Privacy Policy

Spenny AI is a one-stop finance tracker, supercharged by AI, that helps you log, understand, and manage your personal finances through natural conversation with Sage — our AI assistant. We are currently in early access / beta and operate as an independent product.

Contact: [email protected]

Information you provide directly

• Account information: Email address and optional mobile number when you join the waitlist or sign up.
• Expense data: Text messages, voice recordings (transcribed and then discarded), receipt images, and bank statement PDFs you share with Sage.
• Credit Card Vault: Card details you save (such as issuer, nickname, last four digits, limits, and due dates you choose to enter), card-linked transactions you import or confirm, and connection status for an optional Vault-specific Gmail link — not full card numbers or CVV.
• Chat history: Your conversations with Sage, including expense logs and spending queries.

Information collected automatically

• Usage data: Pages visited, features used, session duration, and crash reports — collected anonymously to improve the product.
• Device information: Browser type, operating system, and IP address for security and rate limiting.

Information from integrations

• Gmail — main expense sync (read-only): We access only bank and payment alert emails to extract transaction data for your general ledger. We do not store raw email bodies — only extracted fields (e.g. amount, merchant, date).
• Gmail — Credit Card Vault (read-only, optional): If you enable it, we use a separate OAuth connection to access card-related email (such as InstaAlerts and issuer notifications) only to suggest cards, surface spend previews, and help you import matching transactions. The same rules apply: no advertising use, no unrelated scanning, and no long-term storage of full email content — only what you confirm and the minimum metadata needed to operate the Vault.
• Investments (Pro): If you connect supported broker or exchange accounts, we receive holdings and account data needed to show your investment portfolio. We use this data only to power the Investments feature and do not use it for advertising.
• WhatsApp / Telegram: Messages you send to the Spenny bot are processed to log expenses or answer queries. They are not stored beyond what is needed to respond.

• To provide, operate, and improve Spenny AI and Sage.
• To process and categorise your expense data and generate insights.
• To power the Credit Card Vault — showing balances, limits, due dates, and card spend you choose to track.
• To run budgets and subscription features, including sending digest updates and reminders when enabled.
• To communicate product updates, early access invites, and important notices.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not sell your data to third parties. We do not use your financial data to train general-purpose AI models or for advertising.

• Expense data is stored in a secure database (Supabase / PostgreSQL) with row-level security.
• Data is encrypted in transit (TLS) and at rest.
• Receipt images and bank statement PDFs are processed immediately and not permanently stored — only the extracted transaction records are saved.
• Voice input is transcribed by Whisper AI and the audio is discarded immediately after transcription.
• We apply strict access controls — only you can access your expense data.

We use the following third-party services to operate Spenny AI:

• Supabase — database and authentication
• AI model providers — for Sage responses and receipt parsing
• Vercel — hosting and edge delivery
• Airtable — waitlist management
• WhatsApp Business API / Telegram Bot API — messaging integrations
• Google OAuth — Gmail integration (read-only scope)

Each of these services has their own privacy policy. We share only the minimum data necessary for them to function.

Our use of Gmail data via Google OAuth is limited to the following (for each connection you enable):

• We request read-only access restricted to emails that match bank, payment, and (for the Vault) card-alert patterns we describe in the product.
• Main sync: Gmail data is used solely to extract expense transactions for your personal dashboard.
• Credit Card Vault: A separate optional connection may access card-related mail only to support Vault features (discovery, previews, imports). It is not used for advertising.
• We do not store raw email content long-term — only extracted fields (e.g. merchant, amount, date, category) and data you explicitly save.
• We do not use Gmail data to serve advertising or for any purpose unrelated to providing Spenny.
• You can revoke each Gmail connection at any time from your Google Account settings or from within Spenny AI.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Your expense records are retained as long as your account is active.
• If you delete your account, all personal data is deleted within 30 days.
• Anonymised, aggregated usage statistics may be retained indefinitely for product analytics.

You have the right to:

• Access all expense and personal data we hold about you.
• Export your data as CSV or PDF at any time from within the app.
• Correct inaccurate data.
• Delete your account and all associated data.
• Withdraw consent for any integration (Gmail, WhatsApp, Telegram) at any time.

To exercise these rights, email us at [email protected].

Spenny AI is not intended for users under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top and notify users by email for material changes. Continued use of Spenny AI after changes constitutes acceptance of the updated policy.

Questions, concerns, or requests? Reach us at:

[email protected]