ReimburseMate Privacy Policy
Effective Date: July 5, 2026
Last Updated: July 5, 2026
This Privacy Policy explains how ReimburseMate, Inc. ("ReimburseMate," "we," "us," or "our") collects, uses, shares, and protects information when you use the ReimburseMate mobile application and related services (the "Service"). By using the Service, you agree to the practices described here.
If you do not agree with this Policy, please do not use the Service.
1. Who We Are
ReimburseMate is a mobile application that helps you identify HSA- and FSA-eligible purchases from your receipts and generate reimbursement reports. We are a consumer software product. We are not a bank, a health plan, an HSA or FSA administrator, or a tax advisor.
Contact for privacy questions: support@reimbursemate.com
2. Information We Collect
Account information When you create an account, we collect your name and email address. We use email for sign-in, account verification, password reset, and essential service communications.
Receipt images and receipt data When you scan or upload a receipt, we collect the receipt image and the information extracted from it, including merchant name, purchase date, line items, amounts, and totals. Receipt images may reveal the health-related or medical products you purchased.
Eligibility and reimbursement data We generate and store HSA/FSA eligibility determinations for your purchases, your confirmations or corrections to those determinations, and the reimbursement reports you create.
Diagnostic and crash data If the app crashes or encounters an error, we collect diagnostic information (for example, error logs, device model, operating system version, and app version) to fix problems. We use Sentry for this.
Device and usage information We may collect basic technical information such as device type, operating system, app version, and general interaction data needed to operate and improve the Service.
We do not knowingly collect Social Security numbers, government ID numbers, or payment card numbers through the Service.
3. How We Use Your Information
We use your information to:
Provide the core Service, including scanning receipts, extracting data, classifying eligibility, and generating reimbursement reports.
Maintain your account, authenticate you, and send account-related messages such as verification and password-reset codes.
Diagnose crashes, fix bugs, and improve accuracy and performance.
Protect the Service against fraud, abuse, and security threats.
Comply with legal obligations.
We do not sell your personal information. We do not use your receipt images or receipt data for advertising, and we do not share them with advertisers.
4. How We Share Information With Service Providers
We share information with third-party service providers who process data on our behalf so the Service can function. These providers are contractually limited to using the data only to provide services to us.
Supabase Backend database, authentication, and file storage. Stores your account data, receipt images, and receipt/eligibility data.
Google Document AI Optical character recognition (OCR). Receipt images are sent to Google Document AI to extract text and line-item data.
Anthropic (Claude API) Used as an OCR fallback and to classify HSA/FSA eligibility. Receipt images and/or extracted receipt text are sent to Anthropic for processing. Anthropic acts as our service provider and, under its commercial API terms, does not use this data to train its models.
Sentry Crash and error reporting. Receives diagnostic and device data, not receipt images.
Resend Transactional email delivery (for example, verification and password-reset messages). Receives your email address.
Apple App distribution and, in a future release, in-app purchases. Governed by Apple's own privacy terms.
We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, safety, and security of our users or the public.
If we are ever involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
5. Consumer Health Data Notice
Because receipts can reveal information about health-related products you buy, some of the information you provide may qualify as "consumer health data" under laws such as the Washington My Health My Data Act and similar state laws.
For that data:
We collect it only to provide the eligibility and reimbursement features you request.
We do not sell it.
We share it only with the service providers listed in Section 4, solely to operate the Service.
You may withdraw consent and delete your data at any time (see Section 8).
If your state grants specific consumer health data rights, you may exercise them by contacting us at support@reimbursemate.com.
6. Data Retention
We keep your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete your account data, receipt images, and associated receipt and eligibility data from our active systems. Residual copies may persist in encrypted backups for a limited period before being overwritten, and we may retain limited records where required by law.
7. How We Protect Your Information
We use industry-standard safeguards, including encryption in transit and at rest through our infrastructure providers, and row-level security controls that restrict each user's data to that user. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Your Rights and Choices
Depending on where you live, you may have rights to:
Access the personal information we hold about you.
Correct inaccurate information.
Delete your information.
Withdraw consent for processing.
Request that we not sell or share your information (note: we do not sell personal information).
Deleting your account and data You can delete your account directly in the app at any time through the account deletion flow in Settings. This permanently removes your account and associated data from our active systems as described in Section 6.
To exercise any other right, contact us at support@reimbursemate.com. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.
California residents: you have rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law.
EU/UK residents: where the GDPR or UK GDPR applies, our legal bases for processing are performance of our contract with you, your consent, our legitimate interests in operating and securing the Service, and compliance with legal obligations.
9. Children's Privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
10. International Users and Data Transfers
We operate the Service from the United States, and our service providers may process data in the United States and other countries. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States, which may have different data-protection laws than your country.
11. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated Policy.
12. Contact Us
Questions about this Policy or your data:
ReimburseMate, Inc. support@reimbursemate.com

