AI & OCR Disclosure
1. What happens when you scan a receipt
When you tap "Scan" in VoiceMoneyManager, your phone captures the image and uploads it over a TLS-encrypted connection to our Canadian Amazon S3 bucket. We then send the same image to Google Cloud Document AI for OCR, take the extracted text, and pass it to OpenAI's API for parsing into structured fields (vendor, date, tax, total, suggested category). The structured result is written back to our database in Canada and is shown to you in the app within a few seconds. The image itself is encrypted at rest with AES-256 the entire time.
2. Which sub-processor sees what
- AWS sees your encrypted image and the structured ledger. It does not read your data; it stores it.
- Google Cloud Document AI sees the receipt image for the seconds it takes to extract text, then drops it under its no-retention contractual commitment.
- OpenAI's API sees the extracted text (not the image) for the moments it takes to return parsed fields, in zero-retention / no-training mode.
- SendGrid sees your email address only, to deliver transactional messages.
- Stripe sees your billing info only, and only if you have upgraded to a paid tier.
3. Where your data lives
Your data lives in Canada, in AWS region ca-central-1 (data centres in Montreal and Toronto). The only cross-border step is the transient OCR / parsing call described above, which is governed by contracts that forbid retention or training. If you would rather avoid even that step, switch on Canadian-only processing mode in Settings → AI & Privacy.
4. Training: third-party "no", us "yes, with opt-out"
AWS, Google Cloud, OpenAI, Twilio SendGrid, and Stripe do not use your data to train their models. Our OpenAI account is configured in no-training mode.
AI Canadian Solutions Inc. does use anonymized patterns from receipts — vendor-to-category mappings, common receipt layouts, currency and tax-code distributions — to make the app's receipt-reading more accurate for everyone. Your account identifier, your email, the dollar amounts, and any free-form notes you typed are stripped out before anything is added to the improvement corpus.
5. How you stay in control
In Settings → AI & Privacy you can:
- Turn off contributing anonymized patterns to our improvement corpus, at any time, with no loss of features.
- Switch on Canadian-only processing mode to keep every step inside Canada.
- Download a full export of your data (Settings → Download My Data).
- Delete your account (Settings → Delete My Account). Personal accounts are hard-purged 30 days after deletion; business accounts are held for the 6-year Canadian tax-records-retention period and then purged.
6. Read the full policy
This page is the short version. The full Privacy Policy goes through every category in detail, including our PIPEDA and Quebec Law 25 obligations, breach-notification commitments, and the rights you can exercise against us.