Effective date: July 15, 2026
This Privacy Policy explains how Auraleth Lab, LLC ("Auraleth," "we," "us"), the company that operates SpendSentry (the "Service"), collects, uses, and shares your personal information. SpendSentry is offered only to users in the United States.
Who we are
The Service is provided by Auraleth Lab, LLC, a Delaware limited liability company. For privacy questions or to exercise your rights, contact us at privacy@spendsentry.app or by mail at:
Auraleth Lab, LLC 1111B S Governors Ave, Suite 53365, Dover, DE 19904
Information we collect
Account information. Your email address and authentication details when you create an account.
Billing information. When you subscribe, our payment processor (Stripe) handles your card details. We do not store full card numbers. We receive and store limited billing data such as your Stripe customer ID, plan, and payment status.
Subscription data you provide. The subscriptions you add manually, including provider name, amount, and billing cadence.
Email-scan data (if you connect an email account). With your permission, we connect to Gmail or Outlook using read-only access scoped to find subscription-related messages. We extract structured details (sender, subject, date, amount, and cadence) and do not store the full contents of your emails. The access tokens that let us connect are encrypted.
Statement-scan data (if you upload a statement). When you upload a bank or card statement, we process it to detect subscriptions. The file is stored only transiently in a private, encrypted bucket between upload and processing, then deleted; for PDF statements we send the extracted text to our AI sub-processor to read the transactions. We derive structured details (merchant, amount, cadence) into your subscription list and never store the raw statement file durably — its contents never enter our database.
Usage and device data. How you interact with the Service (screen views, taps, and similar events), and basic device information. The SpendSentry mobile app does not collect advertising identifiers and does not track you across other companies' apps or websites.
Funnel and marketing data. Answers you give in our pre-purchase quiz (anonymous until you purchase), and marketing attribution data such as UTM parameters and ad-platform click identifiers.
How we use your information
- To provide and operate the Service, including detecting subscriptions and delivering AI features.
- To process your subscription and payments.
- To measure and improve our marketing and the product.
- To send you transactional and account-related messages.
- To provide support and respond to your requests.
- To detect and prevent fraud and abuse, and to comply with legal obligations.
How we share your information
We do not sell your personal information for money. We share information with service providers who process it on our behalf, including:
- Stripe — payment processing.
- Supabase — hosting and authentication.
- Anthropic and Tavily — AI features, including reading the text of uploaded PDF statements to detect subscriptions; only the minimum information needed is sent, under contractual no-training and zero-data-retention terms. CSV/OFX statements are parsed locally and are never sent to any AI provider.
- PostHog — product analytics.
- Sentry — error and crash diagnostics.
- Resend — transactional email.
- Inngest — background job processing.
- Google and Microsoft — when you connect an email account, to provide read-only access to your messages so we can detect subscriptions (see "Google and Microsoft email data — Limited Use" below).
- Meta, TikTok, and Google — on our marketing website only (the pre-purchase quiz and checkout at spendsentry.app), for advertising measurement we may share *hashed* identifiers (such as a hashed email) so these platforms can attribute conversions. We do not send them your raw email or your subscription data, and we never use data obtained from your connected email account or an uploaded statement for advertising. The SpendSentry mobile app contains no advertising or attribution SDK and shares nothing with these platforms.
We may also disclose information to comply with law, enforce our Terms, or protect our rights and users.
Business transfers. If Auraleth Lab is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of some or all of its assets, your information may be transferred as part of that transaction. Any successor will be bound by commitments at least as protective as this Privacy Policy, and we will notify you (for example, by email or in the app) of any transaction that changes who is responsible for your information.
Aggregated and de-identified data. We may create aggregated or de-identified information (for example, statistics about average subscription spending) that can no longer reasonably be linked to you. We may use and retain such information for any lawful purpose, including after you delete your account, and we commit to maintaining it in de-identified form and not attempting to re-identify it.
Under U.S. state privacy laws, sharing identifiers with advertising platforms for cross-context behavioral advertising may be considered "sharing." You can opt out — see "Your choices" below.
Google and Microsoft email data — Limited Use
When you connect a Gmail or Outlook account, we access your messages using read-only scopes (Google gmail.readonly; Microsoft Graph Mail.Read) solely to detect the subscriptions you are paying for. Our handling of that data is governed by these additional commitments:
- Limited to the feature. Information obtained through these scopes is used only to provide and improve SpendSentry's subscription-detection and monitoring features.
- Never for advertising. This data is never used for advertising and is never shared with advertising platforms (including Meta, TikTok, or Google's advertising products).
- Not read by humans. No human reads your messages, except where necessary for security or abuse investigations, to comply with applicable law, or with your explicit consent.
- Never used to train AI models. This data is not used to train generalized or third-party AI models. Message content is processed transiently in memory to extract structured subscription details and is then discarded — we never store the full contents of your emails.
- Sub-processors. We rely on Google and Microsoft to provide the connection, and on Anthropic, which sees message content transiently during extraction under contractual no-training and zero-data-retention terms. These are the only processors of your email-derived data.
- Deletion and revocation. When you disconnect an email account or delete your SpendSentry account, we revoke the access token at the provider and delete the subscription details we derived from your messages. Because we never store raw message content, there is no raw email to delete.
SpendSentry's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Your choices and rights
Depending on your state of residence (for example, California, Colorado, Connecticut, Texas, Virginia, and others), you may have the right to:
- Know what personal information we collect and how we use it.
- Access or request a copy of your information.
- Correct inaccurate information.
- Delete your information.
- Opt out of the "sale" or "sharing" of your information for targeted advertising.
- Not be discriminated against for exercising these rights.
To make a request, email privacy@spendsentry.app, or use the "Do Not Sell or Share My Personal Information" control where provided. We will verify your request before acting on it. If we decline to act on your request, you may appeal our decision by replying to our response with the word "Appeal," and we will respond within the period your state's law requires.
Do Not Track and opt-out preference signals. There is no settled industry standard for browser "Do Not Track" signals, and we do not respond to them. Where required by law, we treat recognized opt-out preference signals, such as Global Privacy Control (GPC), as a request to opt out of the "sale" or "sharing" of your information.
Data retention
- Account and subscription data: kept while your account is active, and deleted within 30 days after you request account deletion.
- Email-scan data and access tokens: kept while your account is active, and deleted within 30 days after you request account deletion.
- Uploaded statements: the raw file is deleted as soon as processing completes (typically within seconds); an automated sweep deletes any leftover within approximately 30 minutes. We retain only the derived subscription entries, which you can delete in the app.
- Billing records: retained as required for financial and legal recordkeeping.
- Diagnostics (error and crash data): retained for a limited period and then deleted.
You can delete your account and data from the app (Settings → Account → Delete account) or by request. See How to delete your account for the full process.
Security
We protect your information with encryption in transit and at rest, encrypted storage of email access tokens, access controls on our databases, and rate limiting on our interfaces. No method of transmission or storage is completely secure, but we work to protect your information.
Third-party links and services
The Service may link to third-party websites and services we do not operate — for example, a subscription provider's cancellation or account page. This Privacy Policy does not cover those services, and we are not responsible for their privacy practices. Review the privacy policy of any third-party service you visit.
Children's privacy
SpendSentry is for adults 18 and older. We do not knowingly collect information from anyone under 18. If we learn we have, we delete it.
Users outside the United States
SpendSentry is intended only for users in the United States. We do not offer the Service to, or knowingly collect information from, individuals in the European Union, the United Kingdom, or other regions outside the U.S. Please do not use the Service if you are located outside the United States.
Changes to this policy
We may update this Privacy Policy. The "Effective date" above reflects the latest version, and we will notify you of material changes (for example, by email or in the app).
Contact us
Auraleth Lab, LLC 1111B S Governors Ave, Suite 53365, Dover, DE 19904 Email: privacy@spendsentry.app