Privacy Policy
Last updated: June 17, 2025
Contents
Overview
claimo. ("we", "us", or "our") is a personal expense automation tool that reads ride receipts from your Gmail inbox to generate reimbursement reports. This Privacy Policy explains what data we access, how we use it, and your rights regarding that data. We take your privacy seriously. We only request the minimum permissions required to deliver the service, and we never sell, share, or monetise your personal information.
What Data We Collect
Google Account Information
Your name, email address, and profile picture — obtained when you sign in with Google. Used to identify your account.
Gmail Read Access (Receipts Only)
We use the Gmail API with a restricted query to search for ride receipt emails from Uber and Rapido only. We read the email body to extract: trip date, amount, pickup/drop-off locations, and service name. We do not read, store, or access any other emails.
Google OAuth Tokens
Access and refresh tokens are stored securely in our database to enable background syncing. These are encrypted at rest and are never shared with third parties.
Receipt Data
Extracted ride data (date, amount, locations, service) is stored in your private account. Only you can see this data.
What We Do NOT Collect
Other emails
We never read, index, or store emails outside of ride receipt queries.
Payment details
We do not collect or store credit card numbers, bank account details, or any payment credentials.
Location tracking
We do not track your real-time location. Location data comes only from receipt emails.
Behavioural analytics
We do not use third-party analytics trackers (e.g. Google Analytics, Meta Pixel) on the dashboard.
How We Use Your Data
Service delivery
To sync your ride receipts, display your expense history, and generate PDF reimbursement reports.
Authentication
To verify your identity and keep your session secure.
Email sync
To periodically query your Gmail for new ride receipts using your stored OAuth token.
Data Storage & Security
Your data is stored on Supabase (PostgreSQL), hosted on AWS infrastructure. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Row-Level Security (RLS) policies ensure that you can only ever access your own data — even if there were a server-side bug. OAuth tokens are stored server-side and are never exposed to the browser or third parties. Generated PDF reports are stored in a private, authenticated storage bucket accessible only to your account.
Third-Party Services
Supabase
Database, authentication, and file storage. Supabase is SOC 2 Type II compliant.
Google APIs
Gmail API for reading receipts and OAuth 2.0 for authentication.
Google Cloud Run
Hosting our PDF generation microservice.
Vercel
Hosting the web application frontend.
Your Rights
Access
You can view all data we hold about you in the app dashboard.
Deletion
You can delete your account and all associated data at any time from Settings → Delete Account. All data is permanently erased within 30 days.
Revoke Access
You can revoke claimo's Gmail access at any time via your Google Account security settings (myaccount.google.com/permissions).
Export
You can export your ride data as CSV at any time from the Rides page.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of claimo after a change constitutes acceptance of the revised policy.
Contact
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:
gajanansr.work@gmail.com
Privacy & data requests