Back to Home

Privacy Policy

Last updated: December 2025

Overview

SpendStory ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our spending analysis service.

Disclaimer

SpendStory is an entertainment service that provides spending insights and narratives. We are not financial advisors, and nothing in our service constitutes financial, investment, tax, or legal advice. The insights provided are for informational and entertainment purposes only. Always consult qualified professionals for financial decisions.

Information We Collect

When you connect your bank account through Plaid, we receive read-only access to:

  • Transaction history (merchant names, amounts, dates, categories)
  • Account information (account name and type)

We cannot: Move money, make payments, or access your login credentials. Plaid uses bank-level encryption and never shares your credentials with us.

How We Use Your Information

Your transaction data is used solely to:

  • Generate your personalized spending narrative using AI
  • Create visualizations and insights about your spending patterns
  • Provide the SpendStory experience you requested

Data Retention

We do not permanently store your financial data. Your transaction information is processed in real-time to generate your spending story and is not retained on our servers after your session ends. We do not build profiles or maintain databases of user financial information.

Third-Party Services

We use the following third-party services:

  • Plaid: To securely connect to your bank and retrieve transaction data. Plaid's privacy policy is available at plaid.com/legal
  • Anthropic: To power the AI that generates your spending narrative. Transaction data sent to the AI is not used to train models.

Data Security

We implement industry-standard security measures including 256-bit encryption for data in transit. All connections to financial institutions are secured through Plaid's bank-level security infrastructure.

Your Rights

You have the right to:

  • Disconnect your bank account at any time through your bank's settings or Plaid portal
  • Request information about what data we've accessed
  • Request deletion of any data associated with your use of our service

Age Requirement

SpendStory is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use this service or provide any information. If we learn that we have collected personal information from a user under 18, we will promptly delete that information.

Cookies and Tracking

We use minimal cookies and similar technologies strictly for essential functionality:

  • Session cookies: To maintain your session while using the service
  • Plaid cookies: Required for the bank connection flow

We do not use advertising cookies or sell your data to third parties for marketing purposes.

Do Not Track

We honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we do not engage in any tracking beyond what is strictly necessary to provide the service.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request disclosure of the categories and specific pieces of personal information we collect
  • Right to Delete: You can request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Opt-Out: We do not sell personal information, so this right does not apply

To exercise these rights, contact us at info@spendstory.app. We will respond to verifiable requests within 45 days.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:

  • Legal Basis: We process your data based on your explicit consent when you connect your bank account
  • Right of Access: You can request a copy of your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data
  • Right to Restrict Processing: You can request we limit how we use your data
  • Right to Data Portability: You can request your data in a portable format
  • Right to Object: You can object to our processing of your data
  • Right to Withdraw Consent: You can withdraw consent at any time by disconnecting your bank account

To exercise these rights, contact us at info@spendstory.app. You also have the right to lodge a complaint with your local data protection authority.

International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and third-party service providers are located. By using SpendStory, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes arising from this policy will be resolved in the state or federal courts located in Delaware.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at info@spendstory.app.