Privacy Policy

This Privacy Policy explains how 42DIGITAL ("we", "us", or "our") handles your information when you use the HSA Vault mobile application (the "App"). We built this app with privacy as the foundational feature. Because we deal with health savings accounts and medical receipts, our core philosophy is: if we don't need the data, we don't collect it.

1. How We Store Your Data (Local-First)

All data you input into HSA Vault—including receipt images, merchant names, itemized lists, notes, and total amounts—is stored locally on your device's internal storage using secure mobile frameworks. We do not maintain a central database of our users' transaction history.

2. How the AI Receipt Scanner Works

When you choose to scan a receipt using our AI functionality, the following temporary process occurs:

• The receipt image is compressed locally on your device.
• The compressed image is sent securely via an encrypted connection to a proxy server operated by 42DIGITAL.
• The proxy server immediately forwards the image to our AI provider (OpenAI) to perform Optical Character Recognition (OCR) and item categorization.
• The AI provider returns the extracted text data (merchant, date, totals, items) to your device.
• Immediate Deletion: Our proxy server does not log, save, or store the image or the returned data. Furthermore, via our enterprise API agreement, OpenAI is strictly prohibited from using your receipt images or data to train their machine learning models.

3. Device Permissions

The App requests the following device permissions to function properly:

• Camera: Required to take live photos of your medical receipts.
• Photo Library: Required to select existing receipt images from your camera roll.

You may revoke these permissions at any time in your device's settings, though this will limit the App's ability to scan new receipts.

4. Google API Services User Data Policy

Our application's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, regarding our Cloud Sync feature:

• Data Accessed: If you choose to enable Google Drive Cloud Sync, our application requests access to a hidden, app-specific folder within your Google Drive (using the drive.appdata scope).
• Data Usage: We use this access exclusively to upload, download, and synchronize a securely encrypted backup file (containing your receipt ledger and images) to your personal Google Drive. This ensures you can restore your Vault on a new device.
• Data Sharing: We do not share, transfer, or sell your Google user data or your Drive contents to any third parties. We explicitly do not use or share Google user data for serving advertisements.
• Data Storage & Protection: Before any data leaves your device to be stored in Google Drive, it is bundled and encrypted using AES-256 with a Master Key that only you know. The data stored in your Google Drive is entirely unreadable without this key.
• Data Retention & Deletion: Your encrypted backup remains in your Google Drive until you delete it. You can overwrite it by creating a new backup, revoke our application's access at any time via your Google Account security settings, or explicitly unlink your account within the HSA Vault settings.

5. Analytics and Crash Reporting

To improve the App's stability, we may collect anonymous, aggregated crash reports (e.g., what type of device crashed and on what screen). These reports never contain your receipt data, medical information, or personal identifiers.

6. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Because we do not collect user emails for account creation, it is your responsibility to review this policy periodically.

7. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please reach out to us at:

Website: HSA Vault Support Center
Company: 42DIGITAL