JetLedger

Privacy Policy

Last updated: February 23, 2026

Overview

JetLedger is a private expense management application for aviation operations. This Privacy Policy describes how we collect, use, and protect your information when you use our web and mobile applications.

Information We Collect

We collect information you provide directly to us, including:

  • Profile information (name, email address, profile picture)
  • Expense and financial data (amounts, vendors, categories, trip references)
  • Receipt images (uploaded via web, captured via mobile, or forwarded via email)
  • Email metadata when using email-to-receipt (sender address, subject line, attachments)
  • Payment and billing information (processed by Stripe)
  • Usage data and application logs

Camera and Photo Library Access

Our mobile application may request access to your device's camera and photo library for the purpose of capturing and uploading receipt images. Specifically:

  • Camera: Used to photograph receipts for expense tracking. Photos are uploaded to our secure storage and are not shared with third parties.
  • Photo Library: Used to select existing receipt images from your device for upload. We only access images you explicitly select.

Camera and photo library access is optional. You can deny these permissions and still use the application by entering expense data manually.

Mobile Data Collection

When you use our mobile application, we may collect:

  • Device type and operating system version (for compatibility and debugging)
  • App version information
  • Crash reports and error logs (to improve app stability)

We do not collect location data, contacts, or any information from other apps on your device.

Receipt Processing & AI

Receipt images are automatically processed using Anthropic's Claude AI (Haiku model) for data extraction (OCR). This processing extracts information such as vendor name, amounts, dates, line items, locations, and reference numbers.

Images are sent to Anthropic's API for processing and are not retained by Anthropic beyond the API call.

OCR processing is automatic when receipts are uploaded. If you prefer not to have receipt images processed by AI, you can enter expense data manually without uploading receipts.

Email-to-Receipt

Users can forward receipt emails to a JetLedger email address for automatic processing. Inbound emails are received and processed by Resend, our email service provider.

Email metadata (sender address, subject line) and content (body text, attachments) are processed to extract receipt data. Only authorized users with admin or editor roles can submit receipts via email.

Email attachments are stored in Cloudflare R2. Email body text may be processed by AI for data extraction.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process and store your expense records
  • Send you technical notices and support messages
  • Respond to your comments and questions

Data Storage and Security

Your data is stored securely using industry-standard encryption. We use Supabase for database hosting and Cloudflare R2 for file storage. We implement appropriate technical and organizational measures to protect your personal information. Receipt images are stored with encryption at rest and transmitted over HTTPS.

All data changes are recorded in an audit log for compliance purposes, including the user, timestamp, and old/new values.

Authentication sessions can be secured with two-factor authentication (TOTP) when enabled by the user or required by the account administrator.

Third-Party Service Providers

We use the following third-party service providers to deliver our services:

  • Anthropic — Receipt OCR processing. Receipt images and text are sent to the Claude Haiku API for data extraction.
  • Resend — Transactional email delivery (invoices, notifications) and inbound email processing (email-to-receipt).
  • Stripe — Payment processing and subscription management. Billing data is handled directly by Stripe.
  • Cloudflare — File storage via R2 (receipts, profile pictures).
  • Supabase — Database hosting and authentication.
  • Frankfurter API — Currency exchange rates. No personal data is transmitted.

We do not sell your data. These providers process data only as needed to deliver our services.

Cookies & Authentication

We use cookies strictly for application functionality:

  • Session cookies for authentication
  • Step-up authentication cookies (15-minute timeout for admin routes)

We do not use third-party tracking cookies or analytics.

Data Retention

We retain your data for as long as your account is active. Account administrators can export or delete account data at any time through the application settings. Upon account deletion, all associated data including receipt images is permanently removed.

Your Rights

You may request access to, correction of, or deletion of your personal data by contacting your account administrator or reaching out to us directly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@jetledger.io