Privacy Policy
Effective: 2026-05-24 · Version: 1
1. Who we are
SpendSquire (“we”, “us”) provides a personal finance product consisting of a web dashboard and a native iOS app. Contact: [email protected].
2. Data we collect
Account & identity
Email, password hash, display name, locale, default currency, email verification status. Optional Google OAuth link stores the provider user ID and email returned by Google.
Authentication factors
TOTP secrets and backup codes (encrypted at rest). Email verification and password-reset tokens are stored only as hashes.
Sessions & devices
Session and CSRF tokens (hashed), user agent, IP address, last-activity timestamp. For the iOS app: device ID, Apple Push Notification Service (APNS) device token, app version, platform.
Financial data (user-entered)
Accounts, transactions, splits, tags, categories, budgets, recurring transactions, net-worth snapshots, reconciliations, exchange rates.
Preferences
Notification settings, timezone, budget alert thresholds.
Operational
Audit events, idempotency keys (24-hour TTL), CSV import presets, import fingerprints, saved filters.
Diagnostics
Crash reports, error traces, request IDs, app version, release name. On iOS, payloads are PII-scrubbed before transmission — emails, access/refresh/ID tokens, passwords, TOTP codes, CSRF tokens, and session IDs are redacted; Authorization, Cookie, and X-CSRF-Token headers are replaced with [redacted].
3. How we use it
To operate the service, authenticate you, sync data across devices, deliver alerts you have enabled, prevent fraud and abuse, and debug failures.
4. Third parties
- Apple Push Notification Service (APNS) — receives your device token and the notification payload (title, body, custom data) when we send a push.
- Sentry — receives errors, breadcrumbs, and your user ID. Payloads are scrubbed of emails, tokens, passwords, TOTP material, CSRF tokens, and session IDs on the client before transmission.
- Google OAuth — used only if you choose to sign in with Google. Google receives a sign-in request from you; we receive your provider user ID and email on first link.
- Hosting provider — data is stored in PostgreSQL hosted in a region disclosed once finalized.
We do not use advertising trackers, analytics SDKs, third-party trackers, or payment-card processors. We do not collect location, contacts, photos, microphone, or camera data.
5. Retention
- Sessions: until logout or expiry.
- Idempotency keys: 24 hours.
- Email verification and password-reset tokens: until expiry.
- Audit logs: retained for operational and security purposes.
- Financial data: retained until you delete your account.
6. Your rights
You may request access, correction, export (CSV from the web app), or deletion of your data. Email [email protected]. We respond within 30 days.
7. Security
Data is encrypted in transit (TLS). Credentials are stored hashed. TOTP secrets and backup codes are encrypted at rest. iOS diagnostic payloads are PII-scrubbed before send. Server-side authorization restricts access to your data.
8. Children
SpendSquire is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from such users.
9. International transfers
Data is processed in the region of our hosting provider, disclosed once finalized.
10. Changes
We version this policy. Material changes are announced in-app. The current effectiveDate is shown above; prior versions are retained in our public repository.