Privacy Policy

Last updated: March 2026

Introduction

SpendWise AI ("we", "us", "our", or "Company") operates the SpendWise platform. This Privacy Policy explains our policies regarding the collection, use, disclosure, and safeguarding of information that you provide when using our website and services.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This policy applies to all users of SpendWise, whether you are using our free or paid services.

1. Data We Collect

We collect information that you voluntarily provide to us, as well as information that is automatically collected when you use our services.

1.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, username, password (hashed), and profile preferences.
  • Financial Data: Expense entries, budgets, spending categories, and transaction details that you voluntarily input into SpendWise.
  • Usage Data: Information about how you interact with the platform, including features you use and settings you configure.
  • Communication Data: Any messages you send through our support system or AI chatbot.

1.2 Information Automatically Collected

  • Device Information: Device type, operating system, browser type, and unique device identifiers.
  • Usage Analytics: Pages visited, time spent, features accessed, and interaction patterns using Vercel Analytics.
  • IP Address: Your IP address for security, fraud prevention, and service improvement.
  • Cookies & Tracking: Session cookies and local storage for authentication (see Section 8).

2. How We Use Your Data

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve SpendWise and its features.
  • Personalization: To customize your experience and deliver relevant expense insights.
  • AI & Analytics: To generate AI-powered spending insights, budget recommendations, and financial analysis.
  • Communication: To respond to support requests, send service updates, and notify you of important changes.
  • Security: To detect, prevent, and address fraud, security issues, and technical problems.
  • Legal Compliance: To comply with applicable laws, regulations, and legal requests.
  • Business Operations: To analyze usage patterns, track subscription status, and manage billing.

3. AI Processing & Third-Party APIs

SpendWise uses AI to provide intelligent financial insights. When you use our AI features:

3.1 How AI Works

  • Your expense data is processed locally and securely to analyze spending patterns.
  • When you query the AI Assistant (Pro Plan), your request and relevant financial context may be sent to secure third-party AI providers.
  • We use providers like Mistral AI for generating personalized insights. All communication with these services is encrypted.

3.2 Data Security with AI Providers

We do NOT train external AI models on your raw financial data. Your data is used strictly to generate insights for you and is subject to the same privacy protections as data shared with us directly.

  • All API communications with third-party AI providers use encryption (TLS 1.2+).
  • We select third-party providers with strong security certifications and privacy commitments.
  • Your data is never stored on third-party servers beyond what is necessary for immediate processing.

4. Payment Processing & Razorpay

SpendWise does not directly handle credit card information. All subscription payments are processed through Razorpay, a PCI-DSS Level 1 compliant payment processor.

4.1 How Payments Work

  • When you subscribe to SpendWise Pro, you are redirected to Razorpay's secure payment portal.
  • Your credit card information is entered directly into Razorpay's system—we never see your complete card details.
  • Razorpay stores only a tokenized reference to your payment method for recurring billing.
  • SpendWise receives only confirmation that your payment was successful and your subscription status.

4.2 Security Standards

  • Razorpay is PCI-DSS Level 1 certified, the highest security standard for payment processors.
  • All payment data is encrypted and isolated from SpendWise infrastructure.
  • For details on Razorpay's privacy practices, see Razorpay's Privacy Policy.

5. Data Sharing & Disclosure

We are committed to protecting your privacy. We do not sell, rent, lease, or trade your personal information.

5.1 Who We May Share Data With

  • Service Providers: We share data with third-party service providers who assist us (e.g., hosting providers, analytics services). All providers are bound by confidentiality agreements.
  • Legal Requirements: We may disclose information if required by law, court order, or government request.
  • Business Transfers: If SpendWise is acquired or merges with another company, your data may be transferred as part of the transaction.

5.2 Row-Level Security

Your financial data is protected by Row-Level Security (RLS). This means no other user, and no SpendWise employee, can access your expense ledger without explicit authentication as your account.

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations.

  • Active Accounts: Data is retained while your account is active.
  • Deleted Accounts: Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
  • Backup Data: Backups may be retained for up to 90 days for data recovery purposes.
  • Legal Holds: If required by law or legal proceedings, we may retain data longer.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access Your Data

You can download all your personal data and financial records by visiting your account settings. We provide exports in industry-standard formats (CSV, JSON).

7.2 Delete Your Data

You can request deletion of your account and associated data at any time. Send a request to support@spendwise.ai, and we will delete your data within 30 days, unless retention is legally required.

7.3 Correct Inaccurate Data

You can update or correct your personal information through your account settings.

7.4 Opt-Out of Communications

You can unsubscribe from promotional emails at any time by clicking the "Unsubscribe" link in our messages or updating your communication preferences in Settings.

7.5 Regional Rights (GDPR, CCPA)

If you are in the European Union, you have additional rights under the GDPR, including the right to request portability of your data and to object to processing. If you are in California, you have rights under the CCPA. To exercise these rights, contact support@spendwise.ai.

8. Cookies & Tracking Technologies

SpendWise uses cookies and similar technologies to enhance your experience.

8.1 Types of Cookies

  • Session Cookies: Required for authentication and maintaining your logged-in state.
  • Preference Cookies: Remember your settings, language preferences, and display options.
  • Analytics Cookies: Track usage patterns to improve our service (via Vercel Analytics).

8.2 Third-Party Analytics

We use Vercel Analytics to understand how users interact with SpendWise. This service may set cookies and collect usage data, but does not track personal identification information or sensitive financial data.

8.3 Cookie Management

Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect the functionality of SpendWise.

9. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption in Transit: All data is encrypted using TLS 1.2+ during transmission.
  • Encryption at Rest: Sensitive data is encrypted in our database.
  • Password Hashing: Passwords are hashed using industry-standard algorithms and are never stored in plain text.
  • Access Controls: Only authorized employees with a legitimate business need can access your data.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing.
  • Rate Limiting: We implement rate limiting to prevent unauthorized access and abuse.
  • No Guarantee: While we take security seriously, no system is 100% secure. We recommend using strong passwords and enabling 2FA where available.

10. Children's Privacy

SpendWise is not intended for users under 18 years of age. We do not knowingly collect information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will delete such information and terminate the child's account immediately.

If you believe a child has created an account with us, please contact support@spendwise.ai.

11. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have different data protection laws. By using SpendWise, you consent to the transfer of your information to countries outside your country of residence, which may provide a different level of data protection.

SpendWise may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to third-party websites. We recommend reviewing the privacy policies of any third-party services before providing your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Last Updated" date above or by sending you an email notification.

Your continued use of SpendWise following notification of changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

SpendWise AI Support

Email: support@spendwise.ai

We will respond to your inquiries within 7 business days.