Last updated: 19 May 2026
This Privacy Policy describes how ExpireAI ("we", "us", or "our") collects, uses, stores, and shares your personal information when you use our mobile application and backend services (collectively, the "Service"). Please read it carefully.
If you do not agree with this policy, do not use the Service.
1. Who we are
ExpireAI is a personal expiration-tracking application. The Service is operated by the ExpireAI team. For privacy questions or requests, contact us at:
- Privacy email: [email protected]
- General support email: [email protected]
2. Data we collect
We collect only the data needed to operate the Service.
2.1 Data you provide
- Account information: Email address, display name, and optionally a profile photo when signing up.
- Authentication credentials: Managed securely by Firebase Authentication; we never see or store your password.
- Uploaded files: Photos, screenshots, and PDFs of documents you choose to upload (e.g., bills, subscription emails, passports, insurance certificates, warranty cards).
- Manual edits: Corrections you make to AI-extracted fields (titles, providers, amounts, dates).
- Push notification tokens: FCM tokens for sending reminders to your device.
2.2 Data derived from your uploads
When you upload a file, our AI layer analyzes the contents and extracts:
- Document type / category.
- Provider or merchant name.
- Important dates (renewal, due, expiry, return-by).
- Monetary amounts and currency, when visible.
- A short human-readable summary and suggested actions.
Extracted text and metadata are stored securely alongside your account in our database.
2.3 Data we do NOT collect
- We do not track your physical location.
- We do not read your contacts, calendar, or other apps on your device.
- We do not sell your data to anyone.
- We do not use your uploaded files or extracted content to train any AI models.
3. Where we store your data
| Data | Storage location | Encryption |
|---|---|---|
| Uploaded files (images / PDFs) | Cloudflare R2 | TLS in transit + AES-256 at rest |
| Extracted text & account records | PostgreSQL (Railway / Google Cloud) | TLS in transit + AES-256 at rest |
| Authentication identity | Firebase Authentication (Google LLC) | Google-managed encryption |
| Push tokens | PostgreSQL alongside your account record | TLS + AES-256 |
4. How we use AI to read your files
To turn your uploads into reminders, we send the file's contents to the Google Gemini API (Gemini 2.5 Flash) for analysis:
- We send the raw file bytes plus a prompt asking the model to extract dates, amounts, and document type.
- We use Google's paid Gemini API tier, under which Google does not use your data to train models (per Google's Gemini API Terms of Service).
- Each request is transmitted securely over TLS.
5. Sharing with third parties
We share data only with sub-processors that help us operate the Service:
- Google LLC (Gemini API): For AI extraction from your uploads.
- Google LLC (Firebase Auth & Messaging): For identity verification and delivering push notification alerts to your phone.
- Cloudflare, Inc. (R2 Storage): For storing encrypted files.
We do not share your data with advertisers or data brokers.
6. Your rights
You have the following rights with respect to your personal data:
- Access: View all data we hold about you directly in the app.
- Export: Download a JSON archive of your account, items, and reminders.
- Correction: Edit any extracted item details directly in-app.
- Deletion: Delete individual items or your entire account at any time. Account deletion is permanent and removes all files and database records within 30 days.
7. How long we keep your data
- Active accounts: We keep your data for as long as your account is open.
- Deleted accounts: All files and database records are deleted within 30 days of your deletion request.