Privacy Policy

Last Updated: May 7, 2026

1. Introduction

Winnow Finance ("we," "us") respects your privacy. This policy explains how we collect, use, and protect your data.

2. Information We Collect

  • Account Data: Email address, username, and password hash.
  • Financial Data: Receipt images and extracted transaction data such as merchants, items, and prices. Winnow does not require you to connect bank accounts to use receipt tracking.
  • Usage Data: Logs about how you access the service, such as IP address and browser type.

3. How We Use Your Data

  • To provide receipt scanning, categorization, and account features.
  • To provide receipt search, filtering, categorization, matching, and item-level organization features.
  • To generate reports, insights, and budgeting views inside Winnow.
  • To improve service quality, reliability, and receipt-processing accuracy.

We do not sell your personal data to advertisers or data brokers.

4. Receipt Search and AI Processing

Winnow may create search indexes from receipt data so you can find receipts, merchants, items, categories, and tags. Merchant search is designed to use privacy-preserving blind indexes rather than plaintext merchant search mirrors.

We do not store raw receipt search queries in logs, analytics, Redis keys or values, database records, traces, or browser storage. We may store privacy-safe hashes and operational metadata, such as query length, latency, and result counts, for security, debugging, and reliability.

If AI-assisted search intent parsing is enabled, Winnow sends only your search text and a compact list of supported categories and tags to the AI provider. We do not send receipt contents, merchant lists, line items, profile data, account names, group names, or prior searches for this purpose.

5. Sharing and Visibility

Receipts may be visible to other authorized users when you use shared accounts, groups, or split features. Authorized account members, group members, and split participants may be able to view receipt metadata, line items, and signed receipt images according to app permissions.

6. Data Sub-Processors

To operate Winnow, we share data with infrastructure providers that help deliver the service:

  • Microsoft Azure (USA): Used for receipt OCR and document processing.
  • OpenAI (USA): Used for receipt parsing and categorization support.
  • Railway (USA): Used for application hosting and database infrastructure.
  • Cloudflare R2 (Global): Used for secure storage of receipt images.

7. Data Retention

  • We retain your receipt images and data for as long as your account is active, unless you delete them sooner.
  • You may request deletion of your account and associated data through Settings.
  • Deleted data may persist in secure backups for up to 30 days before aging out.

8. Security

We use SSL/TLS for data in transit and encrypt sensitive fields in storage. Winnow relies on server-side processing for receipt OCR, syncing, and shared views. Public guest receipt links are read-only and time-limited.

9. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children.

10. Contact Us

For privacy questions, please contact [email protected].

Winnow

Receipt-first expense tracking, simple splits, and item-level clarity without bank linking.

Disclaimer: Winnow Finance is a technology provider, not a financial institution. We do not provide financial, tax, or legal advice. All data and visualizations are estimates based on AI analysis and should be verified against actual bank statements before use in tax filings.

© 2026 Winnow. All rights reserved.