APP Privacy Policy

Track Ease – Application Privacy Policy

1. Overview

This policy governs the acceptable use of the iOS application designed for document upload and AI-powered text analysis.
The application integrates with Google Drive, Google Sheets, Google Vision, and OpenAI’s GPT-4o to enhance user productivity
in organizing financial or receipt-related data.

2. User Eligibility

  • Users must possess a valid Google account to use the application.
  • Users must consent to grant the app access to their Google Drive and Google Sheets via OAuth authentication.

3. Authorized Access and Use

Users are permitted to:

  • Sign in using Google Sign-In on the Login Page.
  • Access the Profile page to configure Settings:
    • Select preferred directories in Google Drive.
    • Configure the default destination for file uploads.
    • Share spreadsheets with other Google Drive users.
  • Use the Scan Page to:
    • Capture receipts using the device’s camera and upload image and PDF files.
    • Upload image and PDF files directly to selected folders on Google Drive.
  • Browse and access both owned and shared spreadsheets and directories within Google Drive.
  • Access the Dashboard and Analytics pages to view monthly tracked expenses meaningfully.

4. AI-Driven Features

  • Leverage OCR (Image to Text) functionality to extract textual content from images using Google Vision and from PDFs using GPT-4o.
  • Utilize text analysis and mapping to automatically map extracted data to relevant spreadsheet columns (Expenses, Accounts, and Prompts Sheets).

5. Data Handling and Automation

  • Extracted and analyzed data will be inserted automatically into designated Google Sheets as configured by the user.
  • Users are responsible for reviewing and confirming the accuracy of inserted data.
  • The application does not modify or delete any existing files unless explicitly authorized by the user.

6. Privacy and Security

  • All Google Drive and Google Sheets access tokens are stored securely and used only for the duration of the session.
  • Uploaded documents and OCR data are transmitted securely and are not retained beyond processing, stored only on the user’s Google Drive.
  • We process information using the Google Vision API for OCR and the ChatGPT API for data mapping. Personal data is neither stored nor shared with any external parties, ensuring privacy is maintained throughout the process.

7. Limitations and Restrictions

  • Users are prohibited from using the application for unlawful or fraudulent activities.
  • Uploading content that violates Google’s or OpenAI’s content policies is not permitted.
  • Users must not attempt to access or manipulate files and data they do not own or have not been granted access to.

8. Support and Feedback

Feature completion, bug reports, and feedback may be submitted through the application’s support interface or via the designated support contact.

9. Updates and Future Enhancements

The application may introduce new features or integrations. Users will be notified of:

  • Major UI/UX changes.
  • New automation capabilities.
  • Updated integration scopes.

10. Acknowledgement

By using this application, the user acknowledges and agrees to the terms outlined in this User Policy,
including data usage, integration with third-party services, and responsibility for reviewing uploaded and processed content.

Data Protection and Security Measures

To ensure the protection of sensitive data accessed through Google APIs, the following safeguards are implemented:

1. Direct Google-to-Device Communication

All data is transmitted directly between the user’s device and Google servers. No intermediate servers or proprietary APIs intercept, log, or store this information.

2. Encryption in Transit

All communication between the application and Google services is secured using HTTPS with TLS (Transport Layer Security), ensuring that data cannot be intercepted or altered during transmission.

3. Secure OAuth Token Handling

Authentication is handled via Google OAuth 2.0. Access tokens are securely generated and stored using device-protected storage mechanisms and are never exposed publicly or transmitted to unauthorized systems.

4. No Server-Side Storage

The application does not store sensitive data on any external or proprietary servers. Any temporary caching is limited to the user’s device and is protected by the operating system’s security model.

5. Least-Privilege Access and User Control

We adhere to the principle of least privilege. We request only the minimum necessary permissions required for core functionality (managing your receipts and spreadsheets). The application does not access or scan entire Google Drive accounts. Instead, our access is limited to:

  • Folders and Spreadsheets that the user specifically selects or creates within the application.
  • Creating and uploading new receipt files into a user-specified folder.
  • Reading, adding, updating, and deleting data within selected Google Sheets files.

6. Data Minimization

Only essential data required to perform user-requested operations is processed. No Drive or Spreadsheet data is retained beyond the active session unless initiated by user action.

7. User Control and Consent

Users have full control over granted permissions and may revoke access at any time via their Google Account security settings.

8. No Use for Advertising or Profiling

Data accessed through Google APIs is not used for advertising, marketing, profiling, or analytics beyond core application functionality.

9. Incident Response

In case of any suspected security vulnerability within the application, prompt mitigation procedures will be implemented to protect user data and notify affected users when applicable.

Compliance Statement

This application complies with the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google APIs is used strictly to provide or improve user-facing features and is never repurposed for unrelated activities.