Privacy Policy

1. Information We Collect

Direct Submission

• Account Credentials: Email addresses and profile metadata provided during registration.
• Application Data: Receipt imagery and extracted financial data processed via SpendCity.
• Inquiries: Information shared during support requests or technical consultations.

Automated Collection

• Technical Telemetry: Device identifiers, OS versions, and network performance metrics.
• Usage Analytics: Feature engagement patterns and diagnostic logs to maintain service stability.

2. Third-Party AI Processing

We utilize enterprise-grade AI services for specific cognitive tasks:

Computer Vision (OCR)

Receipt images are processed via Google Cloud Vision API to extract merchant data and line items. Images are processed in transit and not retained for model training.

LLM Reasoning & Insights

Aggregated statistics and natural language queries are processed via Google Gemini API to provide spending insights and news synthesis. All processing is governed by specific enterprise terms that prohibit the use of your data for base model training.

3. Security & Data Sovereignty

We implement structural safeguards to protect your intellectual and personal property:

• End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256).
• Hierarchical access controls and multi-factor authentication.
• Strategic data residency in accordance with international sovereignty frameworks.

4. Your Rights & Data Portability

You maintain full control over your digital footprint. You have the right to request access to, correction of, or permanent deletion of your data. For portability requests or CCPA/GDPR inquiries, contact us at privacy@boxsight.ai.

5. Account Deletion

Upon initiating account deletion, all associated data—including receipts, images, and metadata—is purged from our active systems within 7 days. This process is irreversible.