Receiptful

Receiptful

Receiptful

Receiptful

Privacy Policy

Last updated: June 20, 2026.

This Privacy Policy explains how Duala Digital Inc. ("Receiptful", "we", "us") collects, uses, and shares information when you use the Receiptful website (receiptful.io), the console (console.receiptful.io), the API (api.receiptful.io), and the Receiptful Android app (together, the "Service").

By using the Service you agree to this Policy. If you do not agree, please do not use the Service.

1. Who we are

Receiptful is a product of Duala Digital Inc., a corporation registered in the State of Delaware, USA. For privacy questions, contact us at [email protected].

For data you send us to print, you are the data controller and we act as your data processor. For your own account and billing data, we are the controller. See "Receipt content" below.

2. Information we collect

Account information. When you create an account we collect your email address and the organization and project names you choose. We sign you in with a one-time email link, so we do not store a password.

API keys. We issue project API keys so your backend can authenticate. We store only a hashed version of each key, never the key itself in plain text.

Printer and device data. When you register a printer and pair the Android app, we store the printer's configuration (such as its profile and a pairing code) and basic device-connection status (for example, heartbeat and last-seen time) needed to deliver print jobs.

Receipt content. When you send a print job, we receive the content you submit (HTML or raw ESC/POS) and hold it only long enough to deliver it to the paired device. Each job has a lifetime (ten minutes by default) and is removed when it is printed or when it expires. This content may include personal data about your end users (for example, names or order details). You decide what to send; see "Your responsibilities" in our Terms.

Usage and metering data. We record counts and timestamps of print jobs and their status, per printer and project, to operate the Service, enforce plan limits, and bill usage.

Payment information. Paid plans are billed through Stripe. Stripe collects and processes your card details directly; we do not see or store full card numbers. We retain billing metadata such as plan, invoices, and the last four digits of a card as provided by Stripe.

Technical and log data. Like most online services, we automatically collect IP addresses, request metadata, timestamps, and error logs to secure and operate the Service.

Cookies. The console uses cookies that are strictly necessary to keep you signed in. The marketing site uses minimal, essential cookies only.

3. How we use information

  • To provide, operate, and maintain the Service, including rendering and delivering print jobs.
  • To authenticate you and protect accounts and API keys.
  • To meter usage and bill paid plans through Stripe.
  • To provide support and respond to your requests.
  • To monitor, debug, secure, and improve the Service.
  • To comply with legal obligations and enforce our Terms.

Where required by law (for example, under the GDPR), our legal bases are the performance of our contract with you, our legitimate interests in operating and securing the Service, your consent where applicable, and compliance with legal obligations.

4. How we share information

We do not sell your personal data. We share information only with service providers ("subprocessors") that help us run the Service, under agreements that require them to protect it:

  • Stripe — payment processing and billing.
  • Pushy.io — delivery of push notifications that wake your paired device.
  • Our cloud hosting and database provider — hosting and storage of Service data.
  • Our email delivery provider — sending magic-link sign-in and account emails.

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of Receiptful, our users, or the public. If we are involved in a merger or acquisition, information may be transferred as part of that transaction.

5. Data retention

  • Receipt content is transient: it is deleted once a job is printed or expires (ten minutes by default).
  • Account, printer, project, and usage data is retained while your account is active and for a reasonable period afterward to meet legal, tax, and accounting obligations.
  • Logs are retained for a limited period for security and debugging.

6. Security

We protect the Service with measures including encryption in transit, hashed API keys, scoped per-project credentials, and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

7. International transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA) have specific rights. To exercise them, email [email protected]. You may also lodge a complaint with your local supervisory authority.

Because we process receipt content on your behalf, requests from your end users about that content should be directed to you as the controller; we will assist you as your processor.

9. Children

The Service is intended for businesses and developers and is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here and revise the "Last updated" date. Material changes will be communicated where appropriate.

11. Contact

Questions about privacy? Email [email protected].