Last Updated: January 11, 2026
1. Introduction
Welcome to SpendTrail ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
2. Information We Collect
2.1 Personal Information
- Account Information: Email address, name, and password (encrypted)
- Profile Information: Profile picture (if using Google Sign-In)
2.2 Financial Information
- Transaction Data: Amount, merchant, category, date, and description
- SMS Messages: Bank transaction SMS (with your permission)
- Email Data: Transaction emails from Gmail (with your explicit authorization)
2.3 Automatically Collected Information
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: App features used, interaction patterns
- Location Data: Approximate location (if permission granted) for transaction tagging
3. How We Use Your Information
We use your information to:
- Provide and maintain our expense tracking service
- Parse and categorize your transactions automatically
- Send you notifications about detected transactions
- Improve our AI-powered transaction parsing algorithms
- Generate spending reports and insights
- Provide customer support
- Detect and prevent fraud or security issues
4. Gmail API Usage
If you choose to enable Gmail integration:
- We access only emails related to financial transactions
- We use the Gmail API in compliance with Google API Services User Data Policy
- We do NOT read personal emails, contacts, or other unrelated content
- You can revoke access at any time through your Google Account settings
- We do NOT sell or share your Gmail data with third parties
5. Data Storage and Security
- Encryption: All data is encrypted in transit (HTTPS) and at rest
- Secure Storage: Data stored on secure MongoDB servers with access controls
- Password Protection: Passwords are hashed using industry-standard bcrypt
- Access Control: Strict authentication required for all API access
6. Data Sharing and Disclosure
We DO NOT sell your personal information. We may share your information only in these cases:
- With Your Consent: When you explicitly authorize sharing
- Service Providers: Cloud hosting, analytics (Firebase, Sentry) - under strict privacy agreements
- Legal Requirements: If required by law or to protect rights and safety
7. Your Rights and Choices
You have the right to:
- Access: Request a copy of your data
- Correction: Update or correct your information
- Deletion: Request deletion of your account and data
- Opt-Out: Disable SMS parsing or Gmail integration anytime
- Export: Export your transaction data
8. Data Retention
- Transaction data: Retained as long as your account is active
- Account data: Deleted within 30 days of account deletion request
- Backup data: Removed within 90 days
9. Children's Privacy
SpendTrail is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.
10. Third-Party Services
We use the following third-party services:
- Google OAuth & Gmail API: For authentication and email access
- Firebase Cloud Messaging: For push notifications
- Sentry: For error tracking and monitoring
- MongoDB Atlas: For secure data storage
11. International Data Transfers
Your data may be stored and processed in servers located in different countries. We ensure appropriate safeguards are in place.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or app notification.
13. Contact Us
If you have questions about this Privacy Policy or our practices, contact us at:
14. Google API Services Disclosure
SpendTrail's use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.