Privacy Policy - Spendly
Effective date : Sunday, February 01, 2026
Spendly ("Spendly", "we", "us", or "our") provides a personal finance habits tracking application (the "Service"). This Privacy Policy explains what information we collect, how we use it, how we store it, and what choices you have.
If you have questions about this Privacy Policy or your data, contact us at spendly@edm115.dev.
This Privacy Policy applies to information processed by Spendly when you use the Service, including when you create an account, sign in (including via OAuth like Google), enter financial tracking information, or request support.
A. Account and login information
Depending on how you sign in, we may collect :
- Email address
- Username
- Password
Important note about passwords : If you use password-based authentication, your password is not accessible to us in plaintext. We cannot read your password and cannot retrieve it in case you lost it. However, you can reset your password, as long as you provided an email address.
B. OAuth / third-party sign-in information
If you sign in using OAuth (Google/GitHub/any other provider we might add in the future), we store an OAuth token or equivalent credential required to authenticate you and operate the Service. This token may allow us to retrieve limited profile information on your behalf, such as :
- Your name and/or username associated with your OAuth account (as provided by the provider and permitted by the OAuth scopes you approve)
We do not use OAuth access for any unrelated purpose. We do not attempt to access or collect information outside what you authorize through the consent screen and what is necessary to provide the Service.
C. Financial and usage data you input
Spendly is a financial habits tracking app. We collect and store the information you enter into the app, which may include (depending on features you use) :
- Spending/income entries
- Categories, budgets, recurring items
- Notes, tags, and other metadata you choose to attach
- Any other financial tracking details you input for the purpose of using the Service
D. Support and communications
If you contact us (for example, to request help, deletion, or a data copy), we will receive :
- The contents of your email and any information you include
- Your email address and any metadata your email provider includes (e.g., timestamp)
E. What we do not collect
We do not intentionally collect data that you do not provide and that is not needed for the Service to work. We do not send marketing emails and do not use your email address for promotional communications. We will never share any of the information you provide with third parties for their own marketing purposes, analytics or advertising.
We use your information for the following purposes :
1. Provide and operate the Service
- Create and manage your account
- Authenticate you at login (including via OAuth)
- Store and display the financial tracking data you enter
2. Account-related communications
- Send necessary emails such as password reset or other account/security-related notices
- We do not send newsletters, marketing, or non-essential communications
3. Support and troubleshooting
- Respond to your requests and support inquiries
- Diagnose bugs, resolve issues, and improve reliability
4. Security, integrity, and enforcement
- Detect abuse, fraud, or misuse
- Enforce our Terms of Use, including account restrictions or bans when warranted
Service administrators may have the ability to impersonate a user account, meaning they can view that user's data without requiring the user's authentication credentials.
This capability is strictly for support purposes, such as debugging, troubleshooting, and help when the user has requested or agreed to such assistance. We do not use impersonation to access user data for unrelated reasons.
We do not sell your personal information.
We may share information only in limited situations :
- With service providers that help us run the Service (for example, hosting or infrastructure). These providers may process data on our behalf to operate the Service.
- For legal compliance or protection, if we believe in good faith it is necessary to comply with applicable law, protect the Service, enforce our Terms of Use, or respond to lawful requests.
When you use OAuth, the OAuth provider may process information according to its own policies. Your use of the OAuth services is governed by the OAuth provider's applicable terms and privacy policies.
We keep the data you provide indefinitely unless one of the following occurs :
1. The Service ceases to exist (for example, if the Service is shut down)
2. You delete your data manually (where the Service provides deletion functionality)
3. A service administrator deletes your data (for example, in response to a request or as part of enforcement or maintenance)
Because retention is indefinite by default, you control deletion by using in-app deletion tools (if available) or by contacting us.
You can request the following at any time by emailing the aforementioned email address :
- A copy of your data (export)
- Deletion of your account and/or data
We will make reasonable efforts to fulfill requests. In some cases, deletion may not be possible if the Service has already ceased to exist or if technical limitations prevent retrieval/export. If we cannot complete a request, we will explain why to the extent we can.
We take reasonable steps to operate the Service, but the availability of the Service is not guaranteed. Additionally, the safety of any data stored in the Service is not guaranteed. No method of storage or transmission is 100% secure, and you use the Service with this understanding.
We recommend that you avoid storing any information you consider highly sensitive or irreplaceable.
Administrators may shut down the Service at any moment. In the event of shutdown, you may lose access to your account and data. Where feasible, we may attempt to provide notice, but we are not obligated or guaranteed to do so.
We may update this Privacy Policy from time to time. If we make changes, we will revise the "Effective date" at the top. Your continued use of the Service after changes take effect means you accept the updated policy.
For privacy questions, data requests, or account issues, contact the aforementioned email address.