentication, optional cloud backup, accountant syncing, app diagnostics where enabled, and Firebase Cloud Messaging for push notifications such as accountant messages, scan-period reminders, and document-request alerts; you can disable push notifications in your device settings at any time).
• Google Firebase Analytics (in-app usage analytics). Collects anonymised funnel events such as app open, first scan, scan, income added, paywall viewed, subscription started, and subscription completed, tied to a Firebase Installation ID. We do not collect Apple's IDFA or any device advertising identifier. No personally identifiable information is sent — only event names and non-identifying parameters such as scan count or product ID. Used to improve the app and measure marketing effectiveness. Google may transfer data to the United States. Google Privacy Policy.
• Sign in with Apple (optional authentication method). If you choose to sign in with your Apple ID, Apple receives a request that you are authenticating to PocketReceipt and returns a Sign in with Apple identifier we use to recognise your account. Apple's private email relay may be used to forward emails to you without revealing your real address. Apple Privacy Policy.
• Google Sign-In (optional authentication method). If you choose to sign in with your Google account, Google receives a request that you are authenticating to PocketReceipt and returns your Google account identifier and email address, which we use to recognise your account. Google Privacy Policy.
• Google Play Billing (subscription processing on Android devices).
• Apple App Store (subscription processing on iOS devices).
• OpenAI (receipt image text extraction via AI scanning, if you use this feature). Images are processed via API and are not retained by OpenAI beyond the processing request.
• Stripe (payment processing for Accountant Dashboard subscriptions). Processes accountant email and payment details. Stripe operates as an independent controller for payment data.
• Google Analytics 4 (website analytics). Collects anonymised usage data including pages visited, button clicks, scroll depth, session duration, device type, and approximate location. Google may transfer data to the United States. Google Privacy Policy.
• Apple Search Ads (campaign attribution for App Store ads). When you install the App from an Apple Search Ads campaign, your device generates a one-time attribution token that the App resolves with Apple's attribution service to identify which campaign drove the install. The resolved campaign metadata (campaign ID, ad group, keyword) is stored against your account for marketing-effectiveness measurement. No personally identifiable information beyond the attribution token is sent to Apple. Apple Advertising Privacy Policy.
• Google Ads (offline conversion measurement for Google Ads campaigns). When a paid subscription originates from a Google Ads click, the click identifier (gclid) and the conversion value are uploaded to Google Ads to measure ad effectiveness. No name, email, or other identifying information is sent — only the click identifier and the purchase value. Google may transfer data to the United States. Google Privacy Policy.
• Microsoft Clarity (website session recording and heatmaps). Records anonymised user interactions on our website including mouse movements, clicks, and scrolls. Form inputs are masked. Microsoft may transfer data to the United States. Microsoft Privacy Statement.
• OpenStreetMap Foundation (map tiles for Mileage Logbook Pro PDFs). When a Pro user generates a logbook PDF online, the App fetches map tiles directly from OpenStreetMap covering the area of each trip. Tile URLs include the tile coordinates of the area being shown. No account or polyline data is sent. OSM Foundation Privacy Policy.
• Google reCAPTCHA Enterprise (spam and abuse prevention on website forms). Collects IP addresses, browser fingerprints, and behavioural signals to assess whether form submissions are genuine. Google may transfer data to the United States. Google Privacy Policy.
• ipapi.co (IP geolocation for country-level access control on website forms). Receives the visitor's IP address to determine country of origin. No personal data beyond the IP address is shared. ipapi.co Privacy Policy.
• Google (AI chat assistant on the website). Messages you send through the website chat widget are processed by Google's AI services to generate responses. Conversations are processed in real time; only your current browser session retains the chat history on your device (cleared when the tab is closed). Google may transfer data to the United States. Google Privacy Policy.

Some privacy laws use the term “share” to include disclosure for cross-context behavioural advertising. PocketReceipt does not share personal data for cross-context behavioural advertising.

PocketReceipt allows you to optionally share your expense data with a registered accountant through the Accountant Dashboard feature. This feature is entirely consent-based.

How linking works: You generate a 6-digit code in the app. Your accountant enters this code on their dashboard. You must explicitly approve the connection before any data is shared. You control what is shared and can revoke access at any time.

Data shared when you approve a link:

• Your name and email address.
• Your business type and VAT registration status (including VAT number if provided).
• Receipt summaries including store name, date, amount (net, VAT, and gross), category, VAT details, business use percentage, payment method, capital item status, and notes.
• Mileage journey logs including date, locations, purpose, vehicle details, and miles.
• Vehicle information including name, registration, fuel type, and mileage cost method.
• Aggregate totals by quarter, year, and category.
• CIS payment details (if applicable), including contractor names, amounts, deductions, and net payments.
• Income records including amounts, dates, source labels, and linked quarter.
• Quarter review status data including client status, accountant status, and review timestamps.

What your accountant can do: When you approve a link, your accountant can view your records and receipt images, download receipt images, correct expense categories and mileage purposes, send you structured messages (such as deadline reminders, action requests, and queries), and request financial documents. Corrections your accountant makes are delivered to your app and preserved during your subsequent data updates.

Quarterly review workflow: You can send quarterly records to your accountant for review. Your accountant can review the quarter, request corrections, or mark it as reviewed. Once reviewed, you can lock the quarter to finalise your records for that period.

Messages from your accountant: Your accountant can send you messages through the Dashboard. These messages are stored in your PocketReceipt account and appear in your Messages screen. Each message includes the message text, category, priority, and timestamps. You can acknowledge messages from within the app.

Accountant access control: You can pause access at any time using the accountant access toggle in My Accountant. When access is paused, no new data is shared, no new corrections are applied, and no new documents can be sent or downloaded. Messages from your accountant may still be delivered while the link is active. You can also fully unlink the accountant, which ends all future interaction.

Unlinking: You may unlink your accountant at any time from My Accountant. When you unlink, your accountant immediately loses the ability to view your data through PocketReceipt. Synced data stored for the accountant is deleted from our servers. Data already downloaded by the accountant is outside PocketReceipt’s control. Your local data in the app is not affected.

PocketReceipt allows you to securely send financial documents (such as bank statements, platform earnings reports, or phone bills) to your linked accountant. This feature is entirely optional and only available when you are linked to an accountant.

How it works: You capture a photo of the document in the app. When you tap "Send to accountant", the image is uploaded to Firebase Storage in a secure, isolated folder. Metadata (document type, month, year, notes) is written to Firestore. Your accountant can download the document via a time-limited secure URL (valid for 30 minutes) generated by our servers.

Storage and deletion:

• Uploaded documents are automatically deleted from our servers after 30 days.
• A local copy remains on your device (for your own tax records) and is not affected by the server deletion.
• Maximum file size: 2 MB per document. Images only.
• Maximum 5 documents per month.

Security: Your documents are stored in Firebase Storage with strict access rules. Only you can upload to your own folder. No one (including your accountant) can read the files directly. Downloads are only possible through authenticated Cloud Function signed URLs that verify your accountant link is active.

Some of our service providers process data outside the UK/EEA. The following transfers occur:

• Google LLC (Firebase, Google Analytics, reCAPTCHA Enterprise, AI chat assistant) — United States. Covered by the UK-US Data Bridge and Google's Standard Contractual Clauses (SCCs).
• OpenAI (AI receipt scanning) — United States. Covered by Standard Contractual Clauses (SCCs). Receipt images are processed via API and not retained by OpenAI.
• Stripe (payment processing) — United States. Covered by the UK-US Data Bridge and Stripe's Standard Contractual Clauses (SCCs).
• Microsoft Corporation (Clarity) — United States. Covered by the UK-US Data Bridge and Microsoft's Standard Contractual Clauses (SCCs).

You can request a copy of the relevant transfer safeguards by contacting hello@pocketreceipt.co.uk.

Retention periods:

• Local app data: retained on your device until you delete individual records or delete your account.
• Cloud-backed data: retained while your account is active and a valid subscription or accountant link provides cloud access. Deleted within 48 hours of account deletion.
• Receipt images (cloud): retained while subscription or accountant link is active. If the subscription or add-on that provides image backup expires, images are retained for a 30-day grace period before permanent deletion.
• Secure documents: automatically deleted from our servers after 30 days.
• Email capture data (website): retained until you request deletion by emailing hello@pocketreceipt.co.uk.
• Founding Partner application data: retained while the programme is active. You may request deletion by emailing hello@pocketreceipt.co.uk.
• Website analytics data: retained by Google Analytics for 14 months and by Microsoft Clarity for 30 days, as per their respective retention policies.
• Crash logs: stored on your device only. Never sent unless you explicitly choose to via Settings.
• Accountant audit log entries: retained for 7 years from the date of the logged action, in accordance with the record-keeping requirements of the Money Laundering Regulations 2017 (MLR 2017). Audit log entries are immutable and cannot be deleted by the accountant before this period expires. After 7 years, entries are automatically deleted.
• AML CDD records (clientCompliance): retained while the accountant's account is active. Deleted within 48 hours of accountant account deletion, subject to any overriding legal retention obligations under MLR 2017.
• Passkey credentials: retained while registered by the accountant. Deleted immediately when the accountant removes the passkey or deletes their Dashboard account.

HMRC record retention: UK tax law requires business records to be kept for at least 5 years after the 31 January Self Assessment deadline for the relevant tax year (longer if HMRC opens an enquiry). PocketReceipt uses soft-delete for individual receipt and mileage deletions: when you delete an individual entry, it is hidden from your view but preserved in the local database. You remain responsible for maintaining records in accordance with HMRC requirements — consult HMRC guidance or your accountant for current retention periods.

Account deletion: When you delete your account using the in-app option, PocketReceipt processes your data as follows:

• All local data (receipts, mileage, vehicles, CIS records, messages, documents, settings) is permanently deleted from your device immediately.
• Cloud backups in Firebase Storage are permanently deleted.
• Your Firebase Authentication account is permanently deleted (or queued for automated deletion if re-authentication is required).
• Any active accountant links are severed and synced data is deleted from accountant views.
• Any documents uploaded via the secure document transfer feature are deleted from Firebase Storage.
• CIS payment records, pending accountant requests, and message history are deleted.
• Some server-side items may require up to 48 hours for automatic cleanup.

If you previously shared data with an accountant, copies they already downloaded are outside PocketReceipt's control.

UK GDPR (UK/EEA)

• Access, correction, deletion, restriction, and objection (where applicable).
• Data portability (where applicable).

Right to complain (UK/EEA)

You can lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), or your local supervisory authority (EEA) if applicable.

United States (where applicable)

• Right to know/access the categories of personal data collected and disclosed.
• Right to delete personal data (subject to legal exceptions).
• Right to correct (in some states, where applicable).
• Right to opt-out of “sale” or “sharing” (as defined by applicable law). PocketReceipt does not sell personal data and does not share personal data for cross-context behavioural advertising.
• Non-discrimination for exercising privacy rights.

Brazil (LGPD) (where applicable)

• Confirmation of processing, access, correction, anonymisation, portability, deletion, and information about sharing (where applicable).

You can delete your PocketReceipt account and associated data using the in-app option Delete Account & Data.

If you cannot access the app, you can request deletion by emailing hello@pocketreceipt.co.uk.

• Location is used to calculate trip distance for mileage journeys you start, if you enable tracking and grant permission.
• You can deny location permission and use manual mileage instead.
• Foreground service usage may be required by Android while a journey is actively being tracked (if enabled).
• What is stored on your device: for each GPS-recorded journey, PocketReceipt stores your start and end coordinates, the GPS path of the trip (a list of latitude/longitude points sampled approximately every 10 metres while tracking), the duration, the distance, and any address that was resolved at the end of the trip. This data is stored only in the local database on your device.
• Reverse geocoding (address lookup): when you stop a trip, the start and end coordinates may be sent to your device's platform geocoding service — Apple Location Services on iOS, or Android's Geocoder (which on most devices uses Google Play Services) — to obtain a human-readable address (such as "Tesco, Reading, RG1 2DH") for inclusion in your journey log. PocketReceipt does not operate this service. We do not transmit your coordinates or polyline to PocketReceipt servers. If geocoding fails (for example, you are offline), your trip is still saved with its coordinates; the address remains blank.
• Mileage Logbook PDF (HMRC-compliant log): at your request, PocketReceipt can generate a PDF logbook of your saved journeys for a date range you choose. The PDF is rendered on your device using the journey data already stored locally. The resulting PDF is saved to your app documents and shared only when you tap your device's share sheet.
• Route maps (Pro PDF only): if you have Mileage Logbook Pro entitlement (paid subscription, VIP, accountant-linked, or active 30-day free trial) and you generate the PDF while online, PocketReceipt fetches map tiles from OpenStreetMap (openstreetmap.org) covering the area of each trip, and overlays your stored GPS polyline on top. The fetch is direct from the OSM Foundation tile servers; tile URLs include the tile coordinates of the area being viewed (which approximate the location of your trips). Standard HTTP request metadata (your device's IP address, timestamp) is visible to OSM during the fetch. PocketReceipt does not transmit your trip identity, account, or polyline to OSM. If you are offline or the fetch fails for any reason, the Pro PDF falls back to a self-drawn route diagram with no third-party request.
• Cloud backup: if you are subscribed to Essential, Professional, or are linked to an accountant, mileage journey records may be included in your encrypted cloud backup as described elsewhere in this policy. The cloud backup includes the same fields stored locally (date, miles, addresses, coordinates, polyline, purpose, vehicle).

PocketReceipt uses AI (via OpenAI) to extract text from receipt images when you use the AI scanning feature. This is automated processing of your receipt image to extract structured data (store name, date, amount, VAT, category).

No automated decisions are made about you based on this processing. The AI extracts data from your receipt — it does not make decisions about your tax liability, creditworthiness, or any other matter. You review and confirm all extracted data before saving.

PocketReceipt does not use profiling or automated decision-making that produces legal or similarly significant effects on you, as defined under UK GDPR Article 22.

PocketReceipt is intended for adults. We do not knowingly collect data from children.

We may update this Privacy Policy from time to time. If we make material changes that affect how your personal data is processed, we will notify you via email (if we have your email address) or via an in-app notification before the changes take effect. The "Last updated" date at the top of this policy will always reflect the most recent revision. We encourage you to review this page periodically.

Email: hello@pocketreceipt.co.uk

Developer: PocketReceipt (United Kingdom)

Report a security issue: If you discover a security vulnerability or data protection concern, please report it immediately to hello@pocketreceipt.co.uk with the subject "Security Issue Report". We aim to acknowledge all security reports within 24 hours and resolve critical issues within 72 hours.