Privacy Policy

PrecisionSpend ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at precisionspend.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

Information you provide directly:

• Account registration details (name, email address, password)
• Financial data you enter (transactions, budgets, income sources, categories)
• Payment information processed securely through Stripe (we do not store card numbers)
• Communications you send to our support team

Information collected automatically:

• Server logs from our hosting provider (IP address, browser type, request timestamps), used only for security and abuse prevention
• Essential cookies required for authentication (see Section 9)

We do not use analytics, advertising, or third-party tracking scripts.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related information (receipts, invoices)
• Send transactional and administrative emails (account alerts, security notices)
• Respond to support requests and improve customer service
• Comply with legal obligations
• Detect, prevent, and address technical issues or security threats

We do not use your financial data to train AI models or share it with advertisers.

We do not sell or share your personal information, including for cross-context behavioural advertising. The service providers below process your data only to deliver their service to us (under contract, never for their own purposes), which is not a “sale” or “share” under privacy law. We disclose your information only in these limited circumstances:

• Service providers: Trusted third parties who assist in operating the Service (e.g. Supabase for database hosting and authentication, Stripe for payment processing, Vercel for hosting, Resend for transactional email). These parties are contractually bound to keep your data confidential.
• Legal requirements: When required by law, court order, or governmental authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
• With your consent: In any other case, only with your explicit prior consent.

We implement industry-standard security measures to protect your information:

• All data is encrypted in transit using TLS 1.2+ (HTTPS)
• Data at rest is encrypted using AES-256
• Passwords are hashed using bcrypt with a unique salt
• Access to production databases is restricted to authorised personnel only
• Security headers enforced on all pages (CSP, HSTS, X-Frame-Options, etc.)
• Regular security audits and dependency updates

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. We will notify affected users within 72 hours of discovering a data breach.

We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us at hello@precisionspend.com.

After account deletion, we may retain anonymised, aggregated data for analytical purposes. Certain information may be retained for up to 7 years where required by law (e.g. financial records for tax purposes).

We extend the following rights to all users, wherever you live, not only where the law requires it:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Request a machine-readable export of your data
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

These rights reflect protections under Canada's PIPEDA, the California Consumer Privacy Act (CCPA/CPRA) and similar U.S. state laws, and the EU/UK GDPR, and we honour them for everyone, regardless of where you live. Because we do not sell or share your personal information, no “Do Not Sell or Share” action is needed on your part.

To exercise any of these rights, contact us at hello@precisionspend.com. We will respond within 30 days (or sooner where the law requires).

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided us with their data, please contact us immediately and we will delete it promptly.

We use cookies and similar technologies to:

• Essential cookies: Required for authentication and session management. Cannot be disabled.
• Preference storage: Local browser storage for your settings (e.g. currency selection). Not transmitted to our servers.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

We rely on a small set of trusted providers to operate the Service. Each processes only the data needed for its function, under its own privacy policy:

PrecisionSpend is operated from Canada. Our service providers (see Section 10) may store and process data in the United States, the European Union, and other regions. Where data is transferred outside your jurisdiction, we rely on appropriate safeguards (such as our providers' Standard Contractual Clauses and equivalent mechanisms) to protect it.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may contact us for more information about the safeguards we use.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice in the app at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

If you have any questions about this Privacy Policy, please contact us: