Privacy Policy
Effective Date: February 16, 2026 | Last Updated: February 16, 2026
YKMV Group LLC ("we," "us," or "our") operates the Deduxe mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the App.
1. Information We Collect
1.1 Information You Provide Directly
- Account & Tax Profile: Employment type, filing status, and income range you enter during setup.
- Receipt & Document Data: Photos of receipts, invoices, and tax documents you scan or import. This includes vendor names, amounts, dates, and categories extracted via OCR processing.
- Mileage Data: Trip start/end locations, routes, distances, and trip purpose classifications you provide.
- Health Account Data: FSA, HSA, HRA, and DCFSA account names, balances, contribution limits, and medical expense records you enter.
- Manual Entries: Any information you manually input, including trip details, document fields, and notes.
1.2 Information Collected Automatically
- Location Data: When you enable mileage tracking, the App collects GPS coordinates in the background to record your trips. This data is processed on your device and stored locally. You can disable location tracking at any time through the App or your device settings.
- Device Information: Device model, operating system version, and unique device identifiers for crash reporting and analytics.
- Usage Analytics: App interaction events (screens viewed, features used, session duration) to improve the App experience. This data is collected in aggregate and is not used to personally identify you.
1.3 Information from Third-Party Services
- Cloud Storage Providers: If you connect Google Drive, Dropbox, or iCloud for backups, we receive an authentication token to access only the storage space needed for your Deduxe backups. We do not access any other files in your cloud storage accounts.
- Subscription Data: RevenueCat processes your subscription transactions. We receive subscription status (active, expired, trial) but do not receive or store your payment card information.
2. How We Process Your Data
2.1 On-Device Processing
The majority of your data is processed and stored locally on your device. This includes:
- OCR Processing: Receipt and document text extraction is primarily performed on-device using Google ML Kit. Your receipt images are processed locally and the extracted text is stored in your device's local database.
- Mileage Tracking: All GPS processing, Kalman filtering, trip detection, and route calculation occurs entirely on your device.
- Trip Classification ML: The machine learning model that learns your business vs. personal trip patterns runs entirely on your device. No trip classification data is sent to any server.
- Database: All your documents, trips, health accounts, and settings are stored in an on-device database (WatermelonDB/SQLite).
- Search Index: Full-text search indexing operates entirely on your device.
2.2 Cloud Processing (Limited)
In specific cases, data may be sent to third-party services for processing:
| Service | Data Sent | Purpose |
|---|---|---|
| Mindee API | Receipt/document images (only when on-device OCR confidence is low) | Enhanced text extraction for complex documents |
| Mapbox | GPS coordinate traces (after trip completion) | Road-snapping to improve mileage accuracy |
| Google Maps | GPS coordinates | Map display and reverse geocoding (converting coordinates to addresses) |
| RevenueCat | Anonymous user ID, subscription events | Subscription management and purchase validation |
| Expo | Device info, crash reports | App updates and crash reporting |
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain the App's core functionality (receipt scanning, mileage tracking, tax deduction calculations, health account management)
- Generate tax reports and exports at your request
- Improve the App through aggregated, anonymized usage analytics
- Send you tax deadline reminders and deduction tips (which you can disable)
- Process your subscription and manage your account
- Diagnose technical issues and fix bugs
4. What We Do NOT Do
- We do not sell your personal information to third parties.
- We do not use your data for third-party advertising.
- We do not share your receipt, mileage, health, or financial data with any third party except as described in Section 2.2 above for core App functionality.
- We do not train AI or machine learning models on your personal data outside of the on-device trip classification model that benefits only you.
- We do not access your cloud storage accounts beyond the specific backup folder used by Deduxe.
5. Data Storage and Security
5.1 Local Storage
Your data is stored in an encrypted local database on your device. Authentication tokens for cloud services are stored using the platform's secure storage (iOS Keychain / Android Keystore via expo-secure-store), which provides hardware-backed encryption.
5.2 Cloud Backups
If you enable cloud backup, your data is uploaded to your own cloud storage account (Google Drive, Dropbox, or iCloud). We do not operate our own cloud servers for storing your data. Your backups reside in storage accounts you own and control.
5.3 Security Measures
- OAuth 2.0 with PKCE for all third-party authentication
- Encrypted token storage (expo-secure-store)
- No plaintext storage of credentials or tokens
- HTTPS for all network communications
- On-device processing by default to minimize data transmission
6. Data Retention and Deletion
- Your Data, Your Control: All data stored on your device remains there until you delete it through the App or uninstall the App.
- Cloud Backups: Deleting data in the App does not automatically delete cloud backups. You can delete cloud backups through your cloud storage provider.
- Account Deletion: You can delete all App data by using the in-app data management features or by uninstalling the App. Since we do not maintain server-side accounts, uninstalling removes all locally stored data.
- Analytics Data: Aggregated, anonymized analytics data may be retained for up to 24 months for product improvement purposes.
7. Your Rights
7.1 All Users
You have the right to:
- Access: View all data the App has stored about you (available through the App's Library and Settings).
- Delete: Remove any or all of your data from the App.
- Export: Export your data in standard formats (CSV, ZIP) at any time.
- Opt Out: Disable location tracking, analytics, and notifications through the App or device settings.
- Disconnect: Revoke cloud storage access at any time through the App's settings.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information.
- Right to Opt-Out of Sale: We do not sell personal information. No action is needed.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at venugopal.cheedu@gmail.com.
7.3 European Economic Area Residents (GDPR)
If you are in the EEA, our legal basis for processing your data is:
- Contract Performance: Processing necessary to provide the App's services you requested.
- Legitimate Interest: Aggregated analytics to improve the App.
- Consent: Location tracking (which you explicitly enable) and cloud storage connections.
You have the right to access, rectify, erase, restrict processing, data portability, and to withdraw consent at any time. To exercise these rights, contact us at venugopal.cheedu@gmail.com.
8. Children's Privacy
The App is not directed at individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at venugopal.cheedu@gmail.com.
9. Third-Party Links and Services
The App may contain links to third-party websites or services (such as the App Store, Google Play, or cloud storage providers). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the App and updating the "Last Updated" date above. Your continued use of the App after such changes constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions about this Privacy Policy, your data, or your privacy rights, please contact us:
- YKMV Group LLC
- Email: venugopal.cheedu@gmail.com