Spendich (“we,” “us,” or “our”) operates the personal finance tracking application available at spendich.vercel.app. We understand that your financial data is among the most sensitive information you possess, and we treat it with the highest level of care. This Privacy Policy explains what data we collect, how we use it, and the choices available to you.
By creating an account or using Spendich, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.
2. Information We Collect
Account Information
Email address, display name, and profile avatar — provided during sign-up via Google OAuth or email magic link authentication.
This data is entered by you manually through the web interface, via the Telegram bot, by pasting SMS messages for parsing, or by importing CSV bank statements.
Budget configurations, spending goals, and recurring transaction rules you create.
Profile Preferences
Your preferred currency and date format, used to personalize the display of your financial data.
Telegram Integration
If you explicitly choose to link your Telegram account, we store your Telegram chat ID to enable bot notifications and transaction entry via Telegram. This is entirely optional and can be unlinked at any time.
Automatically Collected Information
Authentication session cookies required for secure login — nothing more. We do not use analytics services, tracking pixels, fingerprinting, or any third-party trackers.
3. How We Use Your Data
We use your data exclusively to provide and improve the Spendich service. Specifically:
Expense tracking: recording, categorizing, and displaying your transactions.
Budgets and insights: calculating budget progress, detecting spending spikes, tracking streaks, and generating actionable financial insights.
Spending analytics: producing charts, trends, and breakdowns of your financial activity.
Monthly email digests: sending a summary of your spending activity to your email address via the Resend email service, if configured.
Telegram notifications: delivering budget alerts, spending insights, and transaction confirmations to your linked Telegram account, if you have opted in.
Duplicate detection: identifying potentially duplicate transactions across manual entry, imports, and recurring rules to maintain data accuracy.
Your financial data is never sold, rented, shared with advertisers, or used for marketing purposes. We do not monetize your data in any form.
4. Third-Party Services
Spendich relies on a limited set of third-party services, each receiving only the minimum data necessary for their function:
Supabase — database hosting and authentication. Stores all user data in a PostgreSQL database hosted in Mumbai, India. Handles email magic link and OAuth authentication flows.
Google — OAuth login provider only. Receives standard OAuth flow data (email, name, profile picture) when you choose to sign in with Google. Google does not receive any of your financial data.
Telegram — bot integration, activated only if you explicitly link your account. Receives chat messages you send to the bot and transaction data for confirmations and notifications.
Resend — email delivery service for monthly digests. Receives your email address and a summary of your spending activity. No raw transaction data is transmitted.
Vercel— application hosting. Serves the web application and handles serverless function execution. Request logs are subject to Vercel's standard data processing practices.
Google Fonts — font delivery (DM Sans, Sora). No user data or financial information is transmitted; only standard HTTP requests for font files.
We do not integrate any advertising networks, analytics platforms, or data brokers.
AI-Assisted Parsing (Anthropic)
When you enter an expense in plain English, Spendich first tries to parse it with a local rule-based system. If the rules cannot confidently interpret your entry, Spendich sends only that entry text (for example, “sent 500 to mom yesterday”) to Anthropic's Claude API to improve category, title, and payment method detection. Anthropic does not use this data to train their models and retains it for at most 30 days for abuse monitoring. The parsed result is cached in our database per user for up to 90 days to reduce repeat calls. We never send your entire transaction history, account identity, or other data to Anthropic — only the single entry text for that one parse. Cached results are deleted when you delete your account.
5. Data Storage & Security
All user data is stored in a PostgreSQL database hosted by Supabase in Mumbai, India. We employ multiple layers of security to protect your information:
Row-Level Security (RLS):enforced at the database level, ensuring complete data isolation between users. No user can access, query, or modify another user's data under any circumstance.
Encrypted transport: all communication between your browser and our servers occurs over HTTPS with TLS encryption.
Secure cookies: authentication tokens are stored in HTTP-only, secure cookies that cannot be accessed by client-side JavaScript.
Security headers: we enforce X-Frame-Options: DENY (prevents clickjacking), X-Content-Type-Options: nosniff (prevents MIME-type sniffing), and a strict Referrer-Policy to limit information leakage.
International users: all data is stored in India regardless of your location. By using Spendich, you consent to the transfer and storage of your data in India.
6. Data Retention
Active data: your transactions, budgets, categories, and preferences are retained for as long as your account exists and remains active.
Deleted transactions: soft-deleted initially, then permanently and irreversibly removed after 90 days.
Account deletion: when you delete your account, all associated data — transactions, budgets, categories, payment methods, preferences, insights, and Telegram links — is cascaded and permanently deleted immediately. This action is irreversible.
7. Your Rights
You have full control over your data at all times:
Export your data: CSV and PDF export is built directly into the application. You can export your complete transaction history at any time, at no cost.
Delete individual transactions: remove any transaction from your records through the app interface.
Delete your account: permanently erase all of your data from our systems. This is immediate and irreversible.
Unlink Telegram: disconnect your Telegram account from Spendich at any time through the Settings page.
Data-related requests: for any other data access, correction, or deletion requests, contact us at mavericksdx747@gmail.com.
8. Cookies & Local Storage
Authentication cookies: managed by Supabase, HTTP-only and secure. These are strictly necessary for maintaining your login session and cannot be opted out of while using the service.
Local storage: a single key is used to remember your sidebar collapse/expand preference for a better navigation experience.
We use no tracking cookies, third-party cookies, or analytics cookies. There are no cookie banners because there is nothing to consent to beyond what is strictly necessary for the application to function.
9. Children's Privacy
Spendich is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will take immediate steps to delete that information from our systems. If you believe a child under 13 has created an account, please contact us at mavericksdx747@gmail.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the “Effective Date” at the top of this page. We encourage you to review this policy periodically. Your continued use of Spendich after any changes constitutes your acceptance of the updated policy.
11. Contact
For any questions, concerns, or requests related to your privacy or this policy, please contact us at mavericksdx747@gmail.com.
Please also review our Terms of Service for the complete terms governing your use of Spendich.