Privacy Policy

Last Updated: September 30, 2025

1. Introduction

Welcome to Spendlee. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and API services.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, password (encrypted), and profile details
• Financial Data: Expense records, transaction amounts, categories, dates, and descriptions
• Budget Information: Weekly and monthly budget limits you set
• Receipt Images: Photos of receipts you upload for scanning
• Payment Information: Subscription and payment details processed through our payment providers

2.2 Information Automatically Collected

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features used, time spent in app, interaction patterns
• Log Data: IP address, access times, API requests, error logs
• Analytics Data: App performance metrics and crash reports

2.3 Information from Third-Party Services

• AWS Textract: We process receipt images through AWS Textract for text extraction
• Payment Processors: Transaction information from payment service providers

3. How We Use Your Information

We use your information to:

• Provide Services: Process expenses, scan receipts, generate reports, and manage budgets
• Authentication: Verify your identity and secure your account
• Personalization: Customize your experience and provide relevant insights
• Communication: Send service updates, budget alerts, and subscription notifications
• Analytics: Improve app performance and develop new features
• Legal Compliance: Comply with legal obligations and enforce our terms
• Security: Detect and prevent fraud, abuse, and security incidents

4. Data Processing and Storage

4.1 Receipt Processing

• Receipt images are temporarily uploaded to AWS S3
• AWS Textract processes images to extract text data
• Original images may be stored for your records unless you delete them
• Extracted text data is stored in our PostgreSQL database

4.2 Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: Data is deleted within 90 days of account deletion
• Legal Requirements: Some data may be retained longer if required by law
• Backups: Deleted data may persist in backups for up to 30 days

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share your information with:

5.1 Service Providers

• AWS: Cloud hosting and receipt processing (Textract, S3)
• Payment Processors: To process subscription payments
• Analytics Services: To understand app usage and performance

5.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms and Conditions

6. Data Security

We implement industry-standard security measures:

• Encryption: Data in transit (TLS/SSL) and at rest
• Password Protection: Bcrypt hashing for passwords
• Access Controls: Limited employee access to personal data
• JWT Authentication: Secure token-based authentication
• Regular Audits: Security assessments and vulnerability testing

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the right to:

• Request a copy of your personal data
• Export your expense data in CSV or JSON format
• Update or correct your personal information
• Delete your account and associated data
• Unsubscribe from marketing emails
• Object to certain types of processing

To exercise these rights, contact us at privacy@spendlee.com

8. Children's Privacy

Spendlee is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Continued use of Spendlee after changes constitutes acceptance of the updated policy.