Effective Date: June 9, 2026
KoTab ("we," "us," or "our") is operated by Joseph Horvitz. This Privacy Policy explains how we collect, use, and protect your information when you use the KoTab mobile application ("App").
By using KoTab, you agree to the practices described in this policy.
Account Information: When you create an account, we collect your name, email address, and optionally a username. If you sign in with Google or Apple, we receive your name and email from those providers. If you use Apple's "Hide My Email" feature when signing in with Apple, Apple provides us with a private relay address instead of your actual email. We do not see or store your real email in that case, and any messages we send are routed through Apple's relay.
Payment App Identifiers: If you choose to link your Venmo and/or Cash App account, we store your Venmo username and/or Cash App cashtag to generate payment request links. We do not access your Venmo or Cash App accounts, balances, or transaction histories.
Receipt Images: When you scan a receipt, the image is uploaded to our servers and sent to a third-party AI service (OpenAI) to extract item names and prices. Receipt images are stored in our cloud storage to allow you to view them within your tabs.
Tab and Payment Data: We store information about tabs you create or join, including item names, prices, who claimed which items, and payment status.
Friends and Groups: We store your friend list, friend groups, and blocked users to enable social features within the App.
Camera and Photo Access: With your permission, we access your device camera to scan receipts and QR codes, and your photo library to select receipt images. These images are only used for the purposes described above.
Device Information: If you enable push notifications, we collect a device token to send you notifications about friend requests, tab invitations, and payment updates. Device tokens are removed when you delete your account, and tokens that become invalid (for example, after reinstalling the App) are automatically cleared.
Usage Data: We use Google Analytics for Firebase to collect anonymous usage data, including which screens you visit, features you use (such as receipt scanning, tab creation, item claiming, and payment flows), and session duration. This data helps us understand how the App is used and identify areas for improvement. We do not collect advertising identifiers (IDFA/GAID), and this data is not used for advertising or shared with advertisers.
Crash Reporting: We use Firebase Crashlytics to automatically collect crash reports when the App unexpectedly closes. These reports include device model, operating system version, app version, and a stack trace showing where the crash occurred. Crash reports are associated with your account identifier so we can investigate user-reported issues. This data helps us identify and fix bugs.
Local Storage: We store certain preferences (such as whether you've seen onboarding tips) locally on your device. This data never leaves your device and is not transmitted to our servers.
We do not sell your personal information. We share information only in the following limited ways:
KoTab uses the following third-party services:
OpenAI processes receipt images on our behalf solely to extract item details, prices, tax, and tip. Per OpenAI's API data usage policy, your receipt images are not used to train OpenAI's models and are retained only briefly for abuse monitoring before deletion.
When you tap a Venmo or Cash App payment link generated by KoTab, you are redirected to the corresponding app. Venmo's and Cash App's own privacy policies govern any data shared with or collected by them.
We retain your account data for as long as your account is active. Tab data is retained to provide a shared record for all participants.
When you delete your account, we immediately delete your profile, username, friend lists, groups, blocked users, and notifications. We also immediately delete any tabs you hosted, including their receipt images.
For tabs you participated in but did not host, your user identifier is removed from participant lists, claimed items, and payment records — your data is scrubbed from those tabs even though the tabs themselves remain available to other participants.
All receipt images stored in our cloud storage are automatically deleted after 2 years, regardless of account status.
We use industry-standard security measures provided by Google Firebase to protect your data, including encrypted connections (HTTPS/TLS) and secure authentication. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
You can:
Depending on your state of residence, you may have additional rights under applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), Texas Data Privacy and Security Act (TDPSA), and similar laws. These rights may include the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of certain processing. To exercise any of these rights, contact us at contact@kotab.app.
KoTab is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a user under 18, we will delete that account and its associated data.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or by other means. Your continued use of KoTab after changes are posted constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, contact us at: