Your privacy matters. This policy explains what data Costcard collects, how we use it, and the choices you have. We keep it plain English — no legalese.

1. What we collect

When you use Costcard, we collect:

• Receipt images and data — photos you upload and the extracted item/price data from them. Stored securely to power price tracking and alerts.
• Device identifier — a randomly generated ID tied to your device, used to identify your account without requiring email or password sign-up.
• Location (general and precise) — your region (city/metro level) to show local trending deals and stock availability. With your permission, we also use precise location to detect when you are near a Costco warehouse, so we can send you relevant shopping reminders and deal alerts. Location data is processed on-device and is not stored on our servers. You can revoke location access at any time in iOS Settings.
• Apple ID (optional) — if you choose to sign in with Apple, we receive a unique identifier and optional email. Used to link your account across devices.
• Voice input (optional) — when you use the microphone to add items to your shopping list, speech is transcribed on-device using Apple's Speech Recognition framework. The transcript text is stored locally and on our servers as part of your list. We do not store raw audio recordings.
• Costco.com import data — when you use the Import from Costco feature, you log into your Costco.com account via an in-app browser (WKWebView). Your Costco credentials are entered directly on Costco's website — we do not store, access, or transmit your Costco username or password. We only receive the purchase history data that your browser session retrieves.
• Usage data — which features you use, so we can improve the app. No personal info is attached to this data.

2. How we use it

• Scanning your receipts and extracting item/price data
• Monitoring prices and sending you alerts when they drop
• Showing you back-in-stock and trending deal notifications
• Maintaining your shopping list and claim history
• Improving app performance and fixing bugs

3. Data storage and security

Your data is stored on Cloudflare's infrastructure, protected by industry-standard encryption in transit and at rest. Receipt images are stored in Cloudflare R2, a private, access-controlled object storage bucket. Only your account can access your images. We do not store raw payment card numbers or financial credentials of any kind.

4. Data sharing

We do not sell, rent, or share your personal data with third parties for advertising or marketing. We do not use any third-party analytics services or ad tracking SDKs. There are no tracking pixels, no fingerprinting, and no behavioral profiling.

We use the following services solely to operate the app:

• Anthropic Claude API — for AI-powered receipt and shelf tag OCR extraction. Receipt and tag images are sent to Anthropic's Claude for processing and are subject to Anthropic's privacy policy. Images are processed in real time and are not used to train AI models.
• Apple Sign-In — if you choose to sign in with Apple, we receive a unique opaque identifier and optionally a relay email address. Apple does not share your real email with us unless you choose to. We use this solely to link your account across devices.
• Apple Push Notifications (APNs) — for delivering price drop alerts, weekly deal digests, and receipt processing updates to your device. You can disable notifications at any time in iOS Settings.
• Cloudflare — for hosting, database (D1), object storage (R2), and infrastructure. All data stays within Cloudflare's network.

5. Your rights and choices

• Delete your data — you can delete your account and all associated data from within the app at any time, or by contacting us at [email protected].
• Receipts — you can delete individual receipts and their data from within the app.
• Notifications — you can disable push notifications at any time in iOS Settings.
• Location — location access is optional. You can revoke it in iOS Settings at any time.
• Microphone & Speech Recognition — voice input is optional. You can revoke microphone and speech recognition access in iOS Settings at any time without affecting any other app functionality.
• Camera & Photos — camera and photo library access is used only for scanning receipts. You can revoke this access in iOS Settings; you can still add receipts by other means.

6. Children's privacy

Costcard is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided personal information through our app, please contact us and we will delete it promptly.

7. Changes to this policy

We may update this policy occasionally. When we do, we'll update the "Last updated" date at the top. For significant changes, we'll notify you within the app.

8. Contact

Questions about this policy or your data? Email us at [email protected] and we'll respond within 48 hours.