Privacy Policy

Spendfully ("we", "us", or "our") is operated by Easton & Code, LLC. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Account Information

When you create an account, we collect your email address and a password (stored as a bcrypt hash — we never store your plain-text password).

YNAB Data

When you connect your YNAB account via OAuth, we receive and store a copy of your budget data including:

  • Account names and balances
  • Budget categories and amounts
  • Transactions (date, amount, payee, memo, category)
  • Budget metadata (budget name, currency)

We also store your YNAB OAuth access and refresh tokens, encrypted at rest using Rails ActiveRecord Encryption.

Usage Data

We collect basic server logs (IP address, browser type, pages visited) for security and debugging purposes. We do not use third-party analytics.

2. How We Use Your Information

  • To provide the service — syncing your YNAB data, generating insights, and powering AI chat responses
  • To send transactional emails — account confirmations, password resets, and sync failure notifications via Resend
  • To improve the service — understanding how features are used in aggregate

3. AI and Third-Party Services

Spendfully uses Google Gemini to power its AI Assistant. When you send a message in the AI chat, relevant portions of your budget data (transaction summaries, category totals, account balances) are sent to Google's API to generate a response. We do not send your raw OAuth tokens or account credentials to any AI service.

By using the AI Assistant, you acknowledge that your financial data is processed by Google's Gemini API, subject to Google's Privacy Policy.

Email delivery is handled by Resend.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on DigitalOcean. OAuth tokens are encrypted at rest. We use HTTPS for all data in transit. While we take security seriously, no system is perfectly secure — please use a strong, unique password.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We only share data with the service providers listed above (Google Gemini, Resend) as necessary to operate Spendfully.

6. YNAB Disclaimer

Spendfully is not affiliated with, endorsed by, or sponsored by YNAB (You Need A Budget). YNAB is a registered trademark of You Need A Budget LLC. Your YNAB data is accessed via YNAB's official OAuth API with your explicit permission and is used solely to provide Spendfully's features.

7. Your Rights

  • Access — you can view all your data within the app at any time
  • Correction — contact us to correct inaccurate account information
  • Deletion — you can delete your account from Settings, which permanently deletes all your data including YNAB connection, transactions, chats, and insights
  • Disconnect YNAB — you can disconnect your YNAB account at any time from Settings, which revokes our access and removes synced data
  • Data portability — contact us at support@spendfully.app to request an export of your data

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days. Server logs are retained for up to 90 days.

9. Cookies

We use session cookies to keep you logged in. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes via email. Continued use of Spendfully after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Email us at support@spendfully.app.