Privacy Notice

1. Introduction

This Privacy Notice explains how Teandy SRL ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller for your personal information is:

Teandy SRL
Rue d'Henzie 2
6870 Arville
Belgium
Enterprise number (BCE/KBO): 0782.960.442
VAT number: BE0782960442
Email: info@teandy.be

3. Information We Collect

We collect the following categories of personal information:

3.1 Account Information

• Email address
• Username
• Password (stored in hashed form)
• Display name
• Account type / age category (e.g., adult account or child account) and Household association
• Account creation date and activity

3.2 Household and Tenant Data

• Household member information
• User roles and permissions
• Household settings and preferences

3.3 Contacts Outside the Household (Adults Only)

Only responsible adults can access features involving contacts outside the Household (for example, inviting people outside the Household, or managing external contacts). If you use such features, we may process contact details such as name and email address for the purpose of sending invitations or enabling the feature.

3.4 Receipt Data

• Receipt images and PDF files you upload
• Extracted receipt metadata (merchant name, date, total amount)
• Line items and product details extracted from receipts
• Categories and tags you assign
• Validation and correction data

3.5 Usage and Technical Data

• Device information and browser type
• IP address (anonymized where possible)
• Usage patterns and feature interactions
• Error logs and diagnostic information

3.6 Payment Information

• Billing address
• Payment method information (processed by Stripe, not stored by us)
• Subscription and transaction history

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• To provide, maintain, and improve the Service
• To process and store your receipts
• To extract data from receipts using receipt analysis
• To enable household collaboration features
• To manage your account and subscriptions
• To apply age-based and account-type based restrictions (for example, restricting child accounts from accessing contacts outside the Household)

4.2 Legal Basis

We process your personal information based on:

• Contract:To fulfill our contract with you (providing the Service)
• Legitimate Interests:To improve the Service, ensure security, and prevent fraud
• Consent:For optional features like receipt analysis contribution rewards and analytics
• Legal Obligation:To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Receipt Analysis Processing Provider

When you upload receipts for analysis:

• Receipt files are sent to our receipt analysis provider (Taggun) for data extraction
• We use Taggun’s “incognito” mode for our API calls (an opt-out storage option described in Taggun’s privacy policy) to reduce third-party retention. See: Taggun Privacy Policy
• We store the receipt files and extracted data in our systems
• Receipt files and financial data are not shared individually for any other purpose

5.2 Payment Processing

We useStripefor payment processing:

• Payment card information is processed directly by Stripe and not stored by us
• We share billing and contact details, plan selection, subscription status, and transaction metadata as needed to provide billing and customer support
• We receive payment tokens and transaction information from Stripe
• Stripe's use of your information is governed by their privacy policy:Stripe Privacy Policy

5.3 Service Providers

We may share information with trusted service providers who assist in operating the Service:

• Hosting and infrastructure providers:including OVHcloud in European datacenters
• Database and storage services
• Email delivery services
• Analytics providers (see Section 11)
• Single sign-on providers (optional):such as Google, if you choose “Sign in with Google”
• Optional integrations:We may offer optional integrations with third-party services. If you enable an integration, we will access and process only the data necessary to provide it, based on the permissions you grant. You can revoke access at any time.

All service providers are bound by confidentiality agreements and may only use your information to provide services to us.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

6. International Data Transfers

Your personal information is primarily stored and processed in the European Economic Area (EEA), including on OVHcloud infrastructure in Europe. However, some processing may be performed by trusted sub-processors located outside the EEA (for example, our receipt analysis sub-processor).

When we transfer your information outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• GDPR-compliant data processing agreements
• Other appropriate legal mechanisms to ensure your data is protected

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Notice:

• Account Data:Retained until you delete your account
• Receipt Files and Data:Retained until you delete them or close your account
• Payment Records:Retained as required by law (typically 7 years for tax purposes)
• Security/Diagnostic Logs:Retained for a limited period unless needed to investigate abuse, fraud, or security incidents
• Backup Data:May be retained for a limited rolling period after deletion for disaster recovery purposes and then overwritten

You can request deletion of your data at any time by contacting us. We may retain certain information where required by law (for example, invoices/payment records).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in Transit:All data transmitted between your device and our servers is encrypted using TLS/SSL
• Encryption at Rest:Data stored in our databases and file systems is encrypted using disk/volume encryption
• Access Controls:Access to personal information is restricted to authorized personnel only
• Regular Security Audits:We conduct regular security assessments and updates
• Tenant Isolation:Data is isolated by tenant to prevent unauthorized access

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

9.1 Right of Access

You can request a copy of the personal information we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete information.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information, subject to certain legal exceptions.

9.4 Right to Restrict Processing

You can request that we limit how we use your information in certain circumstances.

9.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

To exercise these rights, please contact us at info@teandy.be . We will respond to your request within 14 days.

10. Receipt Analysis Contribution Rewards

You may optionally opt-in to contribute receipt data to help improve our receipt analysis accuracy and product features:

10.1 What We Use

If you opt-in to contribute, we may use:

• The receipt file (image or PDF) you uploaded
• Raw extracted data from the receipt (analysis)
• Details you have validated and approved after receipt analysis

10.2 How We Use It

We use contributed data to:

• Improve receipt analysis accuracy and reliability
• Train and enhance our extraction algorithms
• Develop new features and improve the product for all users

We do not use contributed data to identify individual users. We take measures to de-identify data where feasible.

10.3 Reward Eligibility

When you contribute, you may earn analysis credits as a reward. However:

• If a contribution is clearly wrong, invalid, or abusive, we reserve the right to withhold credits
• Reward amounts are based on the quality and completeness of the contribution

10.4 Your Control

Contribution is completely optional and opt-in:

• You choose which receipts to contribute
• You can opt-out of contribution at any time
• Opting out does not affect your ability to use the Service

11. Cookies and Analytics

We use the following technologies:

11.1 Analytics

We usePlausible Analytics, a privacy-friendly analytics service, to understand how users interact with our Service. Plausible:

• Does not use cookies
• Does not track users across websites
• Complies with GDPR and does not track users across websites

11.2 Essential Cookies

We use essential session cookies to maintain your login state and provide core functionality. These cookies are necessary for the Service to function.

11.3 Advertising (Adsterra)

On the free (Basic) plan, we may display ads throughAdsterra. Paid plans and trial periods are ad-free.

• Ads may use page/app context and limited technical data (such as device type, browser, and IP address) to deliver and measure ads
• Adsterra may set cookies on your browser when you visit our site.
• Adsterra does not collect personally identifiable information; it uses pseudonymous data and cookies for ad delivery (see their Cookies Policy).
• Adsterra may use cookies or similar identifiers for ad delivery; see their Cookies Policy for details.

Learn more about cookies and data use:Adsterra Cookies Policy.

12. Children and Household Members

Households can include multiple members. A Household may only be created by a responsible adult (“Household Admin”). The Household Admin controls invitations and permissions for Household members.

The Service is not intended for children under the age of13. If a minor aged 13–17 uses the Service as part of a Household, we rely on the Household Admin / parent or guardian to provide any consent required by applicable law and to supervise the minor’s use of the Service.

Account type:Minors must use achild account. Child accounts are restricted from accessing features involving contacts or people outside the Household.

Adults-only uploads:Only responsible adults (18+) may upload receipt files/attachments. Minors may use features permitted by the Household Admin but may not upload receipt files/attachments.

13. Sensitive Content; Health/Medical Attachments

Important: We do not post-process uploaded files to remove personal or identifiable information. If identifiable data is present on a receipt or attachment you upload:

• We will not intentionally use such data to identify you
• However, it is your responsibility to remove or redact personal details before uploading if you do not want them stored in our systems
• You should review receipts before uploading to ensure they do not contain sensitive information you wish to keep private

Health/medical attachments are prohibited:The Service is not intended to process or store health or medical documentation. Do not upload attachments that contain health or medical information (including medical bills, prescriptions, or documents revealing health status). If you want to track health-related spending, you may enter it manually without attaching a document.

14. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of material changes by:

• Posting the updated notice on our website
• Sending an email notification (for significant changes)
• Displaying a notice in the Service

The "Last updated" date at the top of this notice indicates when changes were last made.

15. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding your personal information, please contact us:

Email: info@teandy.be
Teandy SRL
Rue d'Henzie 2
6870 Arville
Belgium

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns. Our lead supervisory authority is the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).