Privacy Policy
Last updated: May 18, 2026
Spendlyfi ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Spendlyfi expense tracking application ("Service").
Please read this policy carefully. By using Spendlyfi you agree to the practices described here.
1. Information We Collect
1.1 Google Account Information
When you sign in with Google we receive the following information from Google:
- Your name
- Your email address
- Your Google profile photo
- A unique Google user ID
This information is used solely to identify your account and display your name and photo within the app. We do not store this information on our servers beyond what is held in your secure authentication session.
1.2 Expense and Budget Data
Any expense records, budget plans, receipt images, tags, and notes you create inside Spendlyfi are data you provide voluntarily. This includes:
- Expense amounts, currencies, dates, descriptions, and categories
- Personal and business expense classifications and tags
- Budget plan targets per category
- Receipt image files you upload
- Notes attached to expenses
1.3 App Preferences
We store your app preferences locally in your browser (via localStorage), including your default currency and display mode (Personal/Business). These preferences never leave your device.
2. How We Store Your Data
Spendlyfi follows a zero-knowledge architecture: your expense and budget data is stored exclusively in your own Google Drive account — not on our servers.
Specifically, we use Google Drive's appDataFolder — a special hidden folder that:
- Is not visible in your Google Drive file browser
- Can only be accessed by the Spendlyfi application
- Is automatically deleted if you remove Spendlyfi's access from your Google account
Your financial data is processed temporarily in your browser's memory to display it to you, but we never persist it on Spendlyfi's infrastructure. Google secures the stored data using their own enterprise-grade security controls.
3. How We Use Your Data
We use the information collected solely to provide the Service:
- To authenticate you via Google Sign-In
- To read and write your expense and budget data in your Google Drive
- To display your expenses, reports, and budget summaries within the app
- To remember your app preferences across sessions
We do not use your data for advertising, marketing profiling, machine learning, or any purpose other than operating the Service for you.
4. Google API Services
Spendlyfi uses the following Google APIs:
- Google OAuth 2.0 — to authenticate users and obtain permission to access their Google Drive
appDataFolder. - Google Drive API v3— to read and write expense data files in the user's own Google Drive
appDataFolderonly.
Spendlyfi's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In accordance with the Limited Use requirements:
- We only request the
drive.appdatascope, which limits our access to a single hidden folder in your Drive. We cannot read, modify, or delete any other files in your Google Drive. - We do not transfer your Google data to third parties.
- We do not use your Google data for serving advertisements or for any purpose unrelated to providing Spendlyfi's expense tracking features.
- We do not allow humans to read your Google Drive data unless you have explicitly given us permission to do so for support purposes, and only to the minimum extent necessary to resolve a specific issue.
5. Data Sharing and Disclosure
We do not sell, trade, rent, or transfer your personal information or expense data to any third parties, advertising networks, or data brokers.
We may disclose information only in the following limited circumstances:
- Legal obligations: If required by law, court order, or governmental authority.
- Protection of rights: To protect the rights, property, or safety of Spendlyfi, its users, or the public.
Because your financial data is stored in your own Google Drive and not on our servers, we have no technical ability to access or disclose it except through the same Google API access you have granted.
6. Data Retention and Deletion
Your expense data lives in your Google Drive for as long as you choose to keep it. You can delete your data at any time by:
- Deleting individual expenses or budget plans within the Spendlyfi app.
- Using the export and delete options in the Spendlyfi Settings page.
- Revoking Spendlyfi's access in your Google Account settings (Google Account → Security → Third-party apps with account access), which will automatically remove the
appDataFolderand all data stored within it.
Authentication session data (your name, email, and tokens) is held in a secure httpOnly browser cookie and expires when you sign out or the session expires. We do not retain this data after your session ends.
7. Security
We implement reasonable technical safeguards to protect the Service:
- Google OAuth access tokens are stored in httpOnly cookies, making them inaccessible to JavaScript and protecting against XSS attacks.
- All communication between the app and Google APIs is conducted over HTTPS.
- Your financial data is secured by Google's own infrastructure, which includes encryption at rest and in transit.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
Spendlyfi is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (see Section 6).
- Portability: Export your expense data as a CSV or ZIP archive from the Spendlyfi Settings page.
- Withdraw consent:Revoke Spendlyfi's Google Drive access at any time via your Google Account settings.
To exercise any of these rights, contact us using the form in Section 11.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via an in-app notice. Your continued use of Spendlyfi after any changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your data, please use our contact form. We will respond as promptly as possible.
See also: Terms of Service