This Privacy Policy explains how Lumin Marketing Group ("PKTD™", "we", "us", or "our") handles information when you use PKTD™, our iOS receipt scanner, expense ledger, mileage tracker, and AI assistant.

PKTD™ is designed to be local-first. The app does not require a PKTD™ account. Most receipt, expense, budget, category, warranty, recurring-expense, business-label, and trip data is stored on your device using Apple's app storage technologies. Some optional features send limited data to service providers when you choose to use them.

This policy is intended for users in Canada and the United States. It is not legal, financial, accounting, investment, or tax advice.

Privacy Officer Contact
Email: privacy@pktd.ca
Lumin Marketing Group  ·  luminmarketinggroup.com

1. Age Requirement

PKTD™ is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 13 or from users under 18. If you believe a minor has provided information to us, contact privacy@pktd.ca and we will take appropriate steps to delete it.

2. Information PKTD™ Handles

2.1 Receipt and Expense Data

When you scan, import, edit, or save receipts, PKTD™ may store:

Receipt images are processed on device. PKTD™ strips image metadata such as GPS and camera metadata before saving the app's processed receipt image. The app stores downscaled JPEG receipt images and thumbnails locally. If you enable iCloud sync, receipt and ledger data may sync through your private Apple iCloud account.

2.2 AI Parsing and Ledger Chat

AI features are optional and require your consent. If AI parsing is enabled, PKTD™ sends extracted receipt text, selected locale hints, and any active custom category names through PKTD™'s server to OpenAI so the receipt can be converted into structured fields. Receipt images are not sent to OpenAI for AI parsing.

If you use Ledger chat, PKTD™ sends your chat message and recent chat context through PKTD™'s server to OpenAI. For spending questions, PKTD™ may also include app-generated spending context derived from your saved receipt data. For app-help questions, PKTD™ sends your help question without spending context.

PKTD™ does not use your receipt data or chat content to train our own AI models. OpenAI processes API requests under its API data controls. We use AI responses to provide the feature you requested, and we apply server-side validation and sanitization to reduce accidental card-data leakage and prompt-injection risks.

2.3 Device, Security, and Operational Data

When PKTD™ calls its server, the app sends:

PKTD™'s server stores operational counters such as daily scan/chat counts, aggregate OpenAI token usage, estimated API cost, referral code state, promo-code state, and rate-limit keys. These records are used to run the service, prevent abuse, debug reliability, and manage quotas. They are not used for advertising tracking.

2.4 Location and Mileage Data

Location is optional and controlled by iOS permission plus PKTD™'s in-app Location consent setting. If enabled, PKTD™ can use precise location for business mileage tracking, trip start/end points, route points, and reverse-geocoded trip endpoints. Active mileage trips may use background location so distance can be tracked while you drive.

Receipt address text can be saved and shown without Location. If receipt map/geocoding features are enabled separately, PKTD™ may send merchant address text to Apple's geocoding services to resolve map coordinates and tax-region hints.

2.5 Camera, Photos, PDF Import, Share Sheet, Microphone, and Speech

PKTD™ uses the camera when you scan receipts or use the standalone Scan to PDF tool. Documents scanned with Scan to PDF are temporary exports and are not added to your receipt library. You can also import receipt images from Photos or receipt PDFs from Files. Camera, Photos, and Files access are handled by iOS permissions and pickers.

You can also send receipt images or PDFs to PKTD™ from other apps using the iOS Share Sheet. Items shared this way are held in PKTD™'s private app-group storage on your device until you open PKTD™ and complete the import. Importing uses the same on-device steps, consent settings, and access requirements as a normal scan — including onboarding and, where required, an active subscription — so a shared item can stay in that staging area until those conditions are met. Items left unimported are automatically deleted after about seven days.

If you use voice dictation in Ledger, PKTD™ uses the microphone and Apple's speech-recognition services to turn your speech into text. Dictation is optional and only starts when you request it.

2.6 Purchases and Subscriptions

PKTD™ Pro subscriptions are handled through Apple's StoreKit and App Store purchase systems. We do not receive or store your full payment-card details. PKTD™ reads StoreKit entitlement information to determine whether Pro access, trial access, or tester access is active.

2.7 Communications, Support, and Website Forms

If you email us, report a bug, request privacy help, or submit a form on our website, we collect the information you choose to provide, such as your email address, message content, and any app/device details included in the request.

If you join a website waitlist or mailing list, your email address may be processed by email/CRM service providers used for that website workflow.

If you complete an optional website quiz such as the Receipt Stack Audit and choose to share your email address, we process your email address plus non-sensitive multiple-choice quiz selections, such as your result type, receipt-volume bucket, and feature interests. We use this information to personalize PKTD™ product updates and, if offered in that release, send follow-up content related to your on-page result. We do not collect receipt images, receipt contents, merchant names, card numbers, income, or tax documents through the website quiz.

Our website uses Vercel Web Analytics for cookieless, aggregate traffic and conversion measurement. It can include the page path, general referrer, approximate country, device type, operating system, and browser.

If you select “Allow analytics cookies” in the website's analytics preferences, the site also loads Google Analytics 4. Google Analytics can process page paths, a general referrer, standard campaign labels from allowlisted utm_* fields, approximate location derived from network information, device/browser information, and selected website events such as an App Store click, Ledger Brief start or completion, or confirmed newsletter signup. Google Analytics may set first-party analytics cookies after you consent. PKTD™ strips query strings and URL fragments from page locations and referrers before sending them to Google, rejects campaign values outside a limited safe character set, disables Google advertising signals, and does not send email addresses, form entries, quiz answers, receipt information, or other free-form content as analytics events.

3. How We Use Information

We use information to:

We do not sell your personal information. We do not share your personal information for cross-app or cross-website advertising tracking.

4. Consent and Controls

PKTD™ includes settings for AI receipt parsing, analytics, notifications, promo notifications, and location. You can change these choices in the app.

You can also use iOS Settings to manage camera, photo, microphone, speech recognition, location, notification, and Face ID permissions.

5. Service Providers

We use service providers only as needed to operate PKTD™ and related website workflows:

Service providers may process information in countries other than where you live, including Canada and the United States.

6. Storage and Retention

Receipt and ledger data stays on your device unless you enable iCloud sync, export/share files, contact support with details, or use optional server-backed features such as AI, referrals, promo codes, or deletion requests.

Local receipt and ledger data remains until you delete it, delete the app, reset all data, or iOS removes app data. If iCloud sync is enabled, copies may remain in your private iCloud account until deleted through the app, iCloud, or Apple account controls. Turning iCloud sync off stops future sync after app restart but does not automatically delete data already synced to iCloud.

PKTD™ server records for rate limits, operational analytics, referrals, promo codes, and security may be retained as long as needed to operate, secure, audit, and improve the service. Rate-limit keys are designed to expire automatically. Aggregate operational metrics may be retained longer because they do not contain receipt contents.

Support emails and privacy requests are retained as needed to respond, document the request, and meet legal obligations.

7. Export and Deletion

PKTD™ includes tools to export your receipt data and consent audit log, delete all receipts, or delete your PKTD™ account/device-linked data.

When you choose "Delete Account & Data", PKTD™ first sends an authenticated deletion request to DELETE /api/account using the current device identity. The server immediately removes device-linked rate-limit, referral, and promo-code records that it controls, then the app removes local SwiftData records, app preferences, consent records, and the local device identity. If the server deletion cannot be confirmed, PKTD™ shows an error and leaves local data in place so you can retry. Some information may remain where retention is required for security, fraud prevention, legal compliance, backups, aggregate operational metrics, or provider-controlled systems such as Apple iCloud.

8. Security

PKTD™ uses reasonable safeguards for the nature of the data it handles, including HTTPS with App Transport Security (system TLS validation, enforced by default), Firebase App Check for backend request integrity and abuse protection, local file protection for the app data store, card-data redaction before AI parsing, image metadata stripping, and consent-gated feature access.

No app, device, network, or storage system can be guaranteed completely secure. You are responsible for keeping your device, Apple account, exports, and shared files secure.

9. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain personal information, withdraw consent, object to certain processing, or appeal a privacy-rights decision.

You can exercise many controls directly in PKTD™ through export, deletion, and consent settings. You can also contact us at privacy@pktd.ca. We may need information sufficient to verify and process your request.

California residents may have rights under the CCPA/CPRA. For California purposes, PKTD™ does not sell or share personal information as those terms relate to cross-context behavioral advertising. Canadian residents may contact us about access, correction, consent withdrawal, and questions under PIPEDA or applicable provincial privacy laws.

10. Cookies and Tracking

The iOS app does not use cookies. PKTD™ does not use the iOS App Tracking Transparency framework because we do not track you across apps or websites owned by other companies.

Vercel Web Analytics does not use cookies and is used only for aggregate website measurement. Google Analytics is optional and uses a basic consent setup: the Google tag is blocked until you choose “Allow analytics cookies.” If allowed, Google may set first-party _ga analytics cookies. Advertising storage, advertising user data, ad personalization, Google Signals, and ad-personalization signals remain disabled.

Your analytics choice is stored in your browser so the site can remember it. You can reopen “Privacy choices” in the website footer at any time. If you withdraw permission, PKTD™ disables further Google Analytics events and removes Google Analytics cookies it can access; you can also clear site data in your browser. PKTD™ does not use advertising pixels or cross-site behavioural tracking. Website security, form, or mailing-list providers may use strictly functional storage or request metadata where needed to operate their service.

11. Changes to This Policy

We may update this Privacy Policy as PKTD™ changes. If changes are material, we will update the "Last Updated" date and provide notice where required, such as in the app, on the website, or through the App Store metadata.

12. Contact Us

If you have questions, concerns, accessibility requests, or privacy-rights requests, contact:

Lumin Marketing Group
Privacy Officer / Person Responsible for Personal Information
Email: privacy@pktd.ca
luminmarketinggroup.com

Canadian users may also contact the Office of the Privacy Commissioner of Canada or their provincial privacy commissioner. California residents may visit the California Attorney General's privacy resources for more information about CCPA/CPRA rights.

13. Promotional Messages (CASL)

If you turn on Promotional Notifications in PKTD™, we may send you occasional promotional push notifications such as feature announcements, tips, and product updates. In Canada, these are commercial electronic messages under Canada's Anti-Spam Legislation (CASL). They are sent by:

Lumin Marketing Group (PKTD™)
Suite 201, 10359 82 Avenue NW
Edmonton, Alberta T6E 1Z9, Canada
Email: privacy@pktd.ca  ·  luminmarketinggroup.com

How to unsubscribe: open PKTD™ and turn off Settings → Privacy & Data → Promotional Notifications, or turn off notifications for PKTD™ in iOS Settings. Opt-outs take effect immediately. Promotional messages are separate from operational reminders such as scan-limit notices, which follow your Notifications setting.