Privacy Policy

Last updated: February 8, 2026

1. Introduction

Brevify ("we," "our," or "us") operates the CartWise mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use CartWise.

2. Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your email address and an encrypted password hash. We do not store plaintext passwords.
  • Receipt data: Photos of receipts you scan are processed by our AI system to extract item names, prices, quantities, and store information. Receipt images are retained for 90 days and then automatically deleted.
  • Shopping list data: Items you add to your shopping list.
  • Household data: If you create or join a household, we store membership information to enable shared access.

Information Collected Automatically

  • Location data: With your permission, we collect your location to provide store-specific features such as crowd indicators and geofenced notifications. Location data is not stored beyond what is needed for these features.
  • Device information: Device model, operating system version, and app version for debugging and compatibility purposes.
  • Usage data: Anonymous analytics about feature usage to improve the app experience.

3. How We Use Your Information

  • Extract and organize receipt data using AI-powered OCR
  • Track prices and detect price adjustments within the 30-day window
  • Generate restock suggestions based on your purchase patterns
  • Provide crowd indicators for local stores
  • Sync your data across devices and household members
  • Send push notifications for price drops and restock reminders (with your permission)
  • Process subscription payments through Apple App Store, Google Play, or Stripe
  • Improve the App's features and user experience

4. Data Storage & Security

CartWise uses a local-first architecture. Your data is stored on your device using an encrypted local database and synced to our cloud infrastructure (hosted on Supabase) when connectivity is available. All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

Receipt images are stored in secure cloud storage and automatically deleted after 90 days. Extracted receipt data (item names, prices, quantities) is retained as long as your account is active.

5. Third-Party Services

  • Supabase: Cloud database, authentication, and file storage.
  • Google Gemini: AI-powered receipt text extraction. Receipt images are sent to Google's Gemini API for processing. Google's data usage policies apply.
  • Apple/Google: App Store and Google Play for subscription management on mobile.
  • Stripe: Payment processing for web subscriptions.

6. Data Sharing

We do not sell your personal information to third parties. We may share anonymized, aggregated data (such as average prices or crowd scores) that cannot be used to identify individual users. Within a household, members can see shared receipt data and price history.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of push notifications at any time
  • Revoke location permissions at any time through device settings

8. Children's Privacy

CartWise is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@cartwise.app