CabSnap Privacy Policy
Last Updated: January 22, 2026 | Effective Date: January 22, 2026
1. Introduction
CabSnap ("we," "our," or "us") operates the CabSnap mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
We are committed to protecting your privacy. This policy complies with applicable privacy laws including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other applicable state and federal regulations.
By using CabSnap, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Purpose | Required |
|---|---|---|
| Email Address | Account creation, authentication, communications | Yes |
| Password | Account security (stored as encrypted hash only) | Yes, if using email/password auth |
| Name | Account identification (optional) | No |
| Receipt Images | Core app functionality - receipt storage and OCR processing | Yes, for app use |
| Receipt Data | Vendor name, date, amount, gallons, fuel type, city, state | Yes, for IFTA tracking |
2.2 Information Collected Automatically
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Device Information | App functionality, troubleshooting | Legitimate interest |
| Operating System & Version | Compatibility, bug fixes | Legitimate interest |
| App Usage Analytics | Improving app performance | Legitimate interest |
| Crash Reports | Bug identification and fixes | Legitimate interest |
| IP Address | Security, fraud prevention | Legitimate interest |
2.3 Information We Do NOT Collect
We want to be clear about what we do NOT collect:
- GPS/Location data (we do not track your location)
- Contacts or address book
- Call logs or SMS messages
- Browsing history
- Data from other apps
- Biometric data (Face ID/fingerprint authentication is processed entirely on your device by Apple/Google - we never receive this data)
- Financial account numbers, bank details, or payment card numbers
- Social Security Numbers or Tax ID numbers
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Core App Functionality
- Processing receipt images using Optical Character Recognition (OCR)
- Storing and organizing your receipt data
- Generating IFTA-compliant export reports
- Synchronizing data between your device and cloud storage
3.2 Account Management
- Creating and managing your account
- Authenticating your identity
- Sending password reset and account verification emails
3.3 App Improvement
- Analyzing app performance and crash reports
- Identifying and fixing bugs
- Improving user experience
3.4 Communications
- Responding to your support requests
- Sending important service announcements (e.g., security alerts, policy changes)
- Sending product updates (you may opt out at any time)
We do NOT use your information for:
- Selling to third parties
- Advertising or ad targeting
- Profiling for purposes unrelated to the App
- Automated decision-making that produces legal effects
4. Third-Party Services
We use the following third-party services to operate CabSnap. Each service only receives the minimum data necessary for its function:
4.1 Supabase (Database & Authentication)
- Purpose: User authentication, cloud data storage, receipt image storage
- Data Shared: Email, encrypted password hash, receipt data, receipt images
- Location: United States
- Privacy Policy: https://supabase.com/privacy
4.2 Google Cloud (Gemini AI - OCR Processing)
- Purpose: Extracting text from receipt images
- Data Shared: Receipt images only (temporarily, for processing)
- Retention: Images are processed and immediately discarded; not used for AI training
- Location: United States
- Privacy Policy: https://policies.google.com/privacy
4.3 OpenAI (GPT-4o - Backup OCR Processing)
- Purpose: Backup OCR when primary service is unavailable
- Data Shared: Receipt images only (temporarily, for processing)
- Retention: Images are processed via API and not retained or used for training
- Location: United States
- Privacy Policy: https://openai.com/privacy
4.4 Expo / React Native
- Purpose: App framework, over-the-air updates, crash reporting
- Data Shared: Device type, OS version, crash logs (no personal data)
- Privacy Policy: https://expo.dev/privacy
Important: We have configured our third-party AI providers (Google Gemini, OpenAI) to NOT use your data for model training. Your receipt images are processed via API and discarded immediately after processing.
5. Data Storage and Security
5.1 Where Your Data Is Stored
| Data Type | Storage Location | Encryption |
|---|---|---|
| Account Data | Supabase (US servers) | Encrypted at rest (AES-256) |
| Receipt Images | Supabase Storage (US servers) | Encrypted at rest |
| Receipt Metadata | Supabase PostgreSQL (US servers) | Encrypted at rest |
| Local Data | Your device (SQLite) | Device-level encryption |
5.2 Security Measures
We implement industry-standard security measures including:
- Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2 or higher (HTTPS)
- Encryption at Rest: All stored data is encrypted using AES-256 encryption
- Authentication: Secure token-based authentication (JWT) with automatic expiration
- Access Controls: Role-based access controls limit employee access to user data
- Secure Infrastructure: Our cloud provider (Supabase) maintains SOC 2 Type II compliance
5.3 Local Device Security
- Data stored on your device uses SQLite with device-level encryption
- Biometric authentication (Face ID/Touch ID) is processed entirely by your device's secure enclave - we never receive biometric data
- If you enable biometric lock, the app requires authentication to access
6. Data Retention
6.1 Active Account Data
While your account is active, we retain:
- Account information (email, name) - indefinitely while account exists
- Receipt data and images - indefinitely while account exists (required for IFTA compliance; we recommend you retain records for 4+ years per IFTA requirements)
6.2 Deleted Data
When you delete data:
- Deleted Receipts: Moved to trash, permanently deleted after 90 days
- Immediate Deletion: You can permanently delete receipts immediately from the trash
- Account Deletion: Upon account deletion request, all data is permanently deleted within 30 days
6.3 Backup Retention
Encrypted backups may be retained for up to 90 days for disaster recovery purposes. After this period, backups are automatically purged.
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Email admin@getcabsnap.com |
| Correction | Correct inaccurate personal data | Edit in app or email us |
| Deletion | Request deletion of your personal data | Delete account in Settings or email us |
| Export | Export your data in a portable format | Use IFTA Export feature or email us |
| Withdraw Consent | Withdraw consent for optional processing | Email admin@getcabsnap.com |
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we collect
- Right to Delete: You may request deletion of your personal information
- Right to Opt-Out of Sale: We do NOT sell your personal information. There is no need to opt out.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: You may request correction of inaccurate personal information
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by CPRA
To exercise your California privacy rights: Email admin@getcabsnap.com with subject line "California Privacy Request"
We will respond to verifiable requests within 45 days.
7.3 Virginia, Colorado, Connecticut, and Other State Residents
If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you have similar rights to access, correct, delete, and port your data. You also have the right to opt out of:
- Sale of personal data (we do not sell data)
- Targeted advertising (we do not engage in targeted advertising)
- Profiling (we do not profile users)
To exercise your rights: Email admin@getcabsnap.com
7.4 International Users
If you are located outside the United States, please be aware that your data is transferred to and processed in the United States. By using CabSnap, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.
8. Children's Privacy
CabSnap is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at admin@getcabsnap.com and we will promptly delete such information.
9. Do Not Track Signals
CabSnap does not track users across third-party websites or services, so we do not respond to Do Not Track (DNT) signals. We do not engage in cross-site tracking.
10. Third-Party Links
The App may contain links to third-party websites (such as app store pages). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email and/or prominent notice in the App
- Continued use of the App after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
12. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users via email within 72 hours of discovering the breach
- Notify relevant regulatory authorities as required by law
- Provide information about what data was affected and steps you can take
- Take immediate action to secure our systems and prevent further unauthorized access
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: admin@getcabsnap.com
Subject Lines for Specific Requests:
- Privacy Question: "Privacy Policy Question"
- Data Access Request: "Data Access Request"
- Data Deletion Request: "Delete My Data"
- California Privacy Request: "California Privacy Request"
- General Support: "Support Request"
We aim to respond to all privacy-related inquiries within 7 business days, and to formal data requests within 30-45 days as required by applicable law.
14. Consent
By creating an account and using CabSnap, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.
CabSnap
Built for Truckers. Your Data, Your Control.
This Privacy Policy is effective as of January 22, 2026.