💰 Expensebot

What we collect

• Your Telegram/Lark user ID (to identify you across sessions)
• Your Anthropic API key, if you set one (encrypted at rest)
• Your OmniHR access + refresh JWTs (encrypted at rest)
• Parsed receipt metadata (merchant, date, amount, currency, policy) — kept to enable duplicate detection and status tracking
• Receipt files temporarily (deleted within 24h after upload to OmniHR)
• Your corrections (to improve classification)

What we don't do

• Sell or share your data with anyone.
• Use your receipts to train any model.
• Log amounts, merchants, emails, or credentials in plaintext. All logs go through a redactor.

Where data lives

• Postgres/SQLite on a single VM you can inspect (oracle.seahyingcong.com).
• No third-party analytics, no trackers.

Third parties that see your data

• OmniHR — obviously (it's your HR system)
• Anthropic — parses your receipts (they don't train on API traffic per their policy). On Managed tier, via the maintainer's Anthropic account; on BYOK tier, via your own.
• Telegram / Lark — the channel carrier
• Chrome Web Store — if you install the extension

Your controls

• /memories — read everything the bot has remembered about your preferences; edit or remove entries by talking to it.
• Want your data deleted or exported? Open a GitHub issue (link below) and I'll run it by hand — low enough volume that automating it isn't worth the footgun risk.

Contact

Open a GitHub issue: github.com/seahyc/expensebot/issues