Your privacy matters. We collect only what's necessary to provide SpendNote, and we never sell your data to third parties.
1. Overview
SpendNote ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
We are based in the European Union and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose |
|---|---|
| Name & Email | Account creation & communication |
| Password (hashed) | Account security |
| Company name (optional) | Receipt customization |
| Receipt content | Service functionality |
| Payment information | Subscription billing (processed by Stripe) |
2.2 Information Collected Automatically
- Usage data: Features used, pages visited, actions taken
- Device information: Browser type, operating system, device type
- IP address: For security and fraud prevention
- Cookies: Session and preference cookies (see Section 8)
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process transactions and send related information
- Send administrative notifications and updates
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues and fraud
We do NOT: Sell your data • Use it for advertising • Share with third parties for marketing
4. Information Sharing
We share your information only in the following circumstances:
- Service providers: Third parties that help us operate the Service (hosting, payment processing, email delivery)
- Legal requirements: When required by law, legal process, or government request
- Business transfers: In connection with a merger, acquisition, or sale of assets
- With your consent: When you explicitly authorize sharing
Our Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Cloud hosting | Germany (EU) |
| Stripe | Payment processing | USA (Privacy Shield) |
| Postmark | Transactional email | USA (Privacy Shield) |
5. Data Security
We implement industry-standard security measures:
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access controls: Role-based access, principle of least privilege
- Monitoring: 24/7 security monitoring and intrusion detection
- Backups: Regular encrypted backups stored in EU data centers
- Password security: Passwords hashed using bcrypt with salt
6. Data Retention
We retain your data as follows:
- Active accounts: Data retained while account is active
- Cancelled accounts: Data available for export for 30 days, then permanently deleted
- Backups: Removed from backups within 90 days of deletion
- Legal requirements: Some data may be retained longer if required by law
7. Your Rights
Under GDPR and other privacy laws, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Withdraw consent: Withdraw consent for optional processing
To exercise these rights, contact us at privacy@spendnote.app.
8. Cookies
We use the following types of cookies:
- Essential cookies: Required for the Service to function (authentication, security)
- Preference cookies: Remember your settings and preferences
- Analytics cookies: Help us understand how you use the Service (anonymized)
You can manage cookie preferences in your browser settings. Disabling essential cookies may affect Service functionality.
9. Children's Privacy
SpendNote is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a prominent notice on the Service. Your continued use after changes become effective constitutes acceptance.
11. Contact Us
For privacy-related questions or concerns:
- Email: privacy@spendnote.app
- Data Protection Officer: dpo@spendnote.app
- Contact form: spendnote-contact.html
If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.