Privacy Policy
Effective date: April 18, 2026
PicoTally ("the App") is published by Pico Apps LLC ("we", "us", "our"). This policy explains what data we collect, why, and how we protect it.
1. Data We Collect
| Category | Examples | Purpose |
|---|
| Account | Email address, name (if provided via Google/Apple sign-in) | Authentication and account management |
| Business profile | Business name, address, phone, tax ID, hourly rate | Populating your invoices and quotes |
| Customer records | Client name, email, phone, address, notes | Invoice delivery and CRM |
| Financial records | Invoices, quotes, expenses, payments, receipt images | Core app functionality |
| Media | Photos (receipts, project sites), voice memos | Receipt scanning, voice-to-invoice |
| Crash reports | Error stack traces, device model, OS version (no personal identifiers) | Fixing bugs and improving stability |
We do not collect location data, contacts, health data, browsing history, or advertising identifiers.
2. How We Use Your Data
- Core functionality — creating invoices, tracking expenses, managing customers, generating PDFs.
- AI features — receipt text is sent to Google Gemini for itemisation; voice memos are sent to Deepgram for transcription, and the resulting transcript is sent to Anthropic Claude to interpret your intent (e.g., "mark invoice 42 paid"). All three calls are processed server-side via secure edge functions; no AI keys are embedded in the app.
- On-device OCR — Google ML Kit extracts text from receipt images entirely on your device. No image data leaves your phone for OCR.
- Payments — when you use online payment links, Stripe processes the transaction. We store the payment status and session ID but never your card details.
- Crash reporting — if enabled, anonymous crash data is sent to Sentry. No personally identifiable information is included.
3. Third-Party Services
| Service | Data received | Purpose |
|---|
| Supabase | All synced business data | Cloud database, authentication, file storage |
| Google Gemini | Receipt text (not images) | AI-powered receipt itemisation |
| Deepgram | Audio recordings | Voice-to-text transcription |
| Anthropic Claude | Voice transcript text (no audio) | Interpreting voice commands and extracting structured intent |
| Stripe | Payment amount, currency, client email | Payment processing for invoices you send to your customers |
| Apple App Store (StoreKit) | Purchase receipt (signed by Apple) | Processing your Pro subscription. Apple — not us — sees your payment method. |
| Sentry | Crash logs (scrubbed of PII) | Error monitoring |
| Google ML Kit | None (on-device only) | Text recognition from images |
We do not sell, rent, or share your data with advertisers, data brokers, or any party not listed above.
4. Device Permissions
- Microphone — voice recording for the voice-to-invoice feature. Only active when you tap the record button.
- Camera — taking photos of receipts and project work.
- Photo library — selecting existing photos for receipt scanning or project documentation.
Each permission is requested only when needed and can be revoked at any time in your device settings.
5. Data Storage and Security
- Cloud data is stored in Supabase (PostgreSQL) with row-level security. Each user can only access their own records — enforced at the database level, not just in app code.
- A local copy is cached on your device in a SQLite database for offline use. The file is encrypted with SQLCipher (AES-256); the encryption key is generated on your device and stored in the iOS Keychain / Android Keystore, and never leaves the device.
- All network communication uses HTTPS/TLS encryption.
- API keys for Google Gemini, Deepgram, Anthropic Claude, and Stripe live only as server-side secrets. They are never bundled into the mobile app and cannot be extracted from an installed binary.
- Crash reports sent to Sentry are passed through a PII scrubber that redacts emails, phone numbers, tokens, and truncates long free-form text before the report leaves your device.
6. Data Retention and Deletion
- Your data is retained for as long as your account is active.
- You can delete individual records (invoices, expenses, customers) at any time from within the app.
- You can permanently delete your entire account from Settings → Account → Delete Account. This removes all rows tied to your user ID across our database — invoices, quotes, expenses, receipts, customers, project notes, voice memos, uploaded logos and photos — plus your authentication record. The deletion is irreversible and typically completes within seconds.
- The same in-app deletion also wipes the encrypted local database on your device, removes the SQLCipher key from the iOS Keychain / Android Keystore, and clears any saved sign-in credentials. Use the in-app Delete Account flow rather than just uninstalling — uninstalling removes the app's documents folder but, by default, the iOS Keychain entries survive uninstall and would persist until the device is wiped or you delete the PicoTally entries via iOS Settings.
- Audit logs of payment webhook events received from Stripe are retained for fraud-detection purposes; these contain transaction metadata (amount, currency, status) but no card numbers and no personal account information.
- Database backups taken before your deletion request may continue to hold a copy of your data for up to 7 days, after which they are rotated out and unrecoverable. We do not access these backups except to recover from infrastructure failure.
7. Your Rights
You have the right to:
- Access all data we hold about you (available directly in the app).
- Correct inaccurate data (editable in the app).
- Delete your data and account.
- Export your data (invoices can be exported as PDF).
If you are in the EU/EEA, you also have rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.
8. Children's Privacy
PicoTally is a business tool designed for adults. We do not knowingly collect data from anyone under 16. If we learn that we have collected data from a child, we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via an in-app notice. The "effective date" at the top of this page will be updated accordingly.
10. Contact
If you have questions about this privacy policy or your data, contact us at:
Email: support@picotally.com