ReceiptKidReceiptKid

Privacy Policy

How we collect, use, and protect your data

Last updated: April 2025

This Privacy Policy explains how Eden Ecommerce Ltd ("ReceiptKid", "we", "us", or "our") collects, uses, and protects your personal information when you use our mobile application and website (collectively, the "Service"). We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Plain English Summary

ReceiptKid is a parent-managed family tool for teaching children about money. Here is what that means for your privacy:

  • Parents control the account. Children cannot sign up independently.
  • We do not advertise to children. No third-party ads, no behavioural tracking.
  • We do not sell your data. Ever.
  • Balances in the app are not real money. ReceiptKid is a tracking tool, not a bank.
  • You can delete your data at any time. Email us and it's gone within 30 days.
  • Analytics are anonymised. We cannot identify you from our analytics data.

Contents

  1. Plain English Summary
  2. 1. Who We Are
  3. 2. Data We Collect
  4. 3. Why We Collect Each Type of Data
  5. 4. Legal Basis for Processing
  6. 5. Children's Data (Enhanced Protections)
  7. 6. Third-Party Services We Use
  8. 7. Analytics and Tracking
  9. 8. Sharing Your Data
  10. 9. Data Retention
  11. 10. Your Rights
  12. 11. Security
  13. 12. Cookies
  14. 13. Changes to This Policy
  15. 14. Contact Us

1. Who We Are

Eden Ecommerce Ltd is the data controller for personal information collected through the ReceiptKid app and website.

Eden Ecommerce Ltd

Registered in England and Wales

Email: [email protected]

Website: receiptkid.com

2. Data We Collect

We collect different data depending on whether you are a parent/guardian or a child user:

Parent / Guardian Account

  • Name and email address (required to create an account)
  • Password (stored as a one-way hash — never readable)
  • Profile photo (optional)
  • Subscription and billing status (not card details — handled by the App Store)
  • Device type, OS version, and app version (for crash reporting)
  • Anonymised usage data (which features are used, screen views)

Child User (added by a parent)

  • Display name or nickname (set by the parent)
  • Age range (used only to apply appropriate privacy protections)
  • Receipt images uploaded by the child for reimbursement requests
  • Expense descriptions, amounts, and categories
  • Approval and decline records (created by the parent)

We do not collect: precise location data, contacts, microphone access, or any data unrelated to the family money-tracking purpose of the app.

3. Why We Collect Each Type of Data

We only collect data we genuinely need. Here is the purpose for each type:

DataWhy we collect it
Email addressTo provide account access and send important account notifications
Child display name / age rangeTo personalise the experience and apply correct privacy protections
Receipt images & expense dataTo track balances between family members — the core purpose of the app
Device & crash dataTo fix bugs and keep the app stable
Anonymised usage analyticsTo understand which features are useful and improve the app
Subscription statusTo unlock premium features for paying subscribers

5. Children's Data (Enhanced Protections)

Important: ReceiptKid is a parent-managed tool

Children cannot create independent accounts. All child accounts are created and managed by a parent or guardian who holds the primary account.

Children's data has enhanced protections under UK GDPR and the ICO's Children's Code (Age Appropriate Design Code). We apply the following safeguards:

  • Children aged under 13 can only be added to a family group by a parent or guardian — they cannot register independently.
  • We collect only the minimum data necessary for a child to use the app (display name, age range, and expense records).
  • Child accounts cannot change their own email address, cannot add other family members, and cannot access any payment or subscription information.
  • We do not display advertising to child users.
  • We do not use behavioural tracking or profiling for child users.
  • We do not share child data with third parties for marketing purposes.
  • Parents can view, correct, or delete their child's data at any time from within the app or by contacting us.

If you believe we have inadvertently collected data from a child without appropriate parental consent, please contact us immediately at [email protected] and we will delete it promptly.

6. Third-Party Services We Use

We use the following categories of third-party services to operate the app. Each provider is contractually bound to process data only on our instructions and in accordance with UK GDPR:

Service typePurposeCollects identifiers?
Cloud hosting & storageStores account data and receipt images securelyYes — processed on our behalf only
Push notificationsSends approval/decline alerts to family membersDevice token only
Crash reportingCaptures app errors to help us fix bugsDevice type & OS — no personal data
Anonymised analyticsTracks feature usage to improve the appNo — fully anonymised
Payment processingHandles premium subscription billing (Apple / Google)Subscription status only — card data never reaches us

We do not use third-party advertising networks, ad exchanges, or data brokers. No third party receives data about child users for any purpose other than operating the Service on our behalf.

7. Analytics and Tracking

We use anonymised analytics to understand how the app is used and to prioritise improvements. Our analytics approach:

  • Fully anonymised: We cannot identify individual users from our analytics data.
  • No behavioural advertising: Analytics data is never used to serve targeted ads.
  • No cross-app tracking: We do not track users across other apps or websites.
  • No child profiling: We do not build profiles of child users for any purpose.
  • Purpose-limited: Analytics is used only to improve the ReceiptKid app.

You can opt out of analytics by contacting us at [email protected].

8. Sharing Your Data

We share your data only in the following circumstances:

Within your family group: Expense requests, amounts, and approval decisions are visible to all members of your family group. You control who is in your group.

Service providers: As described in Section 6, we share data with trusted providers who process it on our behalf.

Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.

Business transfers: If Eden Ecommerce Ltd is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you at least 30 days in advance.

We never sell your data to third parties.

9. Data Retention

Data typeRetention period
Account dataRetained while the account is active; deleted within 30 days of account closure
Receipt images & expense recordsRetained while the account is active; deleted on account closure. Individual records can be deleted at any time in-app.
Child account dataDeleted within 30 days of the child being removed from the family group or the parent account being closed
Financial transaction recordsUp to 7 years as required by UK law
Anonymised analyticsRetained indefinitely (cannot identify you)
Support correspondence3 years from the date of the last communication

10. Your Rights

Under UK GDPR, you (and parents acting on behalf of their children) have the following rights:

  • Access: Request a copy of the personal data we hold about you or your child.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Ask us to delete your data or your child's data ("right to be forgotten").
  • Restriction: Ask us to restrict processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent (e.g. child data), withdraw it at any time by removing the child from your family group or closing the account.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Security

We use industry-standard encryption (TLS) for data in transit and encrypt sensitive data at rest. Passwords are hashed using bcrypt and are never stored in plain text. Access to production data is restricted to authorised personnel only.

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately at [email protected].

12. Cookies

Our website uses only essential cookies required for the site to function. We do not use advertising cookies or third-party tracking cookies. The ReceiptKid mobile app does not use browser cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or by email at least 14 days before the changes take effect. The current version is always available at receiptkid.com/policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Eden Ecommerce Ltd

Registered in England and Wales

Email: [email protected]

Website: receiptkid.com

Last updated: April 2025Age Suitability · Terms of Use (EULA)