Privacy Policy

PicoTally (“the App”) is published by Pico Apps LLC (“we”, “us”, “our”). This policy explains what data we collect, why, and how we protect it.

1. Data we collect

Category	Examples	Purpose
Account	Email address, name (if provided via Google/Apple sign-in)	Authentication and account management
Business profile	Business name, address, phone, tax ID, hourly rate	Populating your invoices and quotes
Customer records	Client name, email, phone, address, notes	Invoice delivery and CRM
Financial records	Invoices, quotes, expenses, payments, receipt images	Core app functionality
Media	Photos (receipts, project sites), voice memos	Receipt scanning, voice-to-invoice
Crash reports	Error stack traces, device model, OS version (no personal identifiers)	Fixing bugs and improving stability

We do not collect location data, contacts, health data, browsing history, or advertising identifiers.

2. How we use your data

• Core functionality, creating invoices, tracking expenses, managing customers, generating PDFs.
• AI assistant, when you use the in-app AI assistant (by voice or by typing), the following is sent to Anthropic Claude on each turn of the conversation:
  • Your message text;
  • A snapshot of your business data, your customer list with outstanding balances, your recent invoices, recent expenses, recent payments, current-screen context, and current-month summary statistics, so the assistant can answer your question in the context of your business;
  • If the assistant needs an exact total or a longer list to answer accurately, it may run a query against your own records and the result of that query is returned to Claude in the same conversation.
  Voice input is first transcribed by Deepgram; only the resulting transcript text (no audio) is sent to Claude. Receipt scanning is a separate flow: the extracted text is sent to Google Gemini for itemisation (the receipt image itself is never sent). All AI calls are processed server-side via secure edge functions; no AI provider keys are embedded in the app.
• On-device OCR. Google ML Kit extracts text from receipt images entirely on your device. No image data leaves your phone for OCR.
• Payments, when you use online payment links, Stripe processes the transaction. We store the payment status and session ID but never your card details.
• Crash reporting, if enabled, anonymous crash data is sent to Sentry. No personally identifiable information is included.

3. Third-party services

Service	Data received	Purpose
Supabase	All synced business data	Cloud database, authentication, file storage
Google Gemini	Receipt text (not images)	AI-powered receipt itemisation
Deepgram	Audio recordings	Voice-to-text transcription
Anthropic Claude	Your assistant message (voice transcript or typed text) plus a snapshot of your business data, customer names with balances, recent invoices, recent expenses, recent payments, and current-month statistics. May also receive additional rows from your own records when the assistant runs a query mid-conversation.	Powering the in-app AI assistant: answering questions about your business and drafting invoices, expenses, and payments on command
Stripe	Payment amount, currency, client email	Payment processing for invoices you send to your customers
Apple App Store (StoreKit)	Purchase receipt (signed by Apple)	Processing your Pro subscription. Apple, not us, sees your payment method.
Sentry	Crash logs (scrubbed of PII)	Error monitoring
Google ML Kit	None (on-device only)	Text recognition from images

Waitlist signups submitted via the “Get early access” form on picotally.com are received by a Cloudflare Pages Function that runs on the same infrastructure as the website itself. The submission (name, email, optional trade) stays on our Cloudflare account, the same provider that hosts the marketing site, and is not shared with any third-party form processor.

We do not sell, rent, or share your data with advertisers, data brokers, or any party not listed above.

4. Device permissions

• Microphone, voice recording for the voice-to-invoice feature. Only active when you tap the record button.
• Camera, taking photos of receipts and project work.
• Photo library, selecting existing photos for receipt scanning or project documentation.

Each permission is requested only when needed and can be revoked at any time in your device settings.

5. Data storage and security

• Cloud data is stored in Supabase (PostgreSQL) with row-level security. Each user can only access their own records, enforced at the database level, not just in app code.
• A local copy is cached on your device in a SQLite database for offline use. The file is encrypted with SQLCipher (AES-256); the encryption key is generated on your device and stored in the iOS Keychain / Android Keystore, and never leaves the device.
• All network communication uses HTTPS/TLS encryption.
• API keys for Google Gemini, Deepgram, Anthropic Claude, and Stripe live only as server-side secrets. They are never bundled into the mobile app and cannot be extracted from an installed binary.
• Crash reports sent to Sentry are passed through a PII scrubber that redacts emails, phone numbers, tokens, and truncates long free-form text before the report leaves your device.

6. Data retention and deletion

• Your data is retained for as long as your account is active.
• You can delete individual records (invoices, expenses, customers) at any time from within the app.
• You can permanently delete your entire account from Settings → Account → Delete Account. This removes all rows tied to your user ID across our database, invoices, quotes, expenses, receipts, customers, project notes, voice memos, uploaded logos and photos, plus your authentication record. The deletion is irreversible and typically completes within seconds.
• The same in-app deletion also wipes the encrypted local database on your device, removes the SQLCipher key from the iOS Keychain / Android Keystore, and clears any saved sign-in credentials. Use the in-app Delete Account flow rather than just uninstalling, uninstalling removes the app’s documents folder but, by default, the iOS Keychain entries survive uninstall and would persist until the device is wiped or you delete the PicoTally entries via iOS Settings.
• Audit logs of payment webhook events received from Stripe are retained for fraud-detection purposes; these contain transaction metadata (amount, currency, status) but no card numbers and no personal account information.
• Database backups taken before your deletion request may continue to hold a copy of your data for up to 7 days, after which they are rotated out and unrecoverable. We do not access these backups except to recover from infrastructure failure.

7. Your rights

You have the right to:

• Access all data we hold about you (available directly in the app).
• Correct inaccurate data (editable in the app).
• Delete your data and account.
• Export your data (invoices can be exported as PDF).

If you are in the EU/EEA, you also have rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

8. Children’s privacy

PicoTally is a business tool designed for adults. We do not knowingly collect data from anyone under 16. If we learn that we have collected data from a child, we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via an in-app notice. The “effective date” at the top of this page will be updated accordingly.

10. Contact

If you have questions about this privacy policy or your data, contact us at:

Email: support@picotally.com