Privacy and Security

Overview

Sensibill takes the security of yours and your customers data seriously. In order to provide our service through our SDK we may need to store tokens and other information.

Identity Information

User Identifier

A unique identifier is used by SDK to identify each user uniquely and isolate their information on device.

  • Android: stored in Encrypted SharedPreferences, and in the encrypted SQLLite Database.
  • iOS: stored in iOS Keychain and as a folder/file name in the app’s sandbox

Access and Refresh Tokens

Access and refresh tokens used when communicating with the Sensibill API server, and are provided to the SDK via the TokenProvider. Saving this information is necessary to speed up the startup process.

  • Android: stored in Encrypted SharedPreferences.
  • iOS: stored in iOS Keychain

Passwords

User’s passwords are never stored.

User Data

Most of the user data is only stored in the memory. The exceptions are listed below.

Receipt Images and Metadata

These are the images of receipts taken through the device camera. There are 2 reasons for storing them on device:

  • In order to handle uploads at a later time if the network is not available, some information is temporarily stored until the upload requests can be completed.

  • Receipts can also be cached locally on device to reduce network utilization.

Both Android and iOS store receipt images on an encrypted file system:

  • Android: Local encrypted SQLLite database is used to store information before uploading receipts to the Sensibill API service. Cached receipt images are stored under the /SensibillImages/ folder, while the detailed data extracted from a receipt by the Sensibill API service is stored in the /SensibillReceipts/ folder.

  • iOS: Receipts and receipt metadata is stored in Documents folder of the app’s sandbox using FileManager ) with the completeFileProtection . The successfully uploaded and processed receipts and documents, are purged after 7 days. All other receipts and documents (failed to upload or failed during the processing) will be purged from the device after 60 days.

Client Configuration

(Android only) Each client has a set of configuration options, available through an API endpoint. This includes information such as enabled features, feature policies, and domain names. This information is stored in SharedPreferences.

Network Transfer

  • Android: uses OkHttpClient which uses standard HTTP caching policies to store network responses. These are stored in an encrypted file store, ANDROID_CACHE_DIR_PATH/sensibill/

  • iOS: SDK utilizes Foundation’s URLSession framework, which may utilize on-disk cache. See Apple’s documentation for more information.