We collect and store data which are provided by Google OAuth authentication:
first Name, last name, gender, email, all your Lyft and Uber
receipts, Google+ profile link, Google+ profile picture link
Read that again... email.
Sign-in with Gmail, and their privacy policy allows full access to your email. But it's OK, they're not sharing it with anyone (promise).
Elsewhere they say they're only reading the Uber and Lyft emails... but I'm not sure that matters as it's the privacy policy which counts.
I've just made a scrappy version that does not require email access. Because no way I'm giving my email for that. And there's a leaderboard ;)
https://uberstats.parseapp.com/
Is there a tool that can analyze privacy policies of websites and assign it a score? Would be nice to have a chrome extension or something similar, if the website gets anything less than A, just close and move on...
Not only that but the last line on their privacy policy is fun: "This privacy policy is subject to change without notice and was last updated on March 15, 2013."
Sadly, companies seem to actively avoid this kind of integration, with the notable exception of Trip It. I suspect the thought of setting up an maintaining and inbound mail server seems harder than handcrafting integrations for every provider?
They could provide a randomnumber@receipts.pistats.io email address for each account. Then it would be easy to send all your receipts without giving them access to your GMAIL. Another advantage would be that non GMAIL people could join too.
I'm a bit reluctant to give access, but I already do for TripIt, the e-mail account these go to isn't particularly sensitive. With other accounts it'd definitely be a no-go, so an alternative means (i.e. a forwarding address) would be awesome.
There's an obvious privacy/trust issue that has already been solved by cloud photo sharing. I've seen it in Flickr and OneDrive: both of them allow one to select a bunch of items, or a folder/album, and generate an URL key that allows access to only those items.
Actually, having that in mail systems could be rather useful for many other work flows.
I gave it the benefit of the doubt that this isn't anything malicious. It seems like you were even able to normalize the currencies and distances? Are you actually checking if the email has it listed in Kilometers or Miles?
Lots of comments not wanting to give away full Gmail access to use this tool. Could this be done as a desktop app, which you can sandbox and ensure it isnt uploading your data off your computer
An analogy would be this social graph network analysis tutorial which walks you through exporting your Facebook social graph data and creating cluster graph on it using a tool called Gephi:
https://www.youtube.com/watch?v=kbLFMObmLNQ
Sign-in with Gmail, and their privacy policy allows full access to your email. But it's OK, they're not sharing it with anyone (promise).
Elsewhere they say they're only reading the Uber and Lyft emails... but I'm not sure that matters as it's the privacy policy which counts.