Privacy Policy

Effective Date: February 7, 2026

At Spensy, we prioritize your privacy and are committed to protecting your personal information. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

The types of data we gather when you use Spensy

Account Information

When you create an account, we collect your name, email address, and authentication credentials through our authentication provider (Clerk). We also store your membership level, preferred currency, and workspace preferences.

Financial Data

To provide our expense tracking services, we collect receipt images you upload, merchant names, transaction amounts, dates, item details, and category information. This data is stored securely and is only accessible within your workspaces.

When you upload a receipt image or bank statement, we send it to OpenAI's API (GPT-4o mini) for automated data extraction. This means your receipt images and statement content are processed by OpenAI in accordance with their API data usage policy. OpenAI does not use data submitted via their API to train their models.

Usage Data

We automatically collect information about how you interact with Spensy, including pages visited, features used, and general navigation patterns. This data is collected through Vercel Analytics and is used to improve our service.

Payment Information

Subscription payments are processed through Stripe. We do not store your full credit card details on our servers. Stripe handles payment information in accordance with PCI DSS standards.

2. How We Use Your Information

The purposes for which we process your data

We use your information to:

Provide, maintain, and improve our expense tracking services
Process and categorize your receipts and financial transactions
Generate spending reports, budgets, and savings insights
Process subscription payments and manage your account
Send service-related communications (e.g., account confirmations, security alerts)
Develop new features such as price comparisons and personalized recommendations using anonymized, aggregated data
Detect, prevent, and address technical issues and security threats

3. Cookies and Tracking Technologies

How we use cookies and similar technologies on spensy.app

Spensy uses cookies and similar technologies to provide and improve our service. By using spensy.app, you can manage your cookie preferences through the cookie consent banner displayed on our site.

Essential Cookies

These are necessary for the website to function and cannot be disabled. They include authentication session cookies (managed by Clerk) and UI preference cookies such as sidebar state.

Analytics Cookies

We use Vercel Analytics to understand how visitors interact with our website. These cookies help us measure traffic, identify popular features, and improve user experience. You can opt out of analytics cookies through the cookie consent banner.

Functional Cookies

These cookies remember your preferences, such as your selected theme (light or dark mode), to provide a more personalized experience.

Managing Cookies

You can manage your cookie preferences at any time by clicking the cookie settings option in the footer of our website. You can also configure your browser to block or delete cookies, though this may affect site functionality.

4. Third-Party Services

External services we use to deliver and improve Spensy

We work with trusted third-party providers to deliver our services. Each provider is contractually bound to protect your data:

OpenAI — AI-powered receipt and bank statement processing (GPT-4o mini). Your uploaded receipt images and statement content are sent to OpenAI for data extraction. OpenAI does not use API data to train their models.
Clerk — Authentication and user management
Stripe — Payment processing for subscriptions
Vercel — Hosting, deployment, and analytics

We will never sell your personal data to third parties. When data is shared with service providers, it is only to the extent necessary to deliver our services and under strict contractual obligations.

5. Data Security

How we protect your financial information

We implement industry-leading security measures to ensure your data remains protected. Your sensitive financial information is encrypted using state-of-the-art encryption techniques, both in transit and at rest.

Access to your personal data is strictly limited to authorized personnel who need it to provide you with our services. All staff are bound by confidentiality obligations.

Our security team continuously monitors our systems for potential vulnerabilities, and we regularly conduct security audits to ensure your data remains safe.

6. Data Retention

How long we keep your data and when it is deleted

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Anonymized and aggregated data, which cannot be used to identify you, may be retained indefinitely to help us improve our services.

7. Your Rights and Choices

Your privacy options and rights as a Spensy user

Depending on your location, you may have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your personal data
Restriction — Request that we limit processing of your data
Portability — Request your data in a structured, machine-readable format
Objection — Object to processing of your data for certain purposes
Cookie preferences — Manage your cookie settings at any time via the cookie consent banner
Opt out of analytics — Decline analytics cookies to stop usage tracking

To exercise any of these rights, please contact our privacy team at privacy@spensy.app or through your account settings.

8. Children's Privacy

Our policy regarding users under 16

Spensy is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

9. Changes to This Policy

How we handle updates to our privacy practices

We may update this privacy policy from time to time. When we make significant changes, we will notify you by posting a notice on our website or sending you an email. We encourage you to review this policy periodically.

This privacy policy was last updated on February 7, 2026.

If you have any questions about our privacy practices, please contact us at privacy@spensy.app

← Back to Home