Privacy Policy
Last updated: March 12, 2026
01Overview
Fake Receipt Maker ("we", "us", or "our") operates the website fake-receipt-maker.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit and use our Service.
By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.
We are committed to protecting your personal data and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable.
02Data We Collect
Information you provide directly
- Account registration: email address and password (or OAuth token if you sign in with Google).
- Payment information: billing name and payment card details. Card details are processed and stored exclusively by Stripe - we never see or store raw card numbers.
- Saved templates: the receipt content (store name, line items, settings) you explicitly save to your account. This data is stored in our database only when you click "Save".
- Support messages: name, email, and message content submitted via our contact form or feature request form.
Information collected automatically
- Usage data: pages visited, features used, time spent, clicks, and navigation paths.
- Device data: browser type, operating system, screen resolution, and language.
- Log data: server access logs including timestamps and HTTP status codes, retained for up to 30 days for security and debugging.
What we do NOT collect
- Receipt content generated in the editor without saving - all rendering happens client-side in your browser.
- Sensitive personal information such as government ID, social security number, or health data.
- Payment card numbers - these are handled entirely by Stripe.
03How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide and operate the Service | Account data, saved templates | Contract performance |
| Process payments and manage subscriptions | Email, Stripe customer ID | Contract performance |
| Send transactional emails (receipts, password reset) | Email address | Contract performance |
| Improve the Service and fix bugs | Usage data, log data | Legitimate interest |
| Prevent fraud and abuse | IP address, usage patterns | Legitimate interest |
| Respond to support requests | Contact form data | Legitimate interest |
| Send product update emails (opt-in only) | Email address | Consent |
| Comply with legal obligations | Account data, billing records | Legal obligation |
We do not use your data to train AI models, sell it to advertisers, or share it with third parties for their own marketing purposes.
05Third-Party Services
We work with a small number of third-party services to operate the platform:
- Supabase (database & authentication) - stores account data and saved templates. Hosted on AWS. Privacy Policy.
- Stripe (payments) - processes all subscription billing. Stripe is a PCI-DSS Level 1 certified provider. We share your email address and name with Stripe to create a billing account. Privacy Policy.
- Cloudflare (hosting, CDN & Workers) - serves the website and runs server-side rendering. May log IP addresses as part of standard web server logs. Privacy Policy.
- Google Fonts - loads typefaces used in the interface. Google may log the request IP. Fonts used: Space Grotesk, Instrument Sans.
We do not sell or share your personal data with any other third parties.
06Data Retention
- Account data is retained as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days.
- Saved templates are deleted immediately when you delete them, or within 30 days of account deletion.
- Billing records are retained for 7 years to comply with financial and tax regulations.
- Support messages are retained for up to 2 years to resolve follow-up queries.
- Server logs are retained for 30 days and then deleted automatically.
07Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of all personal data we hold about you.
- Rectification: correct inaccurate personal data.
- Erasure ("right to be forgotten"): request deletion of your personal data. You can do this directly by deleting your account from the Account page, or by emailing us.
- Restriction: ask us to limit processing of your data in certain circumstances.
- Portability: receive your saved data in a structured, machine-readable format (JSON export available from the Account page).
- Objection: object to processing based on legitimate interest.
- Withdraw consent: opt out of marketing emails at any time using the unsubscribe link in any email, or from your Account settings.
To exercise any of these rights, please email us at hello@fake-receipt-maker.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.
If you are an EU/EEA resident and believe your rights have not been respected, you have the right to lodge a complaint with your local supervisory authority.
08Children's Privacy
Our Service is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hello@fake-receipt-maker.com and we will delete it promptly.
09Security
We implement appropriate technical and organizational measures to protect your personal data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Passwords are hashed using industry-standard algorithms - we never store plain-text passwords.
- Access to production databases is restricted to authorised personnel only.
- We conduct regular security reviews and apply dependency updates promptly.
- Row-Level Security (RLS) policies ensure users can only access their own data.
No system is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.
10International Data Transfers
Our infrastructure is primarily hosted in the United States (Cloudflare, Supabase on AWS us-east-1). If you are accessing the Service from outside the United States, your data may be transferred to and processed in the U.S.
For users in the EU/EEA, such transfers are made under appropriate safeguards, including Standard Contractual Clauses (SCCs) where required. Our sub-processors (Supabase, Stripe, Cloudflare) are all subject to equivalent data protection commitments.
11Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will also notify you by email (if you have an account) or by displaying a prominent notice on the Service at least 14 days before the change takes effect.
Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
12Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: hello@fake-receipt-maker.com
- Contact form: fake-receipt-maker.com/contact
We aim to respond to all privacy-related inquiries within 5 business days.