Legal

Privacy Policy

Last updated: May 26, 2026

In short

Ternpike is a small expense-tracking app built for road trips. This policy describes what we collect, where it lives, and what we do with it. It applies to ternpike.com, app.ternpike.com, and the Ternpike apps.

Summary

  • We collect the minimum needed to run the service: your email and the trip data you log.
  • Your trip data syncs across your own devices via a per-user database. We don't read it, sell it, or share it.
  • Receipt-scanning happens through your own AI provider key (free tier) or through ours, proxied (paid tier). Either way, receipts are not retained on a server we operate after the scan completes.
  • API keys you provide for AI providers (Anthropic, OpenAI, Gemini) are stored only on your device. They never leave it.
  • Analytics is Cloudflare Web Analytics — no cookies, no third-party trackers, no fingerprinting.

What we collect

Account info. Your email address, used to sign you in via emailed one-time codes. We store the email and a hash of each code with a 10-minute expiry. We do not store passwords.

Trip data you create. Expenses (amount, category, merchant, notes), trips (name, dates), receipt images, and GPS coordinates when you choose to log them. This is your data — see Where it lives below.

Billing info, if you subscribe. Your subscription tier (Tern, Osprey, or Trailblazer) and a Stripe customer ID. Card details go to Stripe — we never see or store them.

Technical data. Standard request logs at our hosting provider (Cloudflare): IP address, user agent, request time, response code. We do not combine these logs with your account.

Analytics. Aggregate page views via Cloudflare Web Analytics. No cookies, no cross-site identifiers. We can see ‘X pageviews on /pricing yesterday’ — not ‘user Y visited /pricing.’

Where it lives

Your trip data lives in two places by design:

  1. On your device, in an offline-first local database so the app works without signal.
  2. On a per-user database we operate (CouchDB, on Cloudflare infrastructure), so it syncs to your other devices.

Your per-user database is yours alone. Other Ternpike users cannot read it. We can technically read it as the database administrator — and we do for diagnostics if you ask us to, or to comply with the law — but routine operation does not involve us looking at your trip data.

API keys you bring (Anthropic, OpenAI, Gemini) are stored exclusively in your browser's local storage. They are never sent to our servers and never sync between devices.

Receipt scans:

  • Tern (free): receipt images go from your browser directly to your AI provider using your key. Ternpike's servers are not in the request path.
  • Osprey / Trailblazer (paid): receipt images are proxied through api.ternpike.com/scan to Anthropic. We do not retain the image after the request returns; the extracted OCR result is stored as part of the expense in your database.

Who we share data with

Third parties that process data on our behalf:

  • Cloudflare — hosting, storage, analytics.
  • Resend — sends your login-code emails.
  • Anthropic — processes receipt images for paid-tier OCR. See Anthropic's privacy policy for their terms.
  • Stripe — processes payments if you subscribe.

We do not sell your data. We do not run ad networks. We do not use your data to train AI models.

We may disclose data if compelled by valid legal process. If that happens, we will notify you unless legally prohibited from doing so.

How long we keep it

  • Account and trip data: kept while your account is active. If you delete your account, we delete the data within 30 days.
  • Login codes: 10-minute TTL, automatically expired.
  • Server logs: roughly 30 days at Cloudflare, per their defaults.
  • Receipt images sent to Anthropic for paid OCR: not retained by us after the call returns; in-flight handling is subject to Anthropic's retention policy.

Your rights

You can:

  • Access your data — it's already on your device, and you can export to CSV from the Ledger.
  • Correct anything you logged — edit it in the app.
  • Delete your account and data — email us and we will do it within 30 days.
  • Withdraw consent — log out and uninstall.

If you're in the EU, UK, California, or any other jurisdiction that grants additional data rights, those rights apply. Reach us at the contact address below.

Children

Ternpike is not directed at children under 13. We do not knowingly collect data from anyone under 13. If we learn we have, we will delete it.

Changes

If we change this policy, we will update the ‘Last updated’ date at the top. Material changes (new third parties, new categories of data) will be announced via email to active accounts.

Contact