Spendrein
Sign inSign up

Privacy Policy

Last updated April 28, 2026

What we collect

  • Account data: email address, name (if provided), and password hash via our auth provider (Supabase).
  • Billing data: handled by Stripe. We store a reference to your Stripe customer and subscription — we never see or store your card details.
  • Statements you upload: transaction records extracted from bank/card statements you provide. We use these to detect recurring charges and generate audit reports.
  • Contracts (Pro): metadata and text extracted from PDF contracts you upload or forward to your inbound address. We extract fields such as supplier, term, and notice window.
  • Usage data: basic server logs (IP, user agent, route, timestamp) for security and debugging.

How we use it

We use your data to run the service you signed up for: parse statements, detect subscriptions, generate recommendations, send reminders, and (for Pro users) track contract renewals. We use an LLM provider to classify transactions and extract contract fields — provider calls contain the specific rows or text needed to complete the task. Our LLM provider does not use API submissions to train models per their published data usage policy, and we do not enable any payload-logging features in the inference gateway.

Sharing

We share data only with the sub-processors required to run the service: Supabase (auth and database), Stripe (billing), Resend (email delivery and inbound email), and our LLM provider for extraction. We don’t sell your data, and we don’t share it with advertisers.

Retention

Raw statement files are removed from storage within minutes of processing on the happy path. If processing fails or stalls, an automated daily sweep removes the file within 7 days at the latest. Parsed transactions, subscriptions, and contracts are retained while your account is active. When you delete your account from Settings → Danger zone, we remove your data from our primary database within 30 days. Backup copies are purged on the next backup rotation.

Your rights

You can access, export, correct, or delete your data at any time from Settings. If you’d prefer us to handle a request directly — or you’re exercising rights under GDPR, UK GDPR, or CCPA — email privacy@spendrein.com.

Security

Data is encrypted in transit (TLS) and at rest on our hosting provider’s managed infrastructure. Access to production data is restricted to the engineers who need it to operate the service.

Changes

We’ll update this policy as our product and sub-processors change. Material changes are announced in-app or by email before they take effect. The “Last updated” date at the top always reflects the current version.