Spare FinanceBack to Home

Privacy Policy

Last updated: November 30, 2025

Introduction

Spare Finance is a product created by Maverick Bear Design, a Canadian company. At Spare Finance ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial management application and services.

Please read this Privacy Policy carefully. By using our services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Name and email address
  • Phone number (optional)
  • Profile picture or avatar URL (optional)
  • Payment and billing information

Financial Information

To provide our services, we collect and store:

  • Transaction data (amounts, dates, descriptions, categories, subcategories, tags, recurring patterns)
  • Account information (account names, types, balances, limits, credit limits, account numbers when applicable)
  • Budget and goal information (monthly budgets, savings goals, progress tracking, target amounts, priorities)
  • Investment data: securities (stocks, ETFs, bonds), holdings, positions, portfolio values, investment transactions (buys, sells, dividends, transfers), market prices, asset allocation
  • Debt tracking data: loan types, balances, interest rates, payment schedules, minimum payments, due dates, payment history, principal and interest paid
  • Bank account data (when connected via Plaid): account numbers (masked), transaction history, balances, account types, liability information (credit cards, loans)
  • Category learning data: historical transaction patterns used for AI-powered categorization suggestions
  • AI interaction data: queries, responses, and insights generated through AI features

Automatically Collected Information

When you use our services, we automatically collect:

  • Device information and identifiers
  • Usage data and analytics
  • IP address and location data
  • Cookies and similar tracking technologies

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your account
  • Sync bank account data through Plaid integration (ESSENTIAL and Pro plans)
  • Provide AI-powered category suggestions and financial insights using OpenAI
  • Manage household member accounts and permissions (Pro plan)
  • Calculate budgets, goals, investments, and debt tracking
  • Generate reports, analytics, and financial health scores
  • Send you important updates, notifications, and transactional emails via Resend
  • Respond to your inquiries and provide customer support
  • Monitor service performance and errors using Sentry
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms
  • Personalize your experience and provide relevant content
  • Track account usage and enforce subscription plan limits
  • Maintain security logs and audit trails for account actions

How We Share Your Information

We do not sell your personal or financial information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our platform, including:
    • Stripe: For payment processing and subscription management. We do not store payment card information - all payment data is handled by Stripe.
    • Plaid: For secure bank account connections (ESSENTIAL and Pro plans only). We only receive account information, transactions, and balances - we never access your bank credentials.
    • OpenAI: For AI-powered categorization and financial insights. Transaction data and patterns may be processed by OpenAI to generate category suggestions and insights. We do not share personally identifiable information with OpenAI beyond what is necessary for the service.
    • Sentry: For error tracking and performance monitoring. Error logs may include technical information about your use of the service, but we filter sensitive data before sending to Sentry.
    • Resend: For sending transactional emails (verification codes, password resets, notifications). Email addresses and basic account information are shared with Resend for email delivery.
    • Supabase: For database hosting, authentication, and cloud infrastructure. All your data is stored securely in Supabase's infrastructure.
    • Vercel: For application hosting and content delivery. Usage data and performance metrics may be collected by Vercel.
  • Household Members: If you are part of a household account (Pro plan), your financial data may be shared with other household members as configured. Each household member maintains separate financial data (transactions, accounts, budgets), but the account owner can view and manage all household members. You control which members have access to your household account.
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • With Your Consent: When you explicitly authorize us to share your information

Third-Party Services

We use trusted third-party services to provide certain features of our platform. These services have their own privacy policies and terms of service:

Stripe - Payment Processing

We use Stripe to process subscription payments. When you subscribe to our service:

  • We do not store or have access to your full payment card information
  • All payment data is securely processed and stored by Stripe
  • We only receive confirmation of successful payments and subscription status
  • Stripe handles all PCI-compliant payment processing

For more information about how Stripe handles your payment data, please reviewStripe's Privacy Policy.

Plaid - Bank Account Connection

We use Plaid to securely connect your bank accounts (available on ESSENTIAL and Pro plans). When you connect your bank account through Plaid:

  • Plaid securely authenticates your bank credentials using bank-level security
  • We only receive account information (account names, types, masked account numbers), transaction data (amounts, dates, descriptions, categories), balances, and liability information (for credit cards and loans) in real-time
  • We do not have access to your bank login credentials (username, password, PIN, or security questions)
  • Plaid uses bank-level encryption and security standards (SOC 2 Type 2 certified)
  • Transaction data is automatically synced and categorized using our AI-powered categorization system
  • We store Plaid access tokens to maintain your connection
  • You can disconnect your bank account at any time through your account settings, which will stop all data synchronization
  • When you disconnect, we retain historical transaction data that was already imported, but no new data will be collected

For more information about how Plaid handles your financial data, please reviewPlaid's Privacy Policy.

OpenAI - AI-Powered Features

We use OpenAI's API to provide AI-powered categorization and financial insights. When you use AI features:

  • Transaction descriptions and patterns may be sent to OpenAI to generate category suggestions
  • We do not send personally identifiable information (names, account numbers, exact amounts) to OpenAI
  • Transaction data is anonymized before processing by OpenAI
  • AI-generated suggestions are stored in your account for future reference
  • You can disable or ignore AI suggestions at any time
  • OpenAI may use data sent to their API to improve their services, but they do not use it to train models that serve other customers

For more information about how OpenAI handles data, please reviewOpenAI's Privacy Policy.

Sentry - Error Tracking and Monitoring

We use Sentry to monitor application errors and performance. When errors occur:

  • Technical error information (error messages, stack traces, performance data) may be sent to Sentry
  • We filter and remove sensitive data (passwords, payment information, account numbers) before sending to Sentry
  • Error logs help us identify and fix issues to improve the service
  • You can opt out of error tracking, though this may limit our ability to provide support

For more information about Sentry's data practices, please reviewSentry's Privacy Policy.

Resend - Email Delivery

We use Resend to send transactional emails (verification codes, password resets, notifications):

  • Your email address and basic account information are shared with Resend for email delivery
  • Resend processes emails on our behalf and does not use your information for their own purposes
  • You can unsubscribe from marketing emails, but transactional emails (verification, password resets) are required for account security

For more information about Resend's data practices, please reviewResend's Privacy Policy.

Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for data transmission (TLS 1.2+)
  • Secure data storage with encryption at rest
  • Row Level Security (RLS) at the database level to ensure data isolation between users and households
  • Secure authentication via Supabase Auth with password hashing and email verification (OTP)
  • Secure storage of sensitive tokens (Plaid access tokens)
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Compliance with financial data protection regulations (PIPEDA, GDPR, CCPA)
  • Bank credentials are never stored - all bank authentication is handled by Plaid
  • Household member data is isolated and only accessible to authorized members
  • Security logging and audit trails for account actions (blocks, suspensions, deletions)
  • Rate limiting to prevent abuse and unauthorized access
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Secure headers (HSTS, X-Frame-Options, X-Content-Type-Options) for additional protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

AI Categorization Data: Category learning data is stored locally within your account and is not shared with other users. The AI system analyzes only your own historical transaction patterns to provide personalized category suggestions. Transaction data sent to OpenAI is anonymized to protect your privacy.

Account Security: We maintain security logs and audit trails for account actions including blocks, suspensions, and terminations. This information is used for security purposes and compliance with our Terms of Service.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request access to your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Export your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Account Settings: Manage your privacy preferences in Settings

To exercise these rights, please contact us at legal@sparefinance.com or use the account settings in the application.

Data Retention

We retain your personal and financial information for as long as your account is active or as needed to provide our services. Specific retention periods:

  • Active Accounts: Data is retained while your account is active and needed for service provision
  • Account Deletion: Upon account deletion request, all data is permanently deleted immediately
  • Connected Services: When you disconnect Plaid, we retain historical data but stop collecting new data
  • Security Logs: Security and audit logs (including account blocks and suspensions) may be retained longer for security and compliance purposes
  • Legal Requirements: Data may be retained longer if required by law, regulation, or legitimate business purposes (e.g., tax records, dispute resolution)
  • Backup Data: Our database provider (Supabase) maintains automatic backups for disaster recovery. Backup retention is managed by Supabase according to their service terms (typically 7-30 days depending on the service plan). We do not maintain separate backup copies beyond the provider's automatic backup system

You can request immediate deletion of your data by contacting us at legal@sparefinance.com. We will process deletion requests in accordance with applicable data protection laws.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Your Rights Under Data Protection Laws

Depending on your location, you may have additional rights under data protection laws:

PIPEDA (Canada)

As a Canadian company, we comply with PIPEDA. You have the right to access, correct, and challenge the accuracy of your personal information. You may also file a complaint with the Privacy Commissioner of Canada if you believe we have violated your privacy rights.

GDPR (European Economic Area)

If you are located in the EEA, you have the right to: access your data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, object to processing, and withdraw consent. You may also lodge a complaint with your local data protection authority.

CCPA (California)

If you are a California resident, you have the right to: know what personal information is collected, access your personal information, delete your personal information, opt-out of the sale of personal information (we do not sell your data), and non-discrimination for exercising your rights.

To exercise any of these rights, please contact us at legal@sparefinance.com. We will respond to your request within 30 days (or as required by applicable law).

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Company: Maverick Bear Design (Canadian company)

Product: Spare Finance

Privacy & Legal: legal@sparefinance.com

Security: security@sparefinance.com

Support: support@sparefinance.com

For data protection inquiries, data subject access requests, or to exercise your privacy rights, please email legal@sparefinance.com with "Privacy Request" in the subject line.