Privacy Policy

Last updated: January 19, 2025

1. Introduction

SpendTracker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription tracking application.

2. Information We Collect

Personal Information

  • Email address
  • Name (if provided)
  • Google account information (when using Google Sign-In)
  • Payment information (processed securely through Stripe)

Usage Information

  • Subscription data you enter
  • App usage patterns and preferences
  • Device and browser information

Gmail Data

When you connect your Gmail account, we access your emails solely to identify subscription-related messages. We:

  • Only scan for subscription-related keywords
  • Do not store email content
  • Only extract subscription service names and amounts
  • Never share your email data with third parties

3. How We Use Your Information

  • To provide and maintain our subscription tracking service
  • To manage your account and provide customer support
  • To process payments and send billing information
  • To send administrative information and updates
  • To improve our services and develop new features
  • To detect and prevent fraud or technical issues

4. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information. Your data is:

  • Encrypted in transit using HTTPS
  • Stored securely in encrypted databases
  • Access-controlled and monitored
  • Backed up regularly with encryption

Gmail tokens are encrypted using AES-256-GCM encryption and are never accessible in plain text.

5. Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication and Gmail access
  • Stripe: For payment processing (PCI compliant)
  • OpenAI: For AI-powered features (no personal data shared)
  • Railway: For hosting and infrastructure
  • Cookiebot: For cookie consent management

6. Cookies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Essential cookies we use:

  • Authentication cookies to keep you logged in
  • Security cookies to detect authentication abuse
  • User preference cookies to save your settings

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at hey@yar.website

8. Data Retention

We retain your personal information only for as long as necessary to provide you with our service and as described in this Privacy Policy. When you delete your account, we will delete or anonymize your personal information within 30 days.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

11. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

13. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for processing your personal information includes:

  • Your consent
  • Performance of a contract with you
  • Our legitimate business interests
  • Compliance with legal obligations