Privacy
Privacy Policy
Effective date: May 31, 2026
This Privacy Policy explains how BEHvolve Technologies processes personal data when you use SpendCheck.
1. Who is responsible
SpendCheck is operated by BEHvolve Technologies. For privacy questions, access requests, deletion requests, or support, contact support@spendcheckapp.com.
2. Data we collect
| Category | Examples |
|---|---|
| Account data | Name, email address, password hash, account creation date, login/session metadata. |
| Legal acceptance data | Terms version, Privacy Policy version, acceptance timestamp, IP address, and user agent. |
| Uploaded statement data | PDF statements during processing, statement file names, extracted transactions, categories, totals, and summaries. |
| Saved analysis data | Analysis type, result JSON, statements/month labels, total spend, currency, category breakdowns, subscriptions, irregular transactions, and daily totals. |
| Credits and payment data | Credit balance ledger, purchased Credits, voucher redemptions, Stripe checkout session IDs, payment status, amount, currency, and timestamps. |
| Technical data | IP address, browser/device information, security logs, API request metadata, and error logs. |
| Support data | Messages you send to support and information needed to answer your request. |
3. How we use data
- To create and secure your account.
- To process uploaded PDFs and generate Basic or Detailed analyses.
- To save analysis results to your account so you can view them later.
- To manage Credits, vouchers, purchases, refunds, and payment records.
- To send password reset emails and respond to support requests.
- To prevent fraud, abuse, unauthorized access, and misuse of the service.
- To comply with legal, tax, accounting, and regulatory obligations.
- To improve app reliability, security, and product quality.
4. Legal bases for processing
Where GDPR or similar laws apply, we rely on the following legal bases:
- Contract: to provide accounts, Credits, analyses, saved results, and support.
- Legitimate interests: to secure, debug, improve, and protect SpendCheck.
- Legal obligation: to keep required payment, tax, accounting, and compliance records.
- Consent: only where we specifically ask for optional consent, such as marketing or non-essential cookies.
5. PDFs and AI analysis
Raw PDF statements are uploaded to SpendCheck's backend for analysis. SpendCheck uses Anthropic's Claude API to help parse and summarize statement data. PDFs are processed in memory during the request and are not intentionally stored by SpendCheck after the analysis completes.
Anthropic may process and retain API inputs and outputs according to its commercial API data retention terms and account settings. Anthropic's API documentation states that retained API data is not used for model training unless the customer expressly permits it.
Saved analysis results may include financial transaction details extracted from the PDFs, such as merchant names, amounts, categories, dates, totals, recurring charges, and AI summaries. Do not upload documents you are not comfortable having processed for this purpose.
6. Service providers
We use trusted providers to operate SpendCheck. They process data only as needed to provide their services to us.
| Provider | Purpose |
|---|---|
| Supabase | Database hosting, account data, saved analyses, Credits, vouchers, and admin views. |
| Anthropic | AI document analysis and generation of spending summaries. |
| Stripe | Payment processing, checkout, payment status, and refund handling. |
| Netlify | Frontend hosting and delivery. |
| Fly.io | Backend hosting and API delivery. |
| Email provider | Password reset and support-related email delivery. |
7. International transfers
SpendCheck and its providers may process data in countries other than where you live. Where required, transfers are protected using appropriate contractual, technical, and organizational safeguards.
8. Retention
| Data | Typical retention |
|---|---|
| Raw PDFs | Processed during analysis and not intentionally stored by SpendCheck after completion. |
| Account and saved analysis data | Kept while your account is active, unless deleted earlier or required longer by law. |
| Credits, payments, vouchers, and refunds | Kept as needed for accounting, tax, fraud prevention, and legal obligations. |
| Password reset tokens | Expire after the standard reset period and may be kept briefly for security auditing. |
| Support messages | Kept as long as needed to handle the request and maintain business records. |
9. Cookies and local storage
SpendCheck uses necessary browser storage for login sessions, selected app state, and local app functionality. Advertising cookies and behavioral marketing trackers are not part of the service. Non-essential cookies are used only with consent where required.
10. Security
We use technical and organizational safeguards such as password hashing, access controls, TLS in transit, service keys restricted to the backend, and database row-level security patterns. No online service can be guaranteed completely secure.
11. Your rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may also have the right to complain to a data protection authority.
To make a request, email support@spendcheckapp.com. We may need to verify your identity before acting on a request.
12. Children
SpendCheck is not intended for children. You must be at least 18 years old, or the age of majority where you live, to buy Credits.
13. Changes
We may update this Privacy Policy as SpendCheck evolves. If changes are material, we will take reasonable steps to notify users or request renewed acknowledgement where appropriate.