Privacy Policy

Spendara ("we", "us") is a personal finance tracking service available at spendara.co.uk. This policy explains what personal data we collect, why we collect it, and your rights under UK GDPR.

1. Who we are

Spendara is operated as a sole trader based in the United Kingdom. If you have any questions about this policy or your data, contact us at: hello@spendara.co.uk

We are registered with the Information Commissioner's Office (ICO). ICO registration number: [ADD YOUR ICO NUMBER HERE]

2. What data we collect

• Email address — provided when you register
• Password — stored as a one-way hash (we cannot read your password)
• Financial data you enter — account names and balances, transactions, scheduled bills, income sources, savings rules, investments, and future events
• Usage events — anonymous records of which features you use (e.g. "viewed forecast"), stored as your internal user ID and an event name. No names, emails, or IP addresses are stored in analytics.
• Session cookie — a single essential cookie used to keep you logged in

We do not collect your IP address for tracking purposes, use advertising cookies, or sell your data to anyone.

3. Why we collect it and our lawful basis

• Account and financial data — necessary to provide the service you signed up for (lawful basis: contract)
• Usage events — to understand how the app is used and improve it (lawful basis: legitimate interests)
• Session cookie — essential for the app to function; without it you cannot stay logged in (lawful basis: legitimate interests)

4. Who we share your data with

We share data with the following third parties only as necessary to provide the service:

• Stripe (privacy policy) — payment processing. If you upgrade to Pro, Stripe stores your payment card details. We only receive a customer ID and subscription status.
• Brevo (privacy policy) — email delivery for account verification and password reset emails. Your email address is passed to Brevo solely to send these emails.
• Render (privacy policy) — cloud infrastructure. Your data is stored on Render's servers in their EU/US regions.

We do not share your data with any other third parties.

5. How long we keep your data

We keep your data for as long as your account is active. If you delete your account, all your data is permanently deleted immediately — including transactions, accounts, bills, income sources, and usage events.

Anonymous usage events are automatically deleted after 180 days regardless of account status.

6. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate data (you can do this directly in the app)
• Erasure — delete your account and all data via Settings → Danger → Delete Account
• Portability — download your transaction data as CSV via Settings → Danger → Export My Data
• Object — object to processing based on legitimate interests
• Restrict — request we restrict processing of your data

To exercise any of these rights, contact us at hello@spendara.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO.

7. Cookies

We use one essential cookie called session. It stores a random identifier that links your browser to your login session. It is not used for tracking or advertising. It expires after 24 hours of inactivity.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies.

8. Children

Spendara is not intended for use by anyone under the age of 16. We do not knowingly collect data from under-16s. If you believe a child has registered, please contact us and we will delete the account.

9. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last updated. Significant changes will be communicated by email.