Receipts Privacy Notice

This Privacy Notice explains how Toolandmore handles personal information for Receipts, including the customer receipt portal, merchant portal, Square connection flow, receipt delivery, support requests, and related pages at toolandmore.com/receipts.

1. What Receipts does

Receipts lets a merchant connected through Square send a digital receipt to a customer account using the customer's member code. Customers can then view receipt history in their Receipts account.

2. Information we collect

Customer account information

• Name, optional email address, phone number where phone sign-in is used, Firebase user ID, authentication provider, and account timestamps.
• Customer member code used by merchants to send receipts to the correct account.

Merchant account information

• Merchant name, merchant email, Firebase user ID, Square merchant ID, connected Square locations, and Square OAuth connection status.
• Encrypted Square OAuth token material needed to read Square payments and orders that the merchant has authorized.

Receipt and transaction information

• Receipt number, payment ID, order ID, shop/location name, POS/device name where available, date/time, amount, currency, line items, taxes, tips, discounts, service charges, payment status, and Square receipt URL where Square provides one.
• Customer code used to send the receipt and delivery status such as waiting, dismissed, or sent.

Operational and security information

• Basic logs, request metadata, webhook event IDs, error messages, timestamps, and security signals needed to operate, secure, debug, and prevent abuse of the service.

3. Information we do not need

• We do not ask customers for full payment card numbers.
• We do not intentionally store full card numbers, CVV codes, or magnetic stripe/chip data.
• We do not sell customer receipt history.
• We do not use customer receipt history for third-party advertising profiles.

4. How we use information

• Create and maintain customer and merchant accounts.
• Connect merchant Square accounts through OAuth with the permissions approved by the merchant.
• Receive Square webhook events and display completed sales to the merchant.
• Send a receipt to a customer account when a merchant enters the customer's member code.
• Let customers view, search, and retrieve their receipt history.
• Prevent fraud, abuse, duplicate webhook processing, unauthorized access, and account misuse.
• Provide support, handle privacy requests, troubleshoot issues, and comply with legal obligations.

5. Square connection and merchant authorization

Merchants connect their own Square seller account to Receipts through Square's OAuth authorization flow. The merchant reviews and approves the permissions requested by Receipts. We use those permissions only to provide receipt capture and delivery features for that merchant.

6. Legal bases and consent

Where privacy law requires a legal basis, we process information to provide the service requested by customers and merchants, to meet legitimate business and security interests, to comply with law, and where required, based on consent. Customers should only provide a member code to a merchant when they want that receipt sent to their account.

7. Sharing and service providers

We use trusted providers to operate Receipts. These may include:

• Square for merchant OAuth, payment/order APIs, and webhooks.
• Google Firebase and Google Cloud for authentication, hosting, backend functions, database, and secrets.
• Email or support tools if you contact us for help.
• Authorities, regulators, courts, or law enforcement if required by law.

8. Retention

• Customer accounts are kept while active and for a reasonable period after closure where needed for security, legal, accounting, or dispute purposes.
• Receipt records are kept so customers can retrieve receipts later, unless deletion is requested and we are not legally required or permitted to keep them.
• Merchant Square connection records are kept while the merchant account is connected and for a reasonable period after disconnecting for audit, security, or support needs.
• Webhook and operational logs are kept as needed for security, debugging, duplicate prevention, and legal compliance.

9. Security

We use technical and organizational safeguards appropriate to the sensitivity of the information, including Firebase authentication, server-side receipt writes, encrypted Square token storage, webhook signature verification, access controls, and limited collection of payment details. No online service can guarantee absolute security.

10. Your choices and rights

• Customers can choose not to provide a member code and can ask the merchant for another receipt option.
• Customers can request access, correction, deletion, or export of their personal information where applicable.
• Merchants can disconnect Square authorization through Square or by contacting us.
• Privacy requests may require identity verification and may be limited by legal, security, accounting, or fraud-prevention requirements.

11. International processing

Receipts may process and store information in Canada, the United States, and other countries where our providers operate. By using Receipts, you understand that service providers may process information outside your country or province.

12. Children

Receipts is not intended for children under 13. We do not knowingly create accounts for children under 13.

13. Changes

We may update this Privacy Notice as Receipts changes. We will post the updated version with a new date. Material changes may be communicated in-product or by another reasonable method.

14. Contact

Privacy and support requests: support@toolandmore.com