Effective date: 6 May 2026
Supermonster ("we", "our", "the app") respects your privacy. This policy explains what data we collect, how we use it, who we may share it with, and your rights.
1. What we collect
Account information
When you create an account, we collect your email address and display name. If you sign in with Apple, we receive the information you choose to share (which may include a private relay email).
Receipt and purchase data
When you scan a receipt, the app extracts item names, prices, quantities, store names, dates, and totals. This data is stored in your account to power spending insights, price tracking, store comparisons, and budgets.
Usage data
We collect basic analytics about how you use the app (screens viewed, features used, crash reports) to improve the product. We also record your subscription status and scan count.
Device information
We collect your device type and operating system version for compatibility and debugging purposes.
2. How we process your data
On-device scanning
Receipt text is first extracted on your device using Apple's Vision framework. No images of your receipts are sent to our servers.
AI-enhanced parsing
To improve accuracy, the extracted text (not the image) may be sent to our secure cloud service for processing by an AI model. This text is used solely to parse your receipt and generate personalised insights.
Data storage
Your account and receipt data is stored using Google Firebase. Data is encrypted in transit and at rest.
3. How we share your data
Service providers
We use the following third-party services to operate the app:
- Firebase (Google) — authentication, database, and cloud functions
- RevenueCat — subscription management
- Anthropic (Claude) — AI-powered receipt parsing and content generation
Each of these services processes data in accordance with their own privacy policies.
Anonymised and aggregated data
We may share anonymised, aggregated data with third parties, including market research firms, consumer goods companies, and retail analytics providers. This data is derived from the purchase information you provide through scanned receipts.
Anonymised data is stripped of all personally identifiable information. It cannot be used to identify you or your household. Examples of anonymised data include: average basket sizes by region, price trends for product categories, and store-switching patterns across the user base.
We do not sell your personal data. Personal data means information that can be used to identify you individually, such as your name, email address, or individual purchase history.
Legal requirements
We may disclose your data if required by law, regulation, or legal process, or to protect the rights, property, or safety of Supermonster, our users, or the public.
4. Your rights
Under UK GDPR, you have the right to:
- Access your data — request a copy of what we hold about you
- Correct inaccurate data
- Delete your account and all associated data (available in Settings > Delete Account, or by emailing us)
- Export your data in a portable format (available to Pro subscribers)
- Object to processing of your data, including the use of your anonymised data in aggregated datasets
- Withdraw consent at any time for any processing based on consent
To exercise any of these rights, email us at privacy@supermonsterapp.com. We will respond within 30 days.
5. Lawful basis for processing
We process your data under the following lawful bases:
- Contract — to provide the service you signed up for (receipt scanning, spending tracking, budgets)
- Legitimate interest — to improve the app, prevent fraud, and generate anonymised market insights
- Consent — for optional features like push notifications
6. Children's privacy
Supermonster is designed for families and is rated 4+. We do not knowingly collect personal information from children under 13 without parental consent. The app is intended to be used by parents and guardians to track household spending.
7. Data retention
We retain your account and receipt data for as long as your account is active. If you delete your account, all personally identifiable data is permanently removed within 30 days. Anonymised data that has already been included in aggregated datasets may be retained indefinitely, as it cannot be linked back to you.
8. International transfers
Your data may be processed in countries outside the UK, including the United States (where our cloud service providers operate). Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR.
9. Changes to this policy
We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app. The "effective date" at the top of this page indicates when the policy was last updated.
10. Contact us
If you have questions about this privacy policy or how we handle your data, please email us at privacy@supermonsterapp.com.