Privacy Policy

Last Updated: December 11, 2025

1. Introduction

Welcome to AutoSlip, operated by Timberline Tech LLC ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our receipt processing and YNAB integration service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our service:

  • Account Information: Email address and encrypted password
  • YNAB Integration: Your YNAB access token (encrypted), selected plan, accounts, and categories
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Receipt Data: Uploaded receipt images and forwarded receipt emails
  • Transaction Data: Parsed transaction information including vendor names, amounts, dates, and categories

2.2 Automatically Collected Information

  • Usage Data: Feature usage, parsing results, and sync activities
  • Technical Data: Session information, browser type, and IP address
  • Analytics Data: Anonymous product usage analytics (only if you consent during registration)
  • Cookies: Session cookies for authentication (HTTP-only, secure)

3. How We Use Your Information

We use your information to:

  • Provide and maintain our receipt processing service
  • Parse receipt images and emails using AI technology
  • Sync transaction data with your YNAB account
  • Process payments and manage subscriptions
  • Send transactional emails (password resets, trial reminders, subscription notifications)
  • Improve our service through usage analytics
  • Prevent fraud and ensure security
  • Comply with legal obligations

4. Third-Party Services

We do not sell, rent, or share your personal information with any third parties except as described in this policy. Your data is only shared with the following trusted service providers necessary to operate our platform:

  • AI Provider: Google processes your receipt images and forwarded emails for data extraction
  • YNAB: Your transaction data is synced to your connected YNAB account via their API
  • Stripe: Payment processing and subscription management
  • Resend: Email delivery for transactional messages and receipt forwarding
  • Sentry: Error monitoring, session replay, and user feedback (only if you consent during registration). We use anonymized user identifiers and do not share personally identifiable information. Learn more at Sentry's Privacy Policy

These third parties have their own privacy policies and are responsible for their data handling practices.

4.1 YNAB Data Handling

We take special care in handling your YNAB data:

  • Limited Access: We only access your YNAB plan, accounts, and categories to sync parsed transactions
  • Secure Storage: Your YNAB access token is encrypted using AES-256-GCM encryption and stored securely
  • No Financial Credentials: We never access or store your bank account credentials or login information
  • Purpose-Limited Use: YNAB data is used solely for providing our receipt-to-YNAB sync service and is never shared with unauthorized parties
  • User Control: You can disconnect your YNAB integration at any time, which will revoke our access to your YNAB data

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Sensitive data including YNAB tokens are encrypted using strong encryption algorithms
  • Password Security: Passwords are hashed using industry-standard one-way encryption
  • Secure Communication: All data transmission is protected with industry-standard encryption (HTTPS)
  • Session Security: Secure cookies with CSRF protection
  • Rate Limiting: Protection against brute-force attacks
  • Webhook Verification: Cryptographically signed webhooks from third-party services

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion
  • Receipt Files: Automatically deleted 90 days after upload
  • Transaction Data: Retained to provide historical records and sync functionality
  • Password Reset Tokens: Automatically deleted after 7 days

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Export your transaction data
  • Opt-Out: Unsubscribe from marketing emails (transactional emails are required for service operation) or opt out of analytics tracking

To exercise these rights, including opting out of analytics tracking, please contact us at support@autoslip.ai.

8. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

AutoSlip is operated from the United States. If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, your personal data will be transferred to the United States and other countries that may not have equivalent data protection laws.

9.1 Legal Basis for Transfers

We ensure that international transfers of personal data are protected by appropriate safeguards as required by the General Data Protection Regulation (GDPR). We rely on the following transfer mechanisms:

  • EU-US Data Privacy Framework: For transfers to US companies that have self-certified compliance with the EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms that provide adequate safeguards for data transfers

9.2 Third-Party Transfer Safeguards

Our service providers implement the following safeguards:

  • Stripe: EU-US Data Privacy Framework certified
  • Google: EU-US Data Privacy Framework + Standard Contractual Clauses
  • YNAB: Standard Contractual Clauses
  • Resend: Standard Contractual Clauses
  • Sentry: EU-US Data Privacy Framework certified

9.3 Your Rights Regarding Transfers

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Request information about the safeguards we have in place for international transfers
  • Obtain a copy of the Standard Contractual Clauses by contacting us
  • Lodge a complaint with your local data protection supervisory authority

For questions about international data transfers, contact us at support@autoslip.ai.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: support@autoslip.ai

Back to Home