Privacy Policy
Effective date: 2026-04-27
Contact: privacy@spendawake.com
Plain-language summary
SpendAwake is a financial education and cash flow coaching app. We connect to your bank accounts through Plaid so we can show you where your money goes. We do not sell your data. We do not share your bank data with advertisers. You can delete your account and all your data at any time.
By using SpendAwake, you also agree to our Terms of Service.
1. What data we collect
Account data (auth)
- Email address and display name, collected when you sign up.
Bank and financial data (via Plaid)
- Account names and types (e.g., "Chase Checking").
- Account balances.
- Transaction descriptions, amounts, and dates.
- We never see or store your bank login credentials. Plaid handles authentication directly between you and your bank.
Usage data
- Screens you visit, features you use, and errors the app encounters. This helps us fix bugs and improve the product.
Device data
- Operating system, app version, and device type. Used for crash reporting and compatibility.
2. How we use your data
- Power the four-bucket cash flow breakdown (Fixed Costs, Guilt-Free Spending, Savings, Future You).
- Calculate your Weekly Pulse spending score.
- Categorize transactions automatically.
- Deliver behavioral nudges and educational lessons relevant to your spending patterns.
- Process your subscription through RevenueCat (Apple App Store or Google Play Billing).
We do not use your financial data to make automated decisions that legally affect you.
3. Third parties we share data with
We share data only with the services needed to run SpendAwake. We do not sell your data to anyone.
| Service | Purpose | What they receive |
|---|---|---|
| Plaid | Bank data aggregation | You connect your bank directly through Plaid. Your financial data flows through Plaid per their privacy policy (plaid.com/legal/end-user-privacy-policy). |
| Supabase | Authentication and database hosting | Your account data and financial data are stored in Supabase-managed infrastructure. |
| Sentry | Crash and error reporting | Error payloads only. We strip PII before sending to Sentry. |
| RevenueCat | Subscription billing | Your subscription status and platform purchase token. No bank data is shared. |
4. Your rights
Access your data: You can export your data in-app (Profile > Export My Data) or by emailing privacy@spendawake.com.
Delete your account: You can permanently delete your account in-app (Profile > Delete Account). Deletion removes all your data from our systems per the retention schedule below. This action is irreversible.
Correct inaccuracies: If your name or email is wrong, update it in Profile settings or email us at privacy@spendawake.com.
Opt out of analytics: If we add product analytics in the future, we will update this policy and provide an opt-out mechanism. Email privacy@spendawake.com with any questions.
5. Data retention
| Data type | Retention |
|---|---|
| Plaid bank data (accounts, transactions, balances) | Transaction history retained on a rolling 90-day window for active accounts (used for Weekly Pulse and cash flow analysis). Account connection data (account names, connection tokens) retained until you delete your account. All Plaid bank data deleted permanently 30 days after you request account deletion. |
| Auth data (email, name) | Deleted immediately upon account deletion request. |
| Usage and analytics data | Anonymized within 30 days. Anonymized aggregate data may be retained indefinitely. |
| Subscription billing records | Retained as required by Apple/Google platform policies and applicable tax law. |
6. California residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: You can request a copy of the personal information we have collected about you and how we use it.
- Right to delete: You can request deletion of your personal information (see Section 4 above).
- Right to opt out of sale: We do not sell your personal information. Ever.
- Right to non-discrimination: We will not discriminate against you for exercising these rights.
To exercise these rights, email privacy@spendawake.com with the subject line "CCPA Request."
7. EU/EEA residents (GDPR)
If you are located in the European Union or European Economic Area, you have the following rights:
- Right of access: Request a copy of your personal data.
- Right to rectification: Request correction of inaccurate personal data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data.
- Right to data portability: Request your data in a machine-readable format.
- Right to restriction of processing: Request that we limit how we process your data.
- Right to object: Object to processing based on legitimate interests.
Our legal basis for processing your financial data is performance of the contract (providing the SpendAwake service you signed up for). To exercise your rights, email privacy@spendawake.com.
8. GLBA
SpendAwake is not a bank or traditional financial institution. We are committed to protecting your financial information and apply security standards consistent with financial data handling best practices. If you have questions about how your data is protected, contact privacy@spendawake.com.
9. Security
- All data is encrypted in transit (TLS) and at rest (AES-256).
- Plaid access tokens are stored encrypted. We never store your bank username or password.
- Financial data is never written to application logs.
- We apply industry-standard security controls, including encryption of data in transit and at rest, with a roadmap toward third-party security certification.
10. Children
SpendAwake is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, email privacy@spendawake.com.
11. Changes to this policy
We will notify you of material changes to this policy via in-app notice or email at least 14 days before the change takes effect.
12. Contact
Questions, requests, or concerns about your privacy:
Email: privacy@spendawake.com
We aim to respond within 5 business days.
For security practices and data retention schedules, contact privacy@spendawake.com.
Last updated: April 27, 2026