Get Started

Privacy Policy

Effective Date: 28 March 2026

Claimly (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, disclosed, and protected when you use the Claimly mobile application (“the App”) and related services.

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). By using the App, you consent to the collection, use, and disclosure of your information as described in this policy.

1. Information We Collect

We collect the following categories of personal information, limited to what is reasonably necessary to provide our tax expense tracking service:

1.1 Account & Profile Data

When you create an account via our authentication provider, we collect:

  • Email address
  • Name
  • Profile picture (if provided by your identity provider)
  • Email verification status

1.2 Financial & Tax Data

To provide our expense ledger and tax deduction tracking functionality, we collect:

  • Receipt images you upload (photographs or scans of physical receipts)
  • Extracted receipt data including merchant name, date, currency, totals, subtotals, tax/GST amounts, discounts, tips, rounding amounts, service fees, and individual line items
  • Claim categorisation data including ATO deduction categories, claim percentages, and claimed amounts
  • Annual income (if you choose to provide it, used for tax context)
  • Exchange rate information for receipts in foreign currencies

1.3 Technical & Device Data

  • Local storage data — the App stores preferences and cached data on your device using standard platform storage mechanisms
  • Sync metadata — timestamps and status information required to synchronise your offline data with our cloud infrastructure

1.4 Information We Do Not Collect

  • We do not collect precise geolocation or GPS data
  • We do not use analytics, advertising trackers, or third-party tracking SDKs
  • We do not use cookies (the App is a native mobile application)

2. How We Use Your Information

We process your personal information for the following purposes:

  • Providing the service — securely storing your financial ledger, receipt images, and expense records in our database
  • AI-powered data extraction — sending your receipt images to AI processing services to automatically extract merchant names, amounts, dates, line items, GST, and other receipt data to save you manual data entry
  • Tax deduction categorisation — organising your expenses into ATO-aligned deduction categories
  • Data export — generating PDF reports and CSV files of your expenses for use by you or your accountant
  • Account management — authenticating your identity and maintaining your account
  • Service improvement — fixing bugs and improving app functionality (using aggregated, de-identified data only)

3. Automated Processing & AI Disclosure

Claimly uses artificial intelligence (AI) services to automatically extract and categorise information from your receipt images. You should be aware that:

  • AI-extracted data may contain errors. The AI may misread amounts, dates, merchant names, or other receipt details. It is your sole responsibility to carefully review, verify, and correct all AI-extracted data before relying on it for any purpose, including tax deductions, financial records, submissions to your accountant, or filings with the ATO.
  • Categorisation suggestions are automated and may be incorrect. ATO deduction categories, claim percentages, and expense classifications suggested by the App are generated algorithmically. They do not constitute tax advice, financial advice, or any professional recommendation. The App cannot assess your individual tax circumstances, and automated categorisations may be wholly inappropriate for your situation.
  • You bear all responsibility for your tax filings. Claimly does not verify, validate, or guarantee that any expense is legitimately deductible, that any claim amount is correct, or that any categorisation is appropriate. If you rely on AI-extracted or AI-categorised data without proper verification, you accept all risk of errors, including the risk of overclaiming deductions, underclaiming, incurring ATO penalties, interest charges, or audits.
  • No fully automated consequential decisions. We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing. All extracted data is presented for your review and manual confirmation before you choose to rely on it.

4. Third-Party Services & Data Sharing

To provide our services, we share necessary data with the following trusted third-party providers:

ProviderPurposeData Shared
Auth0 (Okta)Authentication & identity managementEmail, name, profile picture
AWS S3 (or S3-compatible storage)Secure receipt image storageReceipt images
OpenAI (via LiteLLM proxy)AI-powered receipt data extractionReceipt images (temporarily, for processing only)

AI data usage: Under our API/enterprise agreements, OpenAI does not use your receipt images or extracted data to train their models. Receipt images are transmitted solely for the purpose of real-time data extraction and are not retained by the AI provider beyond the processing request.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5. International Data Transfers

Some of the third-party services we use are based in the United States, including Auth0 (Okta) and OpenAI. This means your personal information may be transferred to, stored, and processed in the United States or other countries outside Australia.

In accordance with Australian Privacy Principle 8, before disclosing your information overseas, we take reasonable steps to ensure that overseas recipients handle your information consistently with the APPs. This includes:

  • Entering into contractual arrangements that require the overseas recipient to comply with privacy obligations comparable to the APPs
  • Using providers that maintain recognised security certifications (e.g., SOC 2, ISO 27001)
  • Limiting the data shared to only what is necessary for the specific service

6. Offline Functionality & Local Storage

Claimly is designed with an “offline-first” philosophy:

  • When offline, your data (including receipt images and extracted data) is stored locally on your device using standard platform storage and local preferences
  • When connectivity is restored, your device automatically synchronises this data with our secure cloud infrastructure
  • Local data is stored in the App’s sandboxed storage area and is not accessible to other applications on your device

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption in transit — all data transmitted between the App and our servers uses TLS/HTTPS encryption
  • Encryption at rest — data stored on our servers is encrypted at rest
  • Access controls — your data is accessible only to your authenticated account; row-level security ensures users can only access their own records
  • Infrastructure security — our backend services are hosted on secure, managed infrastructure with regular security updates

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Data Retention & Deletion

  • Active accounts — we retain your data for as long as your account remains active
  • Account deletion — if you request account deletion (available within the App settings), all your data — including receipt images, extracted financial records, and profile information — will be permanently deleted from our servers within 30 days
  • Backup copies — residual copies in encrypted backups will be overwritten in accordance with our backup rotation schedule, typically within 90 days
  • Australian tax records — we recommend you export your data before requesting deletion, as the ATO generally requires you to keep records for 5 years from the date you lodge your tax return

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information — you can view all your data within the App at any time
  • Export your data — the App provides built-in export functionality to download your records as PDF reports or CSV files
  • Correct inaccurate information — you can edit extracted receipt data directly within the App
  • Request deletion — you can request complete account and data deletion from within the App settings
  • Make a complaint — if you believe we have breached the APPs, you can lodge a complaint with us (see Contact Us below), and if unsatisfied with our response, with the Office of the Australian Information Commissioner (OAIC)

10. Data Breach Notification

In the event of an eligible data breach (as defined under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988), we will:

  • Promptly assess any suspected breach
  • Notify affected individuals and the OAIC as required by law
  • Take reasonable steps to contain the breach and mitigate any potential harm

11. Children’s Privacy & Age Requirements

Claimly is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you are under 13, you must not use the App or provide any personal information.

Users aged 13 to 17: If you are between 13 and 17 years of age, you may only use the App with the consent and supervision of a parent or legal guardian. Your parent or legal guardian must review and agree to these Terms and our Privacy Policy on your behalf before you use the App. By permitting a minor aged 13–17 to use the App, the parent or legal guardian agrees to be bound by these terms, assumes responsibility for the minor’s use of the App, and accepts full liability for any actions taken by the minor within the App, including the accuracy of any data entered or relied upon.

Parents and guardians are responsible for monitoring their child’s use of the App and ensuring that any financial or tax-related data processed through the App is reviewed and verified by an adult.

If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we may have inadvertently collected information from a child under 13, please contact us immediately at support@claimlyapp.com.

12. Third-Party Links

The App may contain links to third-party websites or services (for example, links to the ATO website). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

  • We will update the “Effective Date” at the top of this page
  • We will notify you through the App (via an in-app notification or prompt) or by email
  • Your continued use of the App after the effective date of the revised policy constitutes your acceptance of the changes

We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to make a complaint, or want to exercise any of your rights, please contact us at:

Email: support@claimlyapp.com

We will respond to all privacy-related enquiries within 30 days.