Privacy Policy

Our Commitment to Privacy

At Spendless, we believe your financial data is deeply personal and should be treated with the utmost respect and care. This Privacy Policy explains how we collect, use, protect, and share your information when you use our mindful spending tracker.

TL;DR: We collect minimal data, encrypt everything, never sell your information, and give you complete control over your data.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, display name (optional), and password (encrypted)
• Financial Data: Transaction amounts, dates, categories, tags, wallet names, and period settings
• Optional Data: Profile picture, currency preferences, notification settings

1.2 Information We Automatically Collect

• Usage Data: How you interact with the app (anonymized analytics)
• Device Information: Browser type, operating system, device type (for compatibility)
• Performance Data: App performance metrics, error logs (to improve the service)

1.3 Information We DON'T Collect

• Bank account credentials or login information
• Social Security numbers or government IDs
• Credit card numbers or payment information (for free tier)
• Location data or GPS tracking
• Contacts, photos, or other device data

2. How We Use Your Information

We use your information solely to provide and improve Spendless:

• Provide the Service: Store your spending data, sync across devices, generate insights
• Improve the App: Fix bugs, develop new features, optimize performance
• Communicate with You: Send important updates, security alerts, and feature announcements (you can opt out)
• Support: Respond to your questions and troubleshoot issues
• Security: Detect and prevent fraud, abuse, and security incidents

We do NOT:

• Use your data for advertising
• Sell or rent your information to third parties
• Share your spending data with anyone
• Track you across other websites or apps

3. How We Store and Protect Your Data

3.1 Data Storage

Your data is securely stored on Google Firebase, a industry-leading cloud platform:

• Encryption at Rest: All data is encrypted using AES-256 encryption
• Encryption in Transit: All data transmission uses HTTPS/TLS 1.2+
• Data Location: Currently stored in Australia (Sydney region), with the ability to create databases in other regions upon request
• Backups: Automatic backups for disaster recovery

3.2 Access Control

• Only you can access your financial data through authentication
• We implement strict Firebase Security Rules to prevent unauthorized access
• Our team cannot view your spending data without explicit permission

3.3 Security Measures

• Regular security audits and vulnerability testing
• Secure authentication using Firebase Auth
• Password hashing and salting
• Protection against common attacks (SQL injection, XSS, CSRF)

4. Data Sharing and Disclosure

We do not sell or rent your personal information. We may share limited data in these specific cases:

4.1 Service Providers

We use trusted third-party services to operate Spendless:

• Google Firebase: Cloud hosting, authentication, database
• Email Service: Transactional emails (account verification, password resets)
• Analytics: Anonymized usage analytics (Google Analytics, with IP anonymization)

These providers are bound by strict data protection agreements and cannot use your data for their own purposes.

4.2 Legal Requirements

We may disclose information if required by law, such as:

• Responding to valid legal requests (subpoenas, court orders)
• Protecting our rights, property, or safety
• Preventing fraud or illegal activities
• Complying with government regulations

We will notify you of legal requests unless prohibited by law.

4.3 Business Transfers

If Spendless is acquired or merged, your data may be transferred to the new entity. You will be notified and given the option to delete your account.

5. Your Privacy Rights

You have complete control over your data:

5.1 Access and Export

• Download all your data in CSV or JSON format
• Request a copy of all information we have about you

5.2 Correction and Updates

• Edit or update your account information anytime
• Correct any inaccurate data

5.3 Deletion

• Delete your account and all associated data anytime
• Data is permanently deleted within 30 days
• Backups are purged within 90 days

5.4 Opt-Out

• Unsubscribe from marketing emails (one-click)
• Disable analytics tracking in settings
• Turn off notifications

5.5 Data Portability

• Export your data to use with other services
• Standard formats (CSV, JSON) for easy migration

To exercise these rights, contact us at privacy@spendless.app

6. Children's Privacy

Spendless is not intended for children under 13 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

7. International Users

Spendless is available globally. If you use our service from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate.

GDPR Compliance (EU Users): If you are in the European Union, you have additional rights under GDPR, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

8. Cookies and Tracking

We use minimal cookies and tracking:

Essential Cookies

• Authentication cookies (required to keep you logged in)
• Security cookies (prevent fraud and attacks)
• Preference cookies (remember your settings)

Analytics Cookies (Optional)

• Google Analytics (anonymized IP addresses)
• Performance monitoring
• Can be disabled in settings

We do NOT use advertising cookies or third-party tracking pixels.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

• Notify you via email of significant changes
• Post the updated policy on our website
• Update the "Last Updated" date at the top
• Give you 30 days to review changes before they take effect

Continued use of Spendless after changes means you accept the updated policy.

10. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data:

• Email: privacy@spendless.app
• Support: hello@spendless.app
• Response Time: We aim to respond within 48 hours

11. Additional Resources

• Terms of Service
• Security Practices
• Firebase Privacy & Security
• Google Cloud Compliance

---

By using Spendless, you agree to this Privacy Policy.
We're committed to protecting your privacy and being transparent about our practices.