← Back to Allvero

Privacy Policy

Effective Date: March 23, 2026
Last Updated: March 23, 2026
App: Alvero
Website: https://allvero.io
Contact: info@allvero.io

1. Introduction

Welcome to Alvero ("we," "our," or "us"). Alvero is an AI-powered receipt scanning app that helps you track your grocery spending automatically.

We are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.

By using Alvero, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.

2. Information We Collect

2.1 Information You Provide

Account Information

  • Full name
  • Email address
  • Password (stored as a secure hash — we never store your plain-text password)

Receipt & Spending Data

  • Receipt images you choose to scan
  • Store names, purchase dates, item names, prices
  • Spending totals and category breakdowns

We do not collect:

  • Your location or GPS data
  • Payment card numbers or banking details
  • Government-issued ID numbers
  • Sensitive health data beyond food spending and voluntary calorie estimates

2.2 Information Collected Automatically

Device & Usage Information

  • Device type and operating system (iOS/Android)
  • App version
  • Crash reports and error logs (for bug fixing only)
  • General app usage patterns (screens visited, features used)

We do not use advertising trackers, fingerprinting technologies, or cross-app tracking.

3. How We Use Your Information

We use your information solely to provide and improve the Alvero service:

| Purpose | Data Used | |---------|-----------| | Create and manage your account | Name, email, password hash | | Send OTP verification codes | Email address | | Process and display your receipts | Receipt images, spending data | | Provide spending analytics | Spending and receipt data | | Send product notifications | Device token (FCM) | | Process Pro subscriptions | Email, subscription status | | Fix bugs and improve the app | Crash logs, usage data | | Respond to support requests | Name, email |

We do not:

  • Sell your data to third parties
  • Use your data for advertising purposes
  • Share your data with data brokers
  • Use your receipt data to train AI models without your explicit consent

4. Third-Party Services

To provide the Alvero service, we work with trusted third-party providers. Each processes only the minimum data necessary.

4.1 Neon (PostgreSQL Database)

  • Purpose: Secure storage of your account and receipt data
  • Data sent: All account and receipt data
  • Location: United States
  • Privacy: https://neon.tech/privacy

4.2 Google Firebase

  • Purpose: Push notifications (FCM) and crash reporting (Crashlytics)
  • Data sent: Device token for notifications, anonymized crash logs
  • Location: United States
  • Privacy: https://firebase.google.com/support/privacy

4.3 RevenueCat

  • Purpose: Managing Pro subscription purchases
  • Data sent: Email address, subscription status, purchase events
  • Location: United States
  • Privacy: https://www.revenuecat.com/privacy

4.4 Resend

  • Purpose: Sending transactional emails (OTP verification, welcome emails)
  • Data sent: Email address, email content
  • Location: United States
  • Privacy: https://resend.com/privacy

4.5 AI Receipt Processing

  • Purpose: Reading and extracting item data from receipt images
  • Data sent: Receipt image (processed and discarded — not stored by AI provider)
  • Note: Receipt images are sent to our AI service for processing only. They are not retained by the AI provider after processing is complete.

5. Data Storage and Security

Storage

Your data is stored on Neon PostgreSQL servers located in the United States. All data is encrypted at rest and in transit using industry-standard TLS/SSL encryption.

Security Measures

  • Passwords are hashed using bcrypt (never stored in plain text)
  • All API communication uses HTTPS
  • Authentication tokens are stored securely on your device using encrypted storage (iOS Keychain / Android Encrypted SharedPreferences)
  • We perform regular security reviews

Retention

We retain your data for as long as your account is active. If you delete your account, your personal data is marked for deletion and permanently removed within 30 days, except where we are required to retain it for legal reasons.

Receipt data is retained for the duration of your account to provide historical analytics. You may delete individual receipts at any time within the app.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and all associated data
  • Portability: Request your data in a machine-readable format (CSV export available on Pro plan)

European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with your local supervisory authority

Our legal basis for processing your data is:

  • Contract performance — to provide the Alvero service you signed up for
  • Legitimate interests — to improve and secure our service
  • Consent — for optional features like notifications (you can withdraw at any time)

California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

How to Exercise Your Rights

To exercise any of these rights, contact us at info@allvero.io with the subject line "Privacy Request." We will respond within 30 days.

7. Children's Privacy

Alvero is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@allvero.io and we will delete it promptly.

8. International Data Transfers

Alvero is operated from and your data is primarily stored in the United States. If you are located outside the United States, please be aware that your data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the EEA, such transfers are made under appropriate safeguards including Standard Contractual Clauses (SCCs).

9. Push Notifications

If you grant permission, Alvero may send you push notifications such as:

  • Budget exceeded alerts
  • Weekly spending summaries

You can disable notifications at any time:

  • In-app: Settings → Notifications → toggle off
  • Device: iOS/Android notification settings for Alvero

Disabling notifications does not affect your account or data.

10. Cookies and Tracking

The Alvero mobile app does not use cookies.

Our website (allvero.io) may use minimal, essential cookies for functionality. We do not use advertising cookies or third-party tracking cookies on our website.

11. Links to Third-Party Sites

Our app and website may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email or in-app notification for material changes

Your continued use of Alvero after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Alvero
Email: info@allvero.io
Website: https://allvero.io
Support: https://allvero.io/support

We aim to respond to all privacy-related inquiries within 5 business days.

This Privacy Policy was written for Alvero and is specific to our data practices. It is not a legal template and does not constitute legal advice. We recommend consulting a qualified attorney for compliance with applicable privacy laws in your jurisdiction.