Privacy Policy

1. Who We Are

Sciometa Oy develops and provides expense management and document scanning solutions that help individuals and businesses track expenses, scan receipts, and manage financial documents efficiently across mobile applications and web platforms.

Depending on the context, Sciometa may act as:

• A Data Controller, when we collect and process information directly from you (e.g., account registration, receipt scanning); or
• A Data Processor, when we process information on behalf of our business customers.

2. What Data We Collect

a. Personal Data

User Registration & Authentication:

• Email addresses (primary identifier for authentication)
• Full names
• Login credentials and account settings
• Authentication tokens and session data
• Google OAuth data (when using Google Sign-In for Gmail integration)

Subscription & Billing Data:

• Subscription status and plan information
• Payment transaction IDs (via Google Play or Stripe)
• Trial period information

b. Financial Document Data

Receipt & Invoice Data:

• Scanned receipt and invoice images
• Extracted financial information including merchant names, dates, amounts, tax rates, and currency
• Invoice numbers and due dates

Gmail Integration Data (Optional):

• Email metadata for invoice detection
• Extracted invoice attachments
• Invoice content extracted from emails

c. Technical Data

• Device IDs and hardware identifiers
• Device types, operating system, and version
• IP addresses
• Application logs and error reports
• Photos of receipts and invoices captured via camera

3. How We Use Your Information

We use personal data only when we have a valid legal reason to do so. Common purposes include:

• Creating and managing your account
• Providing receipt scanning and document extraction services
• Storing and organizing your financial documents
• Processing subscription payments
• Syncing data across your devices
• Extracting invoices from your Gmail (when authorized)
• Offering customer support and troubleshooting issues
• Improving and developing new features
• Meeting legal and regulatory requirements

We never sell your personal data, and we only share it when it's necessary to operate or improve our Services.

4. Sharing Your Information

We may share your personal data with the following categories of third parties:

• Service Providers - Cloud infrastructure providers (Supabase), payment processors (Stripe, Google Play), AI/ML services for document extraction
• Google Services - When you connect your Gmail account, we access your emails solely to extract invoice information
• Legal Authorities - When required by law or to protect our legal rights
• Business Transfers - In the event of a merger, acquisition, or sale of assets

We do not regularly transfer data to recipients outside the European Economic Area (EEA). If we do, we ensure appropriate safeguards are in place.

5. Data Retention

We keep your personal data only for as long as it's needed for the purposes stated in this Policy, or as required by law.

• Your receipt images and extracted data are retained as long as your account is active
• You can delete individual receipts or invoices at any time
• After you close your account, we will delete your personal data within 30 days

6. International Data Transfers

Sciometa stores and processes most customer data within the European Union. If we transfer data outside the EEA, we use Standard Contractual Clauses or other approved safeguards.

7. Your Rights

Under the GDPR, you have several rights regarding your personal data:

• Access – Request a copy of the data we hold about you
• Correction – Ask us to update or fix inaccurate information
• Deletion – Request removal of your data when it's no longer necessary
• Restriction – Limit how we process your data in certain cases
• Portability – Request your data in a machine-readable format
• Objection – Object to processing, including direct marketing
• Withdraw consent – If you've given consent for specific processing, you can withdraw it at any time

To exercise any of these rights, email us at hello@sciometa.com.

8. Security

We use industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

• Encryption in transit (TLS/HTTPS)
• Secure data storage environments
• Access control and authentication
• Regular security assessments

9. Cookies and Tracking

Web Application: We use essential cookies for authentication and analytics cookies to improve our services.

Mobile Application: Our mobile app does not use cookies but may collect analytics data to improve the app experience.

10. Children's Privacy

Our Services are designed for adult users and are not intended for children under 18. We do not knowingly collect personal data from minors.

11. Gmail Integration

When you choose to connect your Gmail account:

• We only access emails that may contain invoices
• We extract invoice information and attachments
• We do not read, store, or share other email content
• You can disconnect Gmail at any time

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. When we make material updates, we will notify you through our website, mobile app, or by email.

13. Contact Us

If you have any questions about this Privacy Policy or how your personal data is handled, please contact us:

Sciometa Oy
Mekaanikonkatu 19, Helsinki, Finland
Email: hello@sciometa.com