Last updated: June 20, 2026.
This Privacy Policy explains how Duala Digital Inc. ("Receiptful", "we", "us") collects, uses, and shares information when you use the Receiptful website (receiptful.io), the console (console.receiptful.io), the API (api.receiptful.io), and the Receiptful Android app (together, the "Service").
By using the Service you agree to this Policy. If you do not agree, please do not use the Service.
Receiptful is a product of Duala Digital Inc., a corporation registered in the State of Delaware, USA. For privacy questions, contact us at [email protected].
For data you send us to print, you are the data controller and we act as your data processor. For your own account and billing data, we are the controller. See "Receipt content" below.
Account information. When you create an account we collect your email address and the organization and project names you choose. We sign you in with a one-time email link, so we do not store a password.
API keys. We issue project API keys so your backend can authenticate. We store only a hashed version of each key, never the key itself in plain text.
Printer and device data. When you register a printer and pair the Android app, we store the printer's configuration (such as its profile and a pairing code) and basic device-connection status (for example, heartbeat and last-seen time) needed to deliver print jobs.
Receipt content. When you send a print job, we receive the content you submit (HTML or raw ESC/POS) and hold it only long enough to deliver it to the paired device. Each job has a lifetime (ten minutes by default) and is removed when it is printed or when it expires. This content may include personal data about your end users (for example, names or order details). You decide what to send; see "Your responsibilities" in our Terms.
Usage and metering data. We record counts and timestamps of print jobs and their status, per printer and project, to operate the Service, enforce plan limits, and bill usage.
Payment information. Paid plans are billed through Stripe. Stripe collects and processes your card details directly; we do not see or store full card numbers. We retain billing metadata such as plan, invoices, and the last four digits of a card as provided by Stripe.
Technical and log data. Like most online services, we automatically collect IP addresses, request metadata, timestamps, and error logs to secure and operate the Service.
Cookies. The console uses cookies that are strictly necessary to keep you signed in. The marketing site uses minimal, essential cookies only.
Where required by law (for example, under the GDPR), our legal bases are the performance of our contract with you, our legitimate interests in operating and securing the Service, your consent where applicable, and compliance with legal obligations.
We do not sell your personal data. We share information only with service providers ("subprocessors") that help us run the Service, under agreements that require them to protect it:
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of Receiptful, our users, or the public. If we are involved in a merger or acquisition, information may be transferred as part of that transaction.
We protect the Service with measures including encryption in transit, hashed API keys, scoped per-project credentials, and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.
Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA) have specific rights. To exercise them, email [email protected]. You may also lodge a complaint with your local supervisory authority.
Because we process receipt content on your behalf, requests from your end users about that content should be directed to you as the controller; we will assist you as your processor.
The Service is intended for businesses and developers and is not directed to children under 16. We do not knowingly collect personal data from children.
We may update this Policy from time to time. We will post the updated version here and revise the "Last updated" date. Material changes will be communicated where appropriate.
Questions about privacy? Email [email protected].