CarEx (the “App”) helps you track car expenses — fuel, maintenance, parking, insurance, tickets, washes and more — by storing receipts and metadata about your vehicles. This Privacy Policy explains what data the App collects, how it is used, where it is stored, and the choices you have. By using CarEx you agree to the practices described below.
1. Who we are
CarEx is published under the chatdrop.me brand. For privacy questions you can reach us at slava.kolesnik709@gmail.com.
2. Data we collect
2.1 Account data
To use CarEx you sign in with Sign in with Google or Sign in with Apple. When you sign in we receive from the provider:
- Your account identifier (Firebase UID).
- Your email address (or a private relay address, if Apple).
- Your display name, when available.
Authentication is handled by Firebase Authentication. We never see your Google or Apple password.
2.2 Vehicle and receipt data
The App stores the data you create:
- Cars you add (display name, plate, manufacturer, model, year, color, odometer reading and unit).
- Receipts you save (category, total, currency, date, vendor, note, the receipt photo, an optional thumbnail, and OCR text).
- Confidence scores from the on-device extractor and a flag when you correct a parsed value.
- Sync metadata (created/updated timestamps, sync state).
2.3 Photos and camera
To scan a receipt the App requests permission to use your camera or photo library. The image you capture is processed locally to crop the receipt and is then submitted to the receipt-recognition pipeline (see §3). Photos are stored locally on the device and, once synced, in your private Firebase Storage location.
2.4 Subscription data
The App offers a 14-day free trial followed by a paid monthly subscription
(carex_monthly) handled by RevenueCat on top
of Apple App Store / Google Play billing. RevenueCat receives a pseudonymous
user identifier so that your entitlement is recognized across devices. We
do not receive or store your full payment card or App Store/Google Play
account credentials.
2.5 Diagnostic data
The App may produce local debug logs (visible in the device console) for troubleshooting authentication, scanning and purchase flows. These logs are not transmitted to us automatically.
3. How receipt scanning works
Scanning a receipt is an online operation. The sequence is:
- The platform’s native document scanner opens — Google ML Kit Document Scanner on Android and Apple VisionKit on iOS. It runs on the device and is used purely for edge detection and perspective cropping, so the resulting image is a clean shot of the receipt page rather than a wider camera frame.
- The cropped JPEG is then resized locally and uploaded to Firebase AI (Google Cloud Vertex AI / Gemini) together with a prompt that asks the model to read the total, tax, currency, vendor, date and a category. The receipt image leaves your device at this step.
- Gemini returns the extracted fields as JSON. The fields, the prompted model name and the photo are saved to your account so you can review, edit and export them.
Requests to Firebase AI are processed under the Firebase data-processing terms. Per Google’s documentation, Firebase AI requests are not used to train generative models. We do not run our own OCR servers; if you do not want your receipt photo sent to Google, do not use the scan feature — you can still add expenses manually.
You can edit any field after scanning. The corrected value, not the model’s guess, is what is saved.
4. Where your data is stored
| Location | What it holds |
|---|---|
| On your device (Hive) | Cars, receipts, settings, encrypted secure storage for the Apple authorization code used to revoke your token on sign-out. |
| Cloud Firestore | Your receipts, isolated per user and protected by Firebase security rules so only you can read or write your own data. |
| Firebase Storage | Receipt images uploaded for cross-device sync. |
| RevenueCat | Pseudonymous subscription state keyed by a RevenueCat App User ID. |
Firebase services are operated by Google LLC and may store and process data in data centers outside your country, including the United States.
5. How we use your data
- To let you sign in and identify your account on multiple devices.
- To store, sync and display your cars and receipts.
- To extract structured fields from receipt photos.
- To verify your subscription entitlement and unlock paid features.
- To diagnose crashes and bugs from voluntary local logs you may share with us.
We do not sell your personal data, we do not use it for behavioral advertising, and we do not share it with third parties other than the service providers listed in §7.
6. Sharing & export
The App lets you export your data as PDF, CSV or JSON and share it through the system share sheet. You control where shared exports go (email, messaging, cloud storage, etc.). Exports happen on your device.
7. Service providers
The App relies on the following processors:
- Google / Firebase — Authentication, Cloud Firestore, Cloud Storage, Remote Config, Firebase AI.
- Apple — Sign in with Apple, App Store billing.
- Google Play — Google Play billing on Android.
- RevenueCat — Subscription management on top of the App Store / Google Play.
Each provider processes data under its own privacy policy. We recommend you review them.
8. Permissions
- Camera — to take a photo of a receipt.
- Photos / Storage — to pick an existing receipt photo.
- Network — to sync data and verify your subscription.
You can revoke any of these permissions in your device settings; some features will then be unavailable.
9. Data retention
Cars and receipts are kept for as long as your account exists. When you delete a receipt or a car the corresponding document is removed from your cloud collection. When you sign out on Apple, the App also revokes your Apple authorization token. To delete your entire account and associated data, email slava.kolesnik709@gmail.com from the address you signed in with; we will erase your Firebase user, your Firestore data and your Storage objects within 30 days.
10. Security
Data in transit between the App and Firebase is protected with TLS. Local data is stored in Hive boxes inside the App’s private sandbox. Apple authorization codes are stored in the platform’s secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). No system is perfectly secure; you are responsible for keeping your device and your Google / Apple account credentials safe.
11. Children
CarEx is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children.
12. Your rights
Depending on where you live (e.g. EEA, UK, California), you may have rights to access, correct, export or delete the personal data we hold about you, and to object to or restrict its processing. To exercise these rights, contact us at slava.kolesnik709@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
13. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of the page reflects the latest revision. Material changes will be surfaced inside the App.
14. Contact
Questions, requests or complaints: slava.kolesnik709@gmail.com.