TriplTriplBack to home

Privacy Policy

Last updated: March 2, 2026

What We Collect

When you use Tripl, we collect and store the following data:

  • Account information: your email address and account creation date
  • Receipt files: images and PDFs you upload or email to us
  • Expense data: date of service, amount, category (e.g. Prescription, Therapy, Dental), and provider/merchant name extracted from receipts or entered manually
  • Reimbursement tracking: amounts redeemed, dates, and notes you add
  • Guide downloads: if you download a free guide, we collect your email address and optional first name to deliver the guide and send follow-up educational content

How We Use Your Data

Your data is used solely to provide the Tripl expense tracking service:

  • Storing and organizing your HSA expense records
  • AI-powered receipt parsing to automatically extract expense details (when enabled)
  • Generating exports and tax reports
  • Sending transactional emails (account confirmation, password resets)

We do not sell your data, use it for advertising, or share it with third parties beyond what is described below.

Third-Party Services

Tripl relies on the following third-party services to operate:

Anthropic (Claude AI)

When AI parsing is enabled, your receipt images, PDFs, or extracted text are sent to Anthropic's Claude API to extract expense details (date, amount, category, provider). You can disable this in Settings at any time. Per Anthropic's API terms, inputs sent via their API are not used to train their models.

Vercel

The Tripl web application is hosted on Vercel. Vercel processes incoming web requests and may log IP addresses and request metadata as part of standard infrastructure operations.

Supabase

Your account data, expense records, and receipt files are stored in Supabase (PostgreSQL database and object storage). Data is transmitted over TLS.

Cloudflare

If you email receipts to Tripl, inbound email is routed through Cloudflare Email Workers before being processed by our application.

Resend

If you download a free guide from Tripl, we use Resend to deliver the guide and send follow-up educational emails about HSA strategies. You can unsubscribe from these emails at any time using the link in each email.

AI Processing

By default, receipts you upload or email are sent to Anthropic's Claude AI to automatically extract expense information. This means your receipt content (which may include provider names, service types, and amounts) is processed by Anthropic's servers.

You can opt out of AI processing at any time in your account settings. When disabled, receipts are stored but you will need to enter expense details manually.

Data Storage & Security

  • Data is stored in Supabase-hosted PostgreSQL and object storage
  • All data is transmitted over TLS (encrypted in transit)
  • Receipt files are stored in a private storage bucket and accessed via time-limited signed URLs
  • Authentication is handled by Supabase Auth with email/password credentials

Your Rights

You have the following rights over your data:

  • Export: download all your expense data as CSV and all receipt files as a ZIP archive from Settings
  • Delete: permanently delete your account and all associated data (expenses, receipts, auth credentials) from Settings
  • Opt out of AI: disable AI receipt parsing so your documents are not sent to third-party AI services

Data Retention

Your data is retained for as long as your account exists. When you delete your account, all expense records, receipt files, and authentication credentials are permanently removed. Residual copies may exist temporarily in automated database backups managed by our infrastructure provider.

Cookies

Tripl uses a single authentication cookie to keep you logged in. This cookie is strictly necessary for the Service to function and does not track your activity. We do not use any non-essential cookies, and no cookie consent is required.

Geographic Scope

Tripl is intended for use by individuals in the United States. The Service is designed around U.S. Health Savings Accounts (HSAs) and is not directed at individuals in the European Union, European Economic Area, United Kingdom, or other jurisdictions outside the United States. By using the Service, you acknowledge that your data is processed and stored in the United States.

Analytics & Tracking

Tripl does not use third-party analytics, tracking scripts, or advertising pixels. We do not track your behavior across other websites.

Children's Privacy

Tripl is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. The “last updated” date at the top of this page reflects the most recent revision.

Contact

For questions about this privacy policy or your data, contact us at receipts@triplapp.com.