Privacy Policy

Last Updated: January 2025

At Spendlyst, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("App").

1. Information We Collect

1.1 Financial Data

Spendlyst collects and stores the following financial information locally on your device:

• Transaction amounts, dates, and descriptions
• Category assignments
• Budget information
• Receipt images (if you choose to scan receipts)
• Merchant names and notes

Important: All financial data is stored locally on your device using SwiftData. We do not store, transmit, or have access to your financial information on our servers.

1.2 Device Information

We may collect anonymous device information for analytics purposes, including:

• Device type and operating system version
• App version
• Crash reports and error logs
• Usage statistics (feature usage, session duration)

1.3 Account Information (Optional)

If you choose to create an account, we may collect:

• Email address (if using email sign-up)
• Authentication credentials managed by Apple Sign-In or Google Sign-In

Note: Account creation is optional. You can use Spendlyst as a guest without creating an account.

2. How We Use Your Information

2.1 Local Data Storage

All transaction and financial data is processed and stored exclusively on your device. This data never leaves your device unless you explicitly export it.

2.2 AI Categorization

When you add a transaction or scan a receipt, we may send transaction details (amount, merchant name, date, and OCR text) to OpenAI's API for categorization purposes. This data is:

• Sent securely over HTTPS
• Not stored by OpenAI (as per their privacy policy)
• Used solely for categorization and not for training purposes

You can always manually categorize transactions without using AI features.

2.3 Analytics

We use Firebase Analytics to collect anonymous usage data to improve the App. This includes:

• Feature usage statistics
• Crash reports and error logs
• Performance metrics

This data is anonymized and cannot be used to identify you personally.

3. Third-Party Services

3.1 OpenAI

We use OpenAI's API for expense categorization. When you use AI categorization features:

• Transaction details are sent to OpenAI's servers
• OpenAI processes the data and returns category suggestions
• OpenAI does not store your data (as per their privacy policy)

For more information, see OpenAI's Privacy Policy.

3.2 Firebase Analytics

We use Google Firebase Analytics for crash reporting and usage analytics. Firebase collects anonymous device and usage information. For more information, see Firebase Privacy Policy.

3.3 Apple App Store

In-app purchases are processed through Apple's App Store. Apple may collect payment information and purchase history. See Apple's Privacy Policy for details.

4. Permissions

4.1 Camera Permission

Spendlyst requests camera access to scan receipts. Important points:

• Receipt scanning happens entirely on your device using Apple Vision framework
• No images are sent to external servers for OCR processing
• You can use the App without granting camera access
• You can revoke camera access at any time in iOS Settings

4.2 Photo Library Permission

If you choose to select existing photos for receipt scanning, we request photo library access. Photos are processed on-device and never uploaded to our servers.

5. Data Security

We implement appropriate security measures to protect your data:

• All data is stored locally on your device using iOS's secure storage
• Data is encrypted at rest using iOS encryption
• Network communications use HTTPS encryption
• We do not store your financial data on our servers

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

Since all data is stored locally on your device:

• Data persists until you delete the App or manually delete transactions
• We do not retain copies of your data
• If you delete the App, all local data is removed

7. Your Rights

You have the following rights regarding your data:

• Access: View all your data within the App
• Deletion: Delete individual transactions or all data by deleting the App
• Export: Export your data as CSV (Pro feature)
• Correction: Edit any transaction or category information
• Opt-out: Disable analytics in iOS Settings

8. GDPR Compliance

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, please contact us at cagri.gider.business@gmail.com.

9. Children's Privacy

Spendlyst is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We only share data as necessary:

• With OpenAI for AI categorization (transaction details only)
• With Firebase for analytics (anonymous usage data)
• As required by law or legal process

11. International Data Transfers

If you use AI categorization features, transaction data may be sent to OpenAI servers, which may be located outside your country of residence. By using these features, you consent to such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Notifying you through the App for significant changes

You are advised to review this Privacy Policy periodically for any changes.

13. California Privacy Rights

If you are a California resident, you have the right to:

• Request information about the categories of personal information we collect
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell personal information)

To exercise these rights, please contact us at cagri.gider.business@gmail.com.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: cagri.gider.business@gmail.com
Website: Support Page

15. Consent

By using Spendlyst, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use the App.

Your privacy is important to us. We are committed to protecting your financial data and being transparent about our data practices.