Privacy Policy
Last updated: December 2025
At Recappp, your privacy is our priority. This policy explains what data we collect, how we use it, and your rights regarding your information.
Quick Summary
- We only access Gmail to read transaction receipts — we never read personal emails
- Gmail access is optional and only requested when you choose to enable it
- Health data stays on your device and is never sent to our servers
- We never sell, share, or monetize your personal data
- You can export or delete all your data at any time
Google Sign-In and Basic OAuth Data
When you sign in to Recappp using "Sign in with Google," we request only the minimum permissions necessary for authentication:
OAuth Scopes Used at Sign-In
- openid— Verify your identity securely
- email— Retrieve your email address for account identification
- profile— Retrieve your name and profile picture for personalization
Important: We do not request Gmail or email content access during sign-in. Gmail access is a separate, optional step that you can enable later within the app if you choose.
Your Google account credentials are never stored by Recappp. We use secure OAuth 2.0 tokens that can be revoked at any time.
Email Data Access and Gmail Integration
Gmail Access is Optional
Gmail integration is an optional feature. You can use Recappp without ever connecting your Gmail. If you choose to enable Gmail access, you will be presented with a separate consent screen.
What We Access
If you grant Gmail access, we use read-only permissions to search for and extract data from:
- • Transaction receipts (Amazon, Uber, DoorDash, etc.)
- • Flight booking confirmations (airlines, travel agencies)
- • Hotel and travel reservations
- • Subscription and purchase confirmations
What We Do NOT Access
- ✕Personal conversations or correspondence
- ✕Attachments (other than parsing receipt data)
- ✕Drafts, sent mail, or spam folders
- ✕Emails unrelated to transactions or travel
No Data Sharing for Advertising
We do not use Gmail data for advertising, profiling, or any purpose other than providing you with your personal spending and travel insights. Gmail data is never shared with third parties for marketing or commercial purposes.
Disconnecting Gmail
You can disconnect Gmail at any time through Settings → Connected Accounts → Gmail → Disconnect. When you disconnect:
- • Access to your Gmail is revoked immediately
- • No new data will be fetched from your email
- • You can choose to keep or delete previously extracted data
- • You can reconnect Gmail at any time in the future
Data We Collect
Gmail Data (with your permission)
We request read-only access to your Gmail to find transaction receipts and booking confirmations. We specifically search for emails from known merchants, airlines, and booking platforms.
- • Transaction receipts (Amazon, Uber, DoorDash, etc.)
- • Flight booking confirmations
- • Hotel and travel bookings
Health Data (coming soon, on-device only)
Note: Health integration is planned for a future update. When available, if you choose to connect Apple Health or Google Health Connect, we will read steps, distance, and activity data. This data will be processed locally on your device and used only to generate your health recap visualizations. Health data will never be uploaded to our servers.
Photos (optional, on-device only)
If you grant photo access, we analyze photo metadata (dates, locations) to create memory highlights. Photos are never uploaded to our servers.
Account Information
When you sign in with Google, we receive your name, email address, and profile picture to create your account.
User-Generated Content
Content you voluntarily add to the app, such as manual expense entries, notes, or links, is stored to provide the service.
Coarse Location (optional)
If you enable location features, we may collect coarse location data to enhance travel and photo location insights. This is entirely optional and can be disabled at any time.
Subscription and Billing Data
Recappp offers optional in-app subscriptions (Plus and Pro plans) processed through Apple App Store (iOS) and Google Play (Android).
What We Collect
- • Subscription status (active, expired, trial)
- • Subscription tier (Free, Plus, Pro)
- • Purchase timestamps for entitlement verification
- • Anonymous transaction IDs provided by app stores
No Payment Card Data
We do not collect, store, or have access to your payment card numbers, bank account details, or other financial credentials. All payment processing is handled securely by Apple and Google.
Subscription management (cancellation, refunds) is handled through your device's app store. See our Terms of Service for complete subscription terms.
Optional Third-Party Integrations
Recappp offers optional integrations with third-party services to enhance your recap experience. All integrations are user-initiated and require your explicit consent.
Gmail Integration
Access email receipts for spending and travel data. You control when to connect and disconnect.
Spotify Integration (if available)
Access listening history for music recap features. Entirely optional and user-initiated.
Health Platforms
Apple Health and Google Health Connect for fitness data. Data stays on your device.
For each integration, you will see a clear consent screen explaining what data is accessed. You can revoke access at any time through Settings → Connected Accounts.
Data Safety Summary
Summary of data types collected and their purposes:
| Data Type | Purpose | Shared? |
|---|---|---|
| Email address | Account identification | No |
| Name & profile photo | Personalization | No |
| Email receipts | Spending & travel insights | No |
| Health/fitness data | Health recap (on-device) | No |
| Photo metadata | Memory highlights (on-device) | No |
| Purchase history | Subscription entitlements | No |
| User content | App functionality | No |
| Coarse location (optional) | Travel/photo location | No |
All data is used exclusively for app functionality. We do not sell data to third parties, use data for advertising, or share data with data brokers.
What We Don't Collect
- ✕Personal email content, conversations, or attachments
- ✕Contact lists or address books
- ✕Calendar events or schedules
- ✕Actual photo files (only metadata)
- ✕Bank account credentials or financial login information
- ✕Payment card numbers or CVV codes
How We Use Your Data
We use your data exclusively to:
- • Generate your monthly and yearly recaps
- • Create spending insights and category breakdowns
- • Track travel patterns and destinations
- • Visualize health and fitness trends
- • Curate photo memory highlights
- • Verify subscription entitlements
We do not use your data for advertising, profiling, or any purpose other than providing you with your personal recaps.
Data Security
We implement industry-standard security measures:
- • AES-256-GCM encryption for all stored data
- • TLS 1.3 for all data in transit
- • OAuth 2.0 tokens encrypted and stored securely
- • Regular security audits and monitoring
- • No plain-text storage of sensitive information
Data Retention
We retain your data for as long as you maintain an active account. When you delete your account or request data deletion:
- • Account data is deleted immediately
- • OAuth tokens are revoked within 24 hours
- • Processed recap data is deleted within 7 days
- • Backups are purged within 30 days
Data Deletion and User Rights
You have full control over your data:
- • Access: View all data we have about you
- • Export: Download your data in standard formats (JSON, CSV)
- • Correct: Update inaccurate information
- • Delete: Remove all your data permanently
- • Revoke: Disconnect data sources at any time
- • Portability: Transfer your data to another service
How to Delete Your Data
- In-app: Settings → Privacy → Delete All Data
- Delete account: Account deletion instructions
- Data only: Data deletion instructions
- Email request: support@recappp.app
We respond to all data deletion requests within 48 hours. Upon deletion, your data is permanently removed from our active systems within 7 days and from all backups within 30 days.
GDPR and International Privacy Rights
If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
Right to Access (Article 15)
Request a copy of all personal data we hold about you.
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete data.
Right to Erasure (Article 17)
Request deletion of your personal data ("right to be forgotten").
Right to Data Portability (Article 20)
Receive your data in a machine-readable format for transfer to another service.
Right to Object (Article 21)
Object to processing of your personal data for certain purposes.
Right to Withdraw Consent
Withdraw consent at any time for processing based on consent (e.g., Gmail access).
To exercise any of these rights, contact us at support@recappp.app. We will respond within 30 days as required by GDPR.
Legal Basis for Processing: We process your data based on (1) your consent (e.g., Gmail access), (2) contract performance (providing the service), and (3) legitimate interests (security, fraud prevention).
User Privacy Choices
You can control your data at any time:
- • In-app controls: Go to Settings → Privacy to manage connected accounts and revoke access.
- • Delete your account: Account deletion instructions
- • Delete your data: Data deletion instructions
- • Contact us: Email support@recappp.app
Google API Services Disclosure
Recappp's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- • We only request scopes necessary for core app functionality
- • We do not use Google user data for advertising
- • We do not allow humans to read user data except for support (with consent)
- • We do not sell Google user data to third parties
- • We do not use Google user data to develop AI/ML models unrelated to the app
Third-Party Services
We use limited third-party services:
- • Google OAuth: For secure authentication
- • Apple/Google In-App Purchases: For subscription billing
- • Cloud hosting (Google Cloud): For secure data storage
- • Firebase Crashlytics: For crash reporting (technical data only)
We do not share your personal data with advertisers, data brokers, or any other third parties for commercial purposes.
Children's Privacy
Recappp is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@recappp.app.
Contact Us
For privacy-related questions, data requests, or concerns:
- • App Support: support@recappp.app
- • Business & Policy: foundationalcreations@gmail.com
We aim to respond to all privacy-related inquiries within 48 hours.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the app. Continued use of Recappp after changes constitutes acceptance of the updated policy.