You own your data
The receipts and reports you export go to your own Google Drive— under your account, not ours. If you ever stop using Starlog, the folder and everything in it stays with you. There’s no vendor lock-in and no export ransom.
When you connect Drive, Starlog can only access the folder it creates for you — not the rest of your Drive. You can disconnect Drive at any time from in-app Settings.
Encryption & access control
Your data is encrypted in transit and at restby our infrastructure providers. Access is restricted by per-user and per-company security rules, so one account can never read another’s receipts, and the app uses Firebase App Check to limit access to legitimate, verified app instances.
On-device text recognition
Text recognition (OCR) on your receipts runs on your device. The store name, amount, and date are extracted locally — your receipt images are not sent to any third party for text extraction.
Where your data lives
We work with a small set of established processors, each under a data-processing agreement. Cross-border transfers of EU residents’ data rely on the European Commission’s Standard Contractual Clauses.
| Processor | Role | Location of data |
|---|---|---|
| Google / Firebase | Authentication, database, receipt-image storage, serverless functions, crash reporting | Database in India; image storage and functions in the United States |
| RevenueCat | Subscription and purchase processing | United States |
| PostHog | Product analytics and session recordings | European Union |
| Google Drive | Storing the receipts and reports you export | Your own Google account — you control access |
Privacy by design
To find and fix usability problems we record a sample of app sessions. These recordings are privacy-masked by default, and recording automatically stops on any screen that shows your financial data — such as your receipt list and report details. You can object to this at any time.
Retention & deletion
You can delete your account and its data at any time — from in-app Settings → Delete account, or via our delete-account page. On deletion, your personal data is removed from our active systems within 30 days. Billing and transaction records are kept longer where tax law requires, and never include your receipt contents. Anything you’ve already exported to your own Google Drive stays in your Drive — you control it directly.
Compliance
Our data practices are aligned with the EU GDPR and India’s DPDP Act 2023. Starlance LLP is the data controller, and the same contact reaches our Grievance Officer. For the complete detail — the data we collect, legal bases, your rights, and how to exercise them — see our Privacy Policy.
Reporting a security issue
If you believe you’ve found a security vulnerability, or you’re evaluating Starlog and need security details for due diligence, email support [at] starlancegroup [dot] com. We read every report and aim to acknowledge within one business day.