Privacy Policy
Last updated: July 2026 · Draft pending counsel review before public launch
What we collect — and what we don't
Spendkin never asks for, stores, or transmits your bank credentials. There is no bank linking. We collect: your email address (to sign you in), the transactions you record or capture, and the text of alerts/receipts you choose to send us through a capture channel you explicitly enabled.
We do not collect your contacts, location, browsing history, or photos. Receipt images are processed on your device; only the extracted text reaches our servers.
Capture channels are opt-in, individually
- Notification capture (Android): reads notifications only from apps you select. Enable or disable any time in Settings.
- Ingest email: only mail sent to your personal @in.spendkin.com address is processed. Rotate the address any time.
- Share & photo import: processed only when you explicitly share or pick an image.
How parsing works
Captured text is sent to our servers and converted into a structured transaction by an AI model (Anthropic Claude, under a no-training, zero-retention API configuration). The raw text is kept for a maximum of 30 days (so you can re-process mistakes), then permanently deleted. The structured transaction remains until you delete it.
Your rights
- Export everything from Settings at any time (JSON + CSV).
- Delete your account in-app; all data is permanently erased after a 72-hour grace period.
- GDPR/CCPA requests: hello@spendkin.com.
Processors
Hosting provider, Cloudflare (inbound email), Anthropic (parsing), Google (push delivery), Apple/Google (sign-in, billing), RevenueCat (subscription state). We sell data to no one and run no ads.