Skip to main content
SpendWhat
← Back to home

Privacy Policy

Last updated: April 8, 2026. Replace placeholders with your final legal text and effective date before production.

1. Introduction

SpendWhat (“we,” “our,” or “us”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our mobile application and related services (collectively, the “Service”). By using the Service, you agree to this policy.

2. Information we collect

We may collect information such as:

  • Account data: email address, display name, and authentication identifiers when you sign up or sign in (including via email, Apple, or Google).
  • Financial usage data: transactions, categories, budgets, income sources, and other data you enter in the app.
  • Device & diagnostics: device type, OS version, app version, crash logs, and performance data (e.g., via error reporting tools such as Sentry—configure your deployment to match your actual vendors).
  • AI processing: when you use bill scan or chat, content you submit may be processed by our backend or third-party AI providers to generate responses. Update this section with your actual data flows, retention, and subprocessors.

3. How we use information

We use information to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and sync data across devices when enabled;
  • Provide AI-powered features you request;
  • Communicate about the Service, security, or legal notices;
  • Comply with law and enforce our Terms of Service.

4. Storage and security

We implement reasonable technical and organizational measures to protect your information. No method of transmission or storage is 100% secure. Describe where data is stored (e.g., region, cloud provider) and your retention practices here.

5. AI and third-party data processing

SpendWhat uses third-party artificial intelligence services to power certain features, including the AI chat assistant and bill/receipt scanning. This section describes what data is shared, with whom, and how it is protected.

Data shared with AI providers

  • Voice input text: when you dictate an expense or ask a question via chat, the transcribed text is sent to our backend server, which forwards it to OpenRouter for routing to the selected AI model.
  • Bill and receipt images: when you use the bill scan feature, the image you capture or select is sent to our backend server, which forwards it to OpenRouter for analysis to extract transaction details such as amount, date, and merchant.

What is NOT shared

We do not include personally identifiable information — such as your name, email address, or account ID — in requests sent to AI providers. Only the content you explicitly submit (text or images) is forwarded for processing.

Third-party provider

We use OpenRouter as our AI gateway: your prompts and images are sent to OpenRouter, which routes them to the underlying model provider we configure. OpenRouter processes data under its privacy policy; underlying hosts may apply additional terms as described there. We configure usage consistent with privacy-preserving API practices and applicable agreements.

Purpose of processing

Data is sent to generate transaction suggestions, expense categorization, conversational responses, and bill analysis results. These features are optional — the app prompts you for consent before your first AI interaction.

Security and equivalent protection

Our AI provider maintains industry-standard security practices, including encryption in transit and at rest. We require that any third-party processor maintains security standards equivalent to or exceeding our own.

6. Third-party services

The Service may integrate third parties such as Apple Sign In, Google Sign-In, app stores for subscriptions, analytics, or error reporting. Their use is governed by their respective privacy policies. List the services you actually use.

7. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your data, or to object to certain processing. Contact us at the address below to exercise applicable rights. You can delete your account and associated Service data directly in the mobile app as described in Section 8.

8. Account deletion

You may request deletion of your SpendWhat account and the personal and financial usage data we hold for that account by using the in-app flow below. This is in addition to any statutory rights you may have in your jurisdiction.

What happens when you delete your account

  • On your device: After you confirm, the app clears locally stored data (including cached preferences and tokens), removes secure credentials, disables optional app lock settings, and signs you out.
  • On our servers: We mark your account for deletion. If you sign in again within approximately five minutes, that sign-in cancels the scheduled deletion and restores normal use of your account. After that grace period, our systems permanently remove your user record and associated data tied to the Service, such as transactions, categories, budgets, income records, chat history, AI usage records, subscription records in our database, notification tokens, and similar account-scoped content.
  • Subscriptions and app stores: Deleting your SpendWhat account does not automatically cancel or refund subscriptions managed by Google Play, Apple, or other storefronts. Manage billing in your store account if needed. Some purchase or billing records may be retained by the platform under their own policies.
  • Residual data: We may retain certain information where required by law (for example, tax or fraud-prevention obligations) or in aggregated or de-identified form that does not identify you. Backup or log systems may retain copies for a limited period before being overwritten.

How to delete your account (mobile app)

  1. Open the SpendWhat app on your Android or iOS device.
  2. Sign in with the account you want to remove (email, Google, or Apple, as applicable).
  3. Open the Settingstab (gear icon in the main tab bar).
  4. Scroll to the bottom and tap Clear all data.
  5. Read the confirmation message, then tap Clear Datato confirm. This schedules server-side deletion and clears local data as described above.
  6. If you changed your mind, sign back in within about five minutes to cancel the deletion.

If you cannot use the app or need help completing deletion, contact us at [email protected] from the email address associated with your account and describe your request. We may need to verify your identity before processing it.

9. Children

The Service is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

10. International transfers

If you access the Service from outside the country where our servers operate, your information may be transferred across borders. Describe your approach and safeguards (e.g., standard contractual clauses).

11. Changes

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. Continued use after changes constitutes acceptance unless otherwise required by law.

12. Contact

Questions about this policy: [email protected] . Replace with your real support or privacy contact.