Spendli Privacy Policy

Last updated: April 25, 2026

1. Data We Store

On your device only:

• Expense Data: Transaction amounts, merchant names, dates, categories, payment methods, and notes. All stored locally on your device. If you enable backup, this data is encrypted (AES-256-GCM) before leaving your device.
• Receipt Images: Photos of receipts you scan are processed and stored on your device. They are never uploaded to our servers. If you use Managed AI, only the extracted text (not the image) is sent to our cloud function.
• Trip Information: Trip names, destinations, dates, and budgets. Stored locally on your device.

On our servers (Firebase):

• Account Information: Email address, phone number, and display name for authentication and profile identification. Name, email, and phone are encrypted on your device before being stored.
• Shared Room Data: Room names, member lists, expenses, and settlement records for collaborative rooms. Room names and member names are encrypted.
• Split Data: Split names, participant details, and payment status for shared expense splits.
• Payment Identifiers (region-specific): If you are in a UPI-supported region (e.g. India), you may optionally save your UPI ID for receiving split payments. In the US/Canada, payments are facilitated via deep links to third-party apps (Venmo, Cash App, Zelle) — Spendli does not collect or store your payment credentials for these services.

2. How We Protect Your Data

• Client-Side Encryption: All personally identifiable information (PII) — including your name, email, phone, and payment identifiers — is encrypted with AES-256-GCM on your device before being stored in our cloud database. We cannot read your personal data in plaintext.
• Encryption Key Management: Your encryption key is protected by Google Cloud KMS. On a new device, it is securely recovered after authentication.
• Backup Encryption: All backups (iCloud, Google Drive, or managed cloud) are encrypted with AES-256-GCM using a device-derived key.
• Transit Encryption: All data in transit uses HTTPS/TLS.
• Keychain Storage: Sensitive credentials (API keys, authentication tokens) are stored in the iOS Keychain with hardware-backed encryption.

3. Third-Party Services

• Firebase (Google): Authentication, cloud database (Firestore), cloud storage, push notifications, and cloud functions. Firebase encrypts data at rest with Google-managed keys. See Firebase Privacy.
• Frankfurter / ExchangeRate-API: Currency exchange rates. No personal data is sent — only currency code queries.
• AI Providers (optional): If you configure BYOK (Bring Your Own Key) AI, your expense descriptions and receipt images are sent to your chosen provider (Anthropic, OpenAI, Groq, etc.). If you use Managed AI, requests are proxied through our cloud function to Google Gemini. On-device AI (iOS 26+) processes everything locally.
• Apple Speech Recognition (Voice Add): When you use Voice Add, your spoken audio is sent to Apple's speech recognition servers for transcription and is governed by Apple's Privacy Policy. The audio recording itself is kept only on your device for the duration of the Voice Add session (so you can play it back) and is deleted as soon as you reset, save, or close the sheet. The resulting transcript is then handled by your selected AI processor above.
• Google Sign-In: If you sign in with Google, your Google profile name, email, and photo URL are used for account creation.

4. Firebase Authentication Data

Firebase Authentication stores your email and/or phone number in Google's infrastructure for sign-in purposes. This data is managed by Google and protected by their SOC 2 Type II and ISO 27001 certified infrastructure. We have removed display names from Firebase Auth to minimise PII exposure — your name is stored only in our encrypted Firestore database.

5. Data You Can Export

Under GDPR Article 20, you have the right to data portability. You can export all your data at any time:

Settings → Privacy → Export My Data

This generates a ZIP file containing all expenses (JSON + CSV), categories and budgets, trip history, and profile settings. All encrypted fields are decrypted before export so you receive readable data.

6. Data Deletion

You can delete your account and all associated data at any time:

Settings → Delete Account

This permanently removes your Firestore profile and all subcollections, your Firebase Auth account, your handle (marked disabled to prevent reuse), and all notification history. Local data (Core Data) remains on your device until you uninstall the app.

7. Location Data

Spendli does NOT request location permissions. Travel mode uses timezone detection to auto-activate trips — no GPS data is collected or stored. Country-level region information is derived from your device's locale settings.

8. Analytics & Tracking

Spendli does not use any third-party analytics SDKs. We do not track your behaviour, serve ads, or share data with advertisers. Firebase Analytics is not enabled in this app.

9. Children's Privacy

Spendli is not directed at children under 13. We do not knowingly collect data from children.

10. Contact

For privacy questions or data requests, contact:
customer.support@microvernitech.com

Data Controller: Microvernitech

© 2026 Microvernitech. All rights reserved.