Privacy Policy
Last updated: March 4, 2026
1. Our Approach to Privacy
FakeReceiptMaker ("the Service," "we," "us," or "our") is built around a principle of minimal data collection. We only gather the information that is strictly necessary to provide, maintain, and improve the Service. We do not sell your personal data, we do not build advertising profiles, and we do not monetize your information in any way beyond delivering the service you signed up for.
This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have over it. It applies to all visitors and users of FakeReceiptMaker, whether you use the Service as a guest or as a registered subscriber.
2. What We Collect
The specific data we collect depends on how you interact with the Service:
- Account information (optional) — If you choose to create an account, we collect your email address and a securely hashed version of your password. We never store passwords in plain text.
- Usage analytics — We collect anonymized usage data such as page views, feature interactions, browser type, and general geographic region. This helps us understand how the Service is used and where we can make improvements.
- Payment information — If you subscribe to a paid plan, your payment details (credit card number, billing address) are collected and processed exclusively by Stripe, our third-party payment processor. We never receive, transmit, or store your full card number on our servers.
3. What We Do NOT Collect
This is an important distinction and a core part of our privacy design:
- Receipt content is ephemeral. When you use the receipt editor, your receipt data is rendered in your browser (client-side preview) or processed temporarily on our servers for PNG export. We do not store the content of generated receipt images, the text you enter into receipt fields, or the final exported files.
- Saved templates are the exception. If you explicitly choose to save a template configuration to your account, that template data is stored in our database so you can retrieve it later. You can delete saved templates at any time.
- We do not use keystroke logging, screen recording, or any form of session replay technology.
4. How We Use Your Data
We use the information we collect for the following purposes:
- Providing the Service — authenticating your account, loading your saved templates, and processing receipt exports.
- Processing payments — managing your subscription status, billing, and invoicing through Stripe.
- Transactional communications — sending you emails directly related to your account, such as password resets, subscription confirmations, and billing receipts. We do not send marketing emails unless you explicitly opt in.
- Improving the Service — analyzing aggregated, anonymized usage patterns to identify bugs, optimize performance, and prioritize new features.
5. Payment Processing
All payment transactions are handled by Stripe, a PCI DSS Level 1 certified payment processor. When you enter your payment details, that information is transmitted directly to Stripe's servers via their secure, embedded payment form. At no point does your full card number pass through or reside on our infrastructure.
We receive from Stripe only the minimum information needed to manage your subscription: a customer identifier, subscription status, the last four digits of your card, and billing dates.
6. Cookies and Local Storage
We use the following browser storage mechanisms:
- Session cookies — Essential cookies used to maintain your authenticated session. These are strictly necessary for the Service to function and cannot be disabled while using a logged-in account.
- Local storage — We use your browser's local storage to persist editor preferences (such as your last-used template or editor settings) so your experience is seamless between visits. This data never leaves your device.
- Analytics cookies — We may use cookies from our analytics provider to collect anonymized usage data. You can block these through your browser settings or any standard cookie-consent mechanism without affecting core Service functionality.
7. Third-Party Services
We rely on a limited number of trusted third-party services to operate FakeReceiptMaker. Each has been chosen for its strong privacy and security practices:
- Supabase — Provides authentication and database storage for user accounts, saved templates, and export history. Supabase infrastructure is hosted on AWS with data encrypted at rest and in transit.
- Stripe — Handles all payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 compliant and maintains its own comprehensive privacy policy.
- Vercel — Hosts the Service and handles content delivery. Vercel processes server requests and may log IP addresses and request metadata for security and performance purposes.
We do not share your personal data with any third party beyond what is described above, and we do not sell or rent your data to advertisers, data brokers, or any other entity.
8. Data Retention
- Account data — Your email, hashed password, and saved templates are retained for as long as your account remains active. If you delete your account or request deletion, we will remove your personal data within thirty (30) days.
- Payment records — Transaction records are retained by Stripe in accordance with their data retention policies and applicable financial regulations.
- Anonymous analytics — Aggregated, non-identifiable analytics data may be retained indefinitely to support long-term product decisions. This data cannot be traced back to any individual user.
9. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
- Right of access — You may request a copy of the personal data we hold about you.
- Right to rectification — You may ask us to correct any inaccurate or incomplete personal data.
- Right to erasure — You may request that we delete your personal data, subject to any legal obligations that require us to retain certain records.
- Right to data portability — You may request your data in a structured, commonly used, machine-readable format.
- Right to restriction — You may ask us to restrict the processing of your personal data in certain circumstances.
- Right to object — You may object to the processing of your personal data where we rely on legitimate interests as our legal basis.
To exercise any of these rights, contact us at support@fakereceiptmaker.app. We will respond to your request within thirty (30) days.
10. Your Rights Under CCPA
If you are a California resident, the California Consumer Privacy Act grants you the following rights:
- Right to know — You may request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, and the purposes for which it is used.
- Right to delete — You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale — We do not sell your personal information to third parties. Because we do not engage in the sale of personal data, there is no need to opt out — but we state this explicitly for transparency.
We will not discriminate against you for exercising any of your CCPA rights. To submit a request, email us at support@fakereceiptmaker.app.
11. Children's Privacy
FakeReceiptMaker is not intended for use by anyone under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take prompt steps to delete that information. If you believe a child under 13 has provided us with personal data, please contact us immediately at support@fakereceiptmaker.app.
12. Data Security
We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Passwords are hashed using industry-standard algorithms before storage — we never store or have access to your plain-text password.
- Database access is restricted to authorized services only, with row-level security policies enforced by Supabase.
- Administrative access to infrastructure is protected by multi-factor authentication and follows the principle of least privilege.
While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining strong safeguards and responding promptly to any security incidents.
13. International Transfers
FakeReceiptMaker is operated from and primarily hosted in the United States. If you access the Service from outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers (such as Supabase, Stripe, and Vercel) maintain infrastructure.
Where personal data is transferred from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on standard contractual clauses or other lawful transfer mechanisms as required by applicable data protection laws.
14. Changes to This Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we will make reasonable efforts to notify registered users via email or an in-app notice.
We encourage you to review this page periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Privacy Policy.
15. Contact
If you have questions about this Privacy Policy, wish to exercise any of your data rights, or have concerns about how your information is handled, please contact us at: