Privacy Policy
Last updated: 4 May 2026
Notaku is a receipt-logging service. This policy explains what information
we collect and how we use it. By using Notaku you agree to this policy.
What we collect
- Account information: your name and email address (and password hash) when you sign up.
- Receipt metadata: we read and write data about your receipts to a Google Sheet associated with your account.
- Usage metadata: the count of receipts processed per month, used to enforce plan limits.
- Audit log: significant actions you take (login, upload, delete) with timestamps.
Where your data lives
Receipt images and the Google Sheet that holds your data are stored inside
Google Drive. During Notaku's private beta, that Drive belongs to Notaku's
operator account; once Sign in with Google ships, your data will move to
your own Drive automatically.
Third-party services
- Anthropic Claude: receipt images are sent to Anthropic's API for vision-based extraction. Per their policy, content is not used to train their models. Image bytes are sent over TLS and not retained by us.
- Google: we use the Sheets and Drive APIs to store your receipts.
- Railway: hosts our application servers and database.
- Stripe (planned): processes payment when you upgrade to a paid plan.
Your choices
- Delete your account: contact us to delete your account during the private beta. A self-serve delete button is on the way.
- Export your data: your data is already in a Google Sheet — export from Google whenever you like.
Security
Passwords are hashed with bcrypt. All connections use TLS.
Contact
Questions? Email us at hello@notaku.ai.
This is a placeholder. The final privacy policy will be reviewed by counsel before public launch.