← SinTrámite

Privacy policy

Effective date: 15 April 2026 · Version 1.0

1. Who we are

SinTrámite (“the app”, “we”, “us”) is a mobile application that helps Spanish self-employed workers (autónomos) and small companies (Sociedades Limitadas) capture, review, and hand off business receipts and invoices to their accountant (gestor).

Data controller contact: SinTrámite
Email: hola@sintramite.es

This policy explains what data the app processes, why, where it goes, and what rights you have under the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

2. TL;DR

  • Your data stays on your phone. The app stores every expense, every receipt image, and every setting in a local database on your device. Nothing is uploaded to a cloud account, nothing is synchronised across devices, and you do not need to create an account to use the app.
  • One exception: when you capture a bill, the image is sent over an encrypted HTTPS connection to our own stateless backend server (hosted in Paris, EU), which forwards it to Anthropic (Claude API) for OCR text extraction. The structured response is sent back to your phone. Neither our server nor Anthropic retain your receipts — our server stores nothing, and Anthropic's API terms prohibit training on API inputs and retain data for at most 30 days for abuse monitoring.
  • We do not track you. No analytics, no advertising identifiers, no third-party SDKs beyond the ones listed in §6 below, no fingerprinting, no crash reporters that send data off-device by default.
  • You can delete everything instantly by uninstalling the app.

3. What data the app processes

3.1 Data you create locally

Stored only on your device, in a private app-scoped directory that other apps cannot read:

  • Receipt / invoice images and PDFs you capture with the camera, pick from your gallery, import from your Files app, or receive via the system Share sheet
  • Structured extraction results returned by the OCR pipeline: supplier name, supplier tax ID (NIF/CIF), buyer tax ID, invoice date, base amount, VAT rate, VAT amount, total, category, currency, document type, confidence score, and validation flags
  • Your fiscal profile as entered in Settings: full name, NIF/NIE/DNI/CIF, accountant's email address, preferred language
  • Auto-backup snapshots: up to three rolling snapshots of the above, stored in the same private app directory
  • Supplier learning cache: a local lookup table mapping supplier names you've corrected to their correct NIF and category, so the app can auto-apply your corrections to future captures of the same supplier

None of this data leaves your phone unless you explicitly initiate one of the actions in §3.2 below.

3.2 Data you explicitly send elsewhere

The app only transmits data when you trigger one of these actions:

  1. Capture a receipt. The image bytes (base64-encoded) are sent to our OCR backend. See §4.
  2. Send an export to your accountant. You choose when, where, and to whom. The app opens your system Mail app or the system Share sheet; we do not send anything — you do.
  3. Save a manual backup to a folder. You pick the destination yourself (iCloud Drive, Google Drive, Files, AirDrop, email to yourself). The file does not pass through us.

4. The one backend call — OCR extraction

4.1 What happens

When you tap Take photo, Choose from gallery, Upload file, or share a receipt into the app from another app, the app:

  1. Compresses the image locally (on your device) to reduce size
  2. Sends the compressed image and its MIME type over HTTPS (TLS 1.2 or higher) to our backend server
  3. Our backend forwards the image to Anthropic's Claude API (specifically the Claude Haiku 4.5 vision model) via a server-to-server HTTPS call
  4. Anthropic returns structured data extracted from the image
  5. Our backend relays the structured data back to your phone
  6. The data is written to your local database

4.2 Our backend's role

Our backend is stateless: it does not log receipt content, does not persist images to disk, and does not retain any record of the request after the response is returned. It exists only to hold our Anthropic API key securely (the key cannot live on your phone without being trivially extractable) and to proxy the single OCR call.

The backend runs on Fly.io infrastructure in the Paris region (France, EU). No data is transferred outside the EU by our backend itself.

4.3 Anthropic (sub-processor)

Anthropic is the AI provider that performs the OCR extraction. Under Anthropic's Commercial Terms of Service and Data Processing Addendum:

  • No training: Anthropic commits not to train its models on API inputs or outputs
  • Retention: API inputs and outputs are retained for up to 30 days solely for abuse detection, then deleted
  • Cross-border transfer: Anthropic operates from the United States. The transfer of your receipt image from our EU backend to Anthropic's US infrastructure is covered by Standard Contractual Clauses (SCCs) as adopted by the European Commission, consistent with GDPR Chapter V

4.4 What is not sent to the backend

  • Your fiscal profile (name, NIF/CIF, accountant email)
  • Your expense list or historical data
  • Any metadata identifying you personally
  • Device identifiers, IP address beyond what TLS requires to deliver the packet, or any tracking token

Each OCR call is a single, stateless round-trip containing only the receipt image bytes and its MIME type.

5. Legal basis for processing (GDPR Article 6)

  • Local processing on your device: no legal basis is required because the app is not, in the GDPR sense, “processing” your data on our behalf — the data never leaves your device
  • OCR backend call: Article 6(1)(b) GDPR — performance of a contract. You have installed the app to extract structured data from receipts; sending the image to the OCR pipeline is the specific technical means by which we deliver that service
  • Security and abuse monitoring at the Anthropic layer: Article 6(1)(f) GDPR — legitimate interests of Anthropic and its customers in maintaining a non-abusive API

6. Third-party services and SDKs

6.1 Direct third parties

  • Anthropic, PBC (United States) — Claude API, OCR extraction, covered by §4.3 above
  • Fly.io, Inc. (United States, EU infrastructure used) — our backend's hosting provider. Fly.io processes only metadata needed to route traffic (source IP, TLS handshake, etc.) and does not see decrypted request bodies

6.2 Technical libraries bundled in the app

The app is built on the Expo / React Native framework. Its native runtime and language-localisation features use libraries that run entirely on your device and do not send data off device. No advertising SDK, no analytics SDK, and no crash reporter is bundled in the production build.

6.3 No third-party cookies, trackers, or fingerprinting

The app does not use cookies, advertising identifiers (IDFA on iOS, AAID on Android), or any fingerprinting technique.

7. International data transfers

  • Your local data never crosses any border; it stays on your physical device
  • The OCR image is sent from our Paris backend to Anthropic's US infrastructure under Standard Contractual Clauses (SCCs) — see §4.3

8. Retention

  • On your device: data is retained for as long as the app is installed. Uninstalling the app removes all expenses, images, settings, and snapshots
  • On our backend: data is not retained. The backend holds the request in memory only for the duration of the HTTPS round-trip (~5–15 seconds typically) and has no disk persistence
  • At Anthropic: up to 30 days for abuse monitoring, then deleted, per Anthropic's terms

9. Your rights under GDPR

As an EU data subject, you have the following rights:

  • Right of access (Art. 15) — All your data is already on your device. Open the app to view it in full
  • Right to rectification (Art. 16) — Edit any field on any expense directly in the app
  • Right to erasure / “right to be forgotten” (Art. 17) — Uninstall the app to delete everything. Alternatively, delete individual expenses via long-press on the expense list
  • Right to restriction of processing (Art. 18) — Stop using the capture feature; no further data will be processed
  • Right to data portability (Art. 20) — Use Save backup to a folder in Settings to export a complete, machine-readable ZIP archive of your database and all receipt files
  • Right to object (Art. 21) — Uninstall the app
  • Right not to be subject to automated decision-making (Art. 22) — The OCR extraction produces suggestions only. No decision is made automatically; you review and confirm every expense before it is saved

To exercise any right, or to ask a question, contact us at hola@sintramite.es.

You also have the right to lodge a complaint with the Spanish data protection authority (Agencia Española de Protección de Datos — AEPD) at aepd.es.

10. Security

  • Local data is stored in the app's private sandbox, inaccessible to other applications on your device
  • Receipt images in transit to our backend are encrypted in transit via TLS 1.2 or higher
  • Our backend uses a short-lived, stateless architecture with no persistent disk storage beyond its container image
  • The Anthropic API key is stored as a managed secret on Fly.io, never shipped to client devices

We design the app around the principle of data minimisation: we do not collect data we do not need, we do not store data we do not need, and we do not retain data longer than the specific task requires.

11. Children

The app is not directed at children under 16. We do not knowingly collect data from children. If you believe a minor has used the app, please contact us and we will advise on how to remove any local data (which is, in any case, under the user's direct control via uninstall).

12. Changes to this policy

We may update this policy from time to time. The effective date at the top of this document will reflect the most recent change. For material changes (e.g., adding a new sub-processor, changing data flows), the updated policy will be highlighted inside the app before you next capture a receipt.

13. Contact

For any privacy-related question, exercise of rights, or complaint:

SinTrámite
Email: hola@sintramite.es