Mari Yangu

Privacy Policy

This page explains what data Mari Yangu stores, which third parties process it, and the controls you have over your account and workspace data.

Last updated: February 2026

What we collect

We collect the minimum account and expense data needed to authenticate you, process OCR, and keep your workspace usable across devices.

  • Account info: email address and name when you sign up via Clerk.
  • Expense images: photos you capture or upload, stored securely in private cloud storage.
  • Extracted data: merchant names, dates, amounts, and line items extracted via OCR.
  • Device token: a hashed identifier for anonymous or guest users.
  • IP hash: a one-way hash of your IP address for abuse prevention, not your raw IP.

How we store your data

Storage depends on the data type, but the same rule applies everywhere: keep it private and scoped to the right workspace.

  • Database: stored securely in a cloud database.
  • Images: stored in private cloud storage and exposed only through temporary secure links.
  • Local storage: cached in IndexedDB on your device for offline access.

Third-party services

A small set of providers supports authentication, OCR, email delivery, and hosting infrastructure.

  • Google Gemini Flash: processes expense images for OCR extraction. Images are sent to Google only for the API call and are not retained beyond that processing step.
  • Clerk: handles authentication. See Clerk's Privacy Policy.
  • Resend: sends transactional emails such as workspace invitations. See Resend's Privacy Policy.
  • Cloudflare: provides hosting, CDN, R2 storage, and Workers runtime services. See Cloudflare's Privacy Policy.

Data retention

Retention changes depending on account state and workspace policy settings.

  • Anonymous users: data is automatically deleted after 30 days with no expenses or 90 days with expenses.
  • Authenticated users: data stays until you delete it or close your account.
  • Workspace retention: admins can set a retention policy, such as 365 days, after which expenses are soft-deleted automatically.
  • Soft-deleted expenses: permanently removed after a 30-day grace period.

Your rights

Mari Yangu keeps data controls inside the product so you can manage your information without filing a support ticket first.

  • Export: download your data as JSON from Settings.
  • Delete: remove your account and its associated data from Settings.
  • Access: review your data in the app at any time.

Contact

For privacy questions or data requests, contact us at privacy@mutapa.dev.