Privacy Policy

Account information. When you create an account, we collect your name, email address, and password (stored as a secure hash). You may optionally provide your date of birth, annual income, and employment type.

Transaction data. You can manually enter income and expense transactions. This data is stored in your personal account and used to generate insights and reports.

Financial goal and budget data. Any budgets, savings goals, loan details, or net-worth entries you create are stored and used to power the planning features of the app.

Usage data. We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for the purpose of security monitoring and service improvement. We do not use third-party analytics trackers.

Profile and avatar. If you upload a profile photo, it is stored in Supabase Storage and associated with your account. You can delete it at any time.

SpendGuard uses Supabase as our backend infrastructure provider. Your data is stored in PostgreSQL databases hosted by Supabase on AWS infrastructure in the United States. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Row-Level Security (RLS) policies ensure that each user can only access their own data. Our application code enforces authentication checks on every API request.

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time from the Settings page. Deletion is permanent and irreversible.

SpendGuard may offer bank account connectivity powered by Plaid Technologies, Inc. If you connect a bank account:

• You authenticate directly with Plaid — SpendGuard never sees or stores your banking credentials.
• Plaid shares transaction data and balance information with us via their API.
• Plaid's own privacy policy governs how they handle your credentials and data with your bank.
• You can revoke SpendGuard's access to your bank accounts at any time from Settings, or directly through your bank's connected-apps management.

Bank connectivity features are provided on an as-available basis and may not be available in all plan tiers.

SpendGuard's AI Advisor feature sends a summary of your recent transactions and financial profile to Anthropic's Claude API to generate personalised financial insights. Specifically:

• We send aggregated transaction summaries (amounts and categories, not merchant names or account numbers) and your stated financial goals.
• We do not send your name, email address, or other personally identifiable information to the AI model.
• Anthropic processes this data under their API terms and privacy policy. They do not use API data to train their models by default.
• AI-generated insights are stored in your account so you can review them later.

We use your information to:

• Provide, operate, and improve the SpendGuard service
• Generate personalised financial insights and reports
• Send transactional emails (account confirmation, password reset)
• Respond to your support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not sell your personal information to third parties. We do not share your financial data with advertisers.

We may share your information only in the following circumstances:

• Service providers. Supabase (database and storage), Anthropic (AI processing), Plaid (bank connectivity), and Stripe (payment processing) receive only the data necessary to perform their services.
• Legal requirements. We may disclose your information if required by law, subpoena, or to protect the rights or safety of SpendGuard or others.
• Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our website before this occurs.

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

• Right to know. You can request a summary of the personal information we have collected about you in the past 12 months.
• Right to delete. You can request that we delete your personal information. You can do this directly from Settings → Account → Delete Account.
• Right to opt out. We do not sell personal information, so there is no opt-out required. If this changes, we will update this policy and provide an opt-out mechanism.
• Right to non-discrimination. We will not discriminate against you for exercising any of your CCPA rights.

Residents of other US states with privacy laws (Virginia, Colorado, Connecticut, etc.) have similar rights. To exercise any of these rights, email us at privacy@spendguard.app.

SpendGuard uses only essential cookies required for authentication (session tokens set by Supabase). We do not use advertising cookies, third-party tracking pixels, or analytics cookies.

SpendGuard is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the app at least 30 days before the change takes effect. Your continued use of SpendGuard after the effective date constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights, contact us at:

SpendGuard, Inc.
Privacy Team
privacy@spendguard.app