Spendo

Privacy Policy

Effective Date: May 15, 2026

1. Introduction

Welcome to Spendo (the "App," "we," "us," or "our"). Your privacy is important to us, and this Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services. By accessing or using our services, you agree to the collection and use of your information as described in this Policy.

2. Information We Collect

Personal Information

  • Email Address and password. Account credentials are handled by Better Auth and stored in our database. Passwords are never stored in plain text — only as a cryptographic hash.

Financial Information

We integrate with Plaid to access your financial accounts and transaction data. With your consent, we collect and store the transactions, balances, and account metadata necessary to provide categorization, search, and conversational query features. The connection is read-only: we cannot initiate payments or transfers.

Automatically Collected Data

When you access or use the App, we may automatically collect technical data — IP address, browser type, operating system — to operate the service and protect it from abuse.

3. How We Use Your Information

  • To provide services. Categorize transactions, answer your queries, and keep a clean record of your spending.
  • Communication. Respond to support requests sent to our email address.
  • Security. Monitor and protect the App from unauthorized access or abuse.

We do not use your information for advertising, profiling, or to train external machine-learning models.

4. Third-Party Services

We rely on a small number of vendors to operate the App. Each receives only the data necessary to perform its function:

  • Plaid — bank connection and transaction retrieval.
  • OpenAI — embeddings for categorization and the conversational chat model. Transaction text is sent to OpenAI to generate embeddings and answer queries. Per OpenAI's API terms, your data is not used to train their models.
  • Managed database — where your records are stored.
  • Vercel — web hosting.
  • Google Cloud Run — backend hosting.
  • Inngest — orchestration of background jobs (e.g. transaction sync).

Each vendor maintains its own privacy and security practices.

5. Data Storage and Retention

Your personal and financial data is stored in an encrypted, managed database with row-level security so that only your account can read your records. We retain your information for as long as you maintain an account with us.

If you wish to delete your data, please contact info@spendobudget.com. We will remove your records from our systems in a timely manner.

6. Your Rights

  • Access & correction. You can request a copy of your personal information, or corrections to it, by contacting us at info@spendobudget.com.
  • Deletion. You may request that we delete your personal and financial data at any time.
  • Consent withdrawal. If you previously consented to data collection and wish to withdraw that consent, please email us. Withdrawing consent may impact your ability to use some or all of our features.

7. Children's Privacy

Our services are intended for adults only and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us at info@spendobudget.com and we will delete it.

8. Security Measures

We take reasonable steps to protect your information, including:

  • Encryption in transit (TLS 1.2 or higher).
  • Encryption at rest on our managed database.
  • Row-level security at the database tier — every read is scoped to your account.
  • Read-only database role for the conversational query agent; it cannot mutate your records.
  • Secure hosting with Vercel and Google Cloud Run.
  • Two-factor authentication on operator accounts for critical infrastructure.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure.

9. Disclaimer of Financial Advice

Any insight Spendo surfaces — categorizations, totals, conversational answers — is for informational purposes only. You acknowledge that you are using this information at your own risk and should seek professional financial advice before making decisions. We are not liable for any financial outcomes or decisions made based on what the App shows you.

10. International Data Transfers

We are based in San Francisco, California, USA, and process data in the United States. If you are accessing our services from Canada (or any other region), your data may be transferred to and processed in the U.S. We will take steps to ensure appropriate safeguards when transferring data internationally.

11. Changes to this Privacy Policy

We may update this Policy from time to time. When we do, we will post the revised version on our website, and the Effective Date at the top will be updated. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your rights, please contact us at:

Email: info@spendobudget.com Address: Spendo, 706 Kearny St., San Francisco, CA, USA, 94108