Privacy Policy

What Sockaway collects, why, and how it's protected.

Last updated: April 16, 2026.

Plain-English summary: Sockaway exists to keep your spending receipts in one private place. We collect the smallest amount of data we need to make that work. We do not sell your data, run ads, or share it with brokers or analytics resellers. The receipts you capture are yours; you can export or delete them at any time.

1. Who we are

Sockaway is operated by Outwork LLC ("Sockaway", "we", "us"). For privacy questions, contact hello@sockaway.app.

2. What we collect

Information you give us

• Account email and password (or your Apple / Google sign-in identifier). Used to sign you in and recover your account.
• Receipts you capture — paper-receipt photos, forwarded emails, voice transcripts, and SMS receipts you share to us. Each captures the merchant, amount, line items, payment method, and date as visible on the receipt.
• Optional profile fields: display name, monthly budget, custom categories.

Information we generate

• A unique forwarding email address (e.g. kj7m4n2p3q@inbox.sockaway.app) so you can forward receipts to us. Public-but-unguessable.
• A device-push token (FCM) so we can notify you when a receipt is parsed. Stored against your account; never sold.
• Subscription status (Free / Premium) and the platform receipt id from Apple / Google for billing reconciliation.

Things we explicitly do NOT collect

• We never read your inbox via OAuth — only the emails you forward to your unique address.
• We do not run ads or include third-party tracking SDKs.
• We do not sell or share your purchase data with brokers, retailers, or analytics resellers.
• We do not store the audio of voice receipts — only the transcript your phone produces locally.
• We do not track your location.

3. How your data flows

1. You capture a receipt (photo, voice, email-forward, or SMS share).
2. The capture is sent to our backend over TLS (HTTPS).
3. Our backend asks Anthropic's Claude API to extract structured data (merchant, line items, total). Anthropic does not retain or train on this data per their Acceptable Use Policy.
4. The structured receipt is saved to your private database row in Supabase (US-East-1).
5. You see it in the app.

4. Where we host

• Database + storage: Supabase (Amazon AWS US-East-1).
• Edge functions: Supabase / Deno Deploy.
• Email send (transactional): Resend.
• Push notifications: Firebase Cloud Messaging (Apple APNs / Google FCM).
• AI parsing: Anthropic API.

5. Who can see your data

• You — full access via the app.
• Sockaway employees — only when you explicitly authorize support access (e.g., asking us to debug a missing receipt).
• Subprocessors above — limited access necessary to operate the service.
• Law enforcement — only with a valid legal request, and only the minimum required.

6. Your rights

• Export — download your receipts as CSV or JSON anytime (in-app, coming soon).
• Delete — Settings → "Delete account permanently" wipes your profile, receipts, line items, categories, budgets, device tokens, and forwarding address. Audit logs (subscription history) are kept but stripped of any link to you.
• Correct — edit any receipt or profile field in the app.
• Object — email hello@sockaway.app to opt out of any specific processing.
• If you're in the EU/UK: the GDPR rights of access, portability, rectification, erasure, restriction, and objection apply.
• If you're in California: CCPA/CPRA rights of access, deletion, correction, and opt-out of sale apply (we do not sell data, so opt-out is a no-op).

7. Children

Sockaway is not directed at children under 13. If you believe a child has used the service, email us and we will delete the account.

8. Changes

We update this policy when our practices change. We will notify users by email at least 30 days before any material change. Old versions will be available on request.

Outwork LLC
hello@sockaway.app