SpentyAI

Privacy Policy

Last updated: April 14, 2026

1. Who We Are

SpentyAI ("we", "us", "our") is an autonomous accounting platform that helps individuals and small businesses track income, expenses, and transfers using AI-powered email and SMS parsing. This policy explains what data we collect, why, and how we protect it.

2. Data We Collect

2.1 Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We use this to create and identify your SpentyAI account.

2.2 Financial Data You Enter

We store data you voluntarily provide, including:

  • Bank accounts and their balances
  • Transaction records (income, expenses, transfers)
  • Categories and subcategories
  • Uploaded bank statements (CSV and PDF files)

This data is stored in your account and is never shared with other users.

2.3 Email Data (Gmail and Outlook)

If you choose to connect your Gmail or Outlook account, we request read-only access to your inbox. We scan emails for transaction-related messages (e.g., payment confirmations, bank alerts) and extract financial details using AI. We do not read, store, or process emails unrelated to financial transactions. You can disconnect your email account at any time.

Gmail scopes requested: gmail.readonly, userinfo.email, userinfo.profile (read-only).

Outlook scopes requested: Mail.Read, User.Read (read-only).

Limited Use disclosure (Google user data): SpentyAI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Gmail read-only access is used solely to detect and extract transaction information for SpentyAI's bookkeeping features. It is not used for advertising, is not sold, and is not transferred to third parties except as necessary to provide or improve these user-facing features (for example, AI-based extraction of transaction details), to comply with applicable law, or as part of a merger or acquisition with prior notice to users. We do not allow humans to read your Gmail data except where you give explicit consent, where necessary for security purposes (such as investigating abuse), or to comply with applicable law. We do not use your Gmail data to train generalized or non-personalized AI/ML models.

2.4 SMS Data

If you upload SMS messages through the app, we analyze them for transaction information using AI. SMS data is processed the same way as email data, only financial messages are extracted and stored as transactions.

2.5 Cookies and Sessions

We use a single httpOnly, secure session cookie ("session_token") to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

3. How We Use Your Data

  • Account management — to identify you and maintain your session.
  • Transaction recording — to create, categorize, and reconcile your financial records.
  • AI parsing — to automatically extract transactions from your emails and SMS messages.
  • Cash flow projections — to generate financial forecasts based on your transaction history.
  • Reports — to produce summaries and breakdowns of your financial activity.
  • Verification emails — to send you an email verification link when you sign up.

4. Third-Party Services

We use the following third-party services to operate SpentyAI:

  • Google OAuth — for sign-in authentication and Gmail access.
  • Microsoft Graph API — for Outlook email access.
  • OpenAI — to analyze email and SMS content and extract transaction data. Email/SMS content is sent to OpenAI's API for processing. OpenAI's data usage policy applies.
  • Resend — to deliver verification and welcome emails to your address.
  • MongoDB Atlas — to securely store your account and financial data.
  • Railway — to host our application infrastructure.

We do not sell, rent, or share your personal or financial data with advertisers or data brokers.

5. Data Retention

Your data is retained as long as your account is active. If you wish to delete your account and all associated data, contact us at the email below. We will permanently remove your records within 30 days of your request.

6. Data Security

All data is transmitted over HTTPS with TLS encryption. Session cookies are httpOnly and secure. Database access is restricted and authenticated. Email OAuth tokens are stored securely and can be revoked by disconnecting your email account.

7. Your Rights

You have the right to:

  • Access your data through the app's dashboard, transactions, and reports pages.
  • Delete individual transactions, accounts, or your entire account.
  • Disconnect Gmail or Outlook at any time, which stops future email scanning.
  • Revoke Google or Microsoft permissions from your respective account settings.
  • Export your financial data from the reports section.

8. Children's Privacy

SpentyAI is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of SpentyAI after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or want to request data deletion, contact us at:

Email: privacy@spentyai.com