Privacy Policy

Last updated: December 13, 2025

Codesense ("we", "us", or "our") operates ReceiptMatch. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Data Controller

Codesense
Business ID (Y-tunnus): 2232694-1
Finland

For privacy inquiries, contact us at: [email protected]

2. Data We Collect

2.1 Account Information

When you sign up via Google OAuth, we collect:

  • Email address — to identify your account
  • Google account ID — for authentication

We do not store your name, password, phone number, or physical address.

2.2 Receipt Data

When you upload receipts, we collect:

  • The receipt image or PDF file
  • Extracted data: vendor name, date, amount, VAT/tax information
  • Upload timestamp and source (manual upload, Gmail, mobile)

2.3 Email Integration (Optional)

If you enable email scanning (e.g., Gmail), we access your email account to:

  • Search for emails containing receipts
  • Extract receipt attachments

We only access emails matching receipt-related criteria. We do not read, store, or process unrelated emails.

2.4 ERP Integration (Optional)

If you connect your accounting software (e.g., Procountor), we access:

  • Bank transaction data for matching receipts
  • OAuth tokens to maintain the connection

You act as the data controller for your ERP data. We process it solely to provide the matching service.

2.5 Technical Data

We automatically collect:

  • Session cookies (for authentication)
  • Server logs (IP address, browser type, timestamps)

We do not use analytics, tracking pixels, or third-party advertising.

3. How We Use Your Data

We use your data exclusively to:

  • Provide and improve the ReceiptMatch service
  • Authenticate your account
  • Extract information from receipts using AI
  • Match receipts to bank transactions
  • Communicate service updates (if you opt in)

We do not sell, rent, or share your data with third parties for marketing purposes.

4. AI Processing

Receipt data is processed on infrastructure we operate within the European Union. Your receipts are not shared with third-party advertising, marketing, or data broker services.

5. Data Storage & Security

5.1 Location

All data is stored in the European Union:

  • Database and application servers hosted in Finland
  • File storage hosted in the EU
  • AI processing performed on EU-based infrastructure

We maintain all infrastructure within EU jurisdiction.

5.2 Security Measures

  • Encrypted connections (HTTPS/TLS)
  • Session-based authentication with secure cookies
  • Multi-tenant data isolation (organizations cannot access each other's data)
  • Time-limited access URLs for file downloads

6. Data Retention

  • Account data: Retained until you delete your account
  • Receipt files and data: Retained until you delete them
  • Session data: Automatically deleted after a period of inactivity
  • Backups: Retained for up to 30 days, then permanently deleted

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Delete your account and all associated data
  • Portability — Export your data in a machine-readable format
  • Restriction — Limit how we process your data
  • Objection — Object to data processing

To exercise these rights, contact [email protected]. We will respond within 30 days.

8. Account Deletion

When you request account deletion:

  • Your account, receipts, and all associated data are deleted immediately from production systems
  • Data may persist in encrypted backups for up to 30 days
  • After 30 days, all data is permanently and irreversibly deleted

9. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Google OAuth Authentication Email, Google ID
Email providers (e.g., Gmail) Receipt scanning (optional) Email content (filtered)
Procountor ERP integration (optional) Transaction data

10. Cookies

We use only essential cookies required for the service to function:

  • Session cookie: Keeps you logged in (expires after 24 hours)

We do not use advertising, analytics, or tracking cookies.

11. International Transfers

Your data is stored and processed entirely within the European Union. We do not transfer data outside the EU/EEA.

12. Children's Privacy

ReceiptMatch is a business service not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact

For questions about this Privacy Policy or your personal data, contact us at:
[email protected]

15. Supervisory Authority

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman
tietosuoja.fi