SpendTalk — Privacy Policy
Last updated: 6 July 2026
This Privacy Policy explains what data SpendTalk ("the app", "we", "us") collects, why, and your rights over it. SpendTalk is a money manager: your financial records live primarily on your device, and some features send data to our servers only when you choose to use them.
The data controller is Yevhenii Yusenkov. For any privacy question or request, contact us at yevhenii.yusenkov@gmail.com.
1. Data we collect
- Account information — only if you create an account or sign in. Your email address, and if you sign in with Google or Apple, the identifier and email those services return to us. Passwords are stored only as salted hashes, never in plain text.
- Your financial data — the records, items, budgets and balances you create. This is stored on your device. If you sign in to sync, a copy is also stored on our servers so it is available across your devices.
- Content you submit for AI processing — when you add an entry by voice, photo/scan or text, the audio clip, image/PDF or text you provide is sent to our servers and processed by Google's Gemini AI to extract the transaction details. It is used only to provide that feature and is not used to train AI models.
- Purchase information — if you subscribe, the purchase is handled by Google Play or Apple and managed through RevenueCat, which receives a random app-user identifier and your subscription/entitlement status. We never receive your full card or payment details.
- Usage analytics — anonymous, non-identifying product analytics via PostHog (which features are used, funnels, AI-quality metrics), tied to a random identifier. It does not include your account email or your financial data.
- Diagnostics & crash data — via Sentry: crash reports and error diagnostics such as device model, OS version and stack traces, used to find and fix bugs.
- Device identifiers — a random device identifier and a service token stored securely on your device to authenticate requests.
2. Device permissions
The app requests these only when you use the matching feature:
- Microphone — to record a short clip when you add an entry by voice.
- Camera and photo library — to capture or select a receipt to scan.
- Internet — to sync, process AI captures, and manage subscriptions.
3. How we use your data
- Create and authenticate your account and sync your data across devices.
- Extract transaction details from your voice, photo or text captures.
- Provide and manage subscriptions.
- Send transactional emails (email verification, password reset).
- Understand product usage and improve the app (analytics).
- Detect, diagnose and fix crashes and errors, and keep the service secure.
4. Legal bases (GDPR / UK GDPR)
- Performance of a contract — account, sync, AI capture and subscriptions.
- Legitimate interests — analytics, diagnostics and security, balanced against your rights.
- Consent — where required (e.g. device permissions), which you can withdraw at any time.
5. Third-party services (sub-processors)
We share the minimum data needed with these providers:
| Provider | Purpose |
|---|---|
| Google (Gemini AI, Sign-In, Play Billing) | AI extraction, sign-in, purchases |
| Apple | Sign in with Apple, App Store purchases |
| RevenueCat | Subscription management |
| PostHog | Anonymous product analytics |
| Sentry | Crash and error diagnostics |
| Resend | Transactional email delivery |
| Railway | Server hosting |
We do not sell your personal data.
6. International data transfers
Some of the providers above are located in the United States, so your data may be processed there. Where required, such transfers rely on appropriate safeguards (such as the providers' Standard Contractual Clauses).
7. Data retention
- Account and synced data — kept until you delete your account, then removed from our servers.
- Data stored only on your device — kept until you delete it or uninstall the app.
- AI capture content — processed to provide the feature and not retained beyond what is needed for that.
- Analytics and diagnostics — kept for a limited period, then deleted or aggregated.
8. Security
Data is transmitted over encrypted connections (HTTPS). Passwords are stored as salted hashes, and device credentials are kept in the platform's secure storage. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.
9. Your rights
Subject to applicable law, you may request to access, correct, delete, restrict or export your personal data, and object to certain processing. You can request deletion of your account and its server-side data at any time by contacting us at yevhenii.yusenkov@gmail.com. EU/EEA and UK users also have the right to lodge a complaint with their local data protection authority.
10. Children
SpendTalk is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, notifying you in the app.
12. Contact
Questions or requests: yevhenii.yusenkov@gmail.com.