Privacy Policy — Spendlens

1. Introduction

Strata Veritate (“Company,” “we,” “us,” or “our”) operates the Spendlens mobile application (“App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

We are committed to protecting your privacy and financial data. This policy is designed to comply with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and Apple’s App Store Review Guidelines.

Please read this Privacy Policy carefully. By using the App, you consent to the practices described herein. If you do not agree with this Privacy Policy, please do not use the App.

2. Information We Collect

2.1 Information You Provide Directly

Data Category	Examples	Purpose
Account Information	Name, email address, profile photo URL	Account creation, identification, communication
Financial Data	Transactions, amounts, merchants, categories, notes, budgets, savings goals, investment holdings, cost basis	Core app functionality — budgeting, tracking, analysis
Account Configuration	Preferred currency, language, notification preferences, theme settings, accessibility settings	Personalization and user experience

2.2 Information Collected Through Third-Party Services

2.2.1 Plaid (Bank Synchronization — Pro+Connect Only)

If you opt in to bank synchronization, Plaid, Inc. collects and provides us with:

Account names, types, and balances
Transaction history (amounts, dates, merchants, categories)
Account and routing number fragments (masked, for identification only)
Institution names and logos

We do NOT receive or store your bank login credentials. Plaid access tokens are stored exclusively on our server infrastructure (Firebase Cloud Functions with Google Secret Manager) and are never transmitted to or stored on your device.

For Plaid’s data practices, see: Plaid’s Privacy Policy

2.2.2 Firebase Services (Google)

Service	Data Processed	Purpose
Firebase Authentication	Email, auth provider identifiers, authentication tokens	Secure user identity management
Cloud Firestore	Plaid sync metadata, subscription state, Aperture connection metadata, promotional code records, analytics health metrics	Server-side data coordination
Firebase Cloud Functions	Plaid API proxy calls, subscription verification, Aperture connection management, market data proxy, push notification delivery	Secure server-side business logic
Firebase Analytics	Anonymized product usage events (feature interactions, screen views, session data)	Product improvement and performance monitoring
Firebase Crashlytics	Crash reports, device model, OS version, app version, stack traces	App stability monitoring and bug fixing
Firebase Cloud Messaging (FCM)	Device push tokens	Delivering push notifications
Firebase App Check	Device attestation tokens	Preventing abuse and unauthorized API access

Firebase Analytics and Crashlytics data are processed under Google’s data processing terms. We do not use Firebase Analytics for advertising or ad targeting.

2.2.3 Apple Services

Service	Data Processed	Purpose
iCloud (CloudKit)	Encrypted user financial data synced to your personal private CloudKit database	Cross-device sync (your data stays in your iCloud account)
StoreKit	Subscription status, transaction receipts, Apple ID account token	In-app purchase management
Sign in with Apple	Apple user identifier, optional name and relay email	Authentication
Apple Push Notification Service (APNs)	Device tokens, notification payloads	Local and remote notification delivery

2.3 Information Collected Automatically

Data Category	Details	Purpose
Device Information	Device model, operating system version, app version (via Crashlytics)	App compatibility and crash diagnosis
Usage Analytics	Feature usage patterns, session duration, screen views (anonymized via Firebase Analytics)	Product improvement
Performance Data	App launch times, error rates, crash frequency	Performance optimization

2.4 Information We Do NOT Collect

Advertising identifiers (IDFA): We do not use the Identifier for Advertisers.
Location data: We do not access or collect GPS, Wi-Fi, or cellular location data.
Contact lists: We do not access your contacts, call logs, or messages.
Biometric data: Biometric authentication (Face ID / Touch ID) is handled entirely by Apple’s LocalAuthentication framework on your device. We never receive, transmit, or store biometric templates or data.
Browsing history: We do not track your web browsing activity.
Microphone or camera data: The camera is accessed only when you explicitly initiate receipt scanning. Images are processed in-memory using Apple’s Vision framework for on-device OCR and are never saved, uploaded, or transmitted.

3. How We Use Your Information

3.1 Core Service Delivery

Providing personal finance tracking, budgeting, and analysis features
Synchronizing your data across your devices via your personal iCloud account
Processing and categorizing transactions
Generating financial forecasts, cash flow analysis, and net worth calculations
Managing your subscription and account

3.2 Service Improvement

Analyzing anonymized usage patterns to improve features and user experience
Monitoring app stability and fixing crashes and bugs
Measuring feature adoption to prioritize product development

3.3 Communication

Delivering push notifications you have enabled (budget alerts, bill reminders, goal milestones, etc.)
Sending service-related communications (subscription status, security alerts)

3.4 Security

Authenticating your identity
Preventing fraud and unauthorized access via Firebase App Check
Monitoring for suspicious activity

4. On-Device Processing and Machine Learning

A core architectural principle of Spendlens is data minimization through on-device processing.

4.1 On-Device Machine Learning

All machine learning features operate entirely on your device:

Transaction categorization — CoreML BERT models classify transactions locally
Smart recurring detection — Pattern recognition runs on-device
Merchant identification — Heuristic and ML-based merchant matching occurs locally
Receipt OCR — Apple Vision framework processes receipt images in-memory; images are never persisted or transmitted

No financial data is sent to any external machine learning service, including our own servers, for inference or model training.

4.2 On-Device Data Storage

Your primary financial data (transactions, budgets, accounts, goals, holdings) is stored on-device using Apple’s SwiftData framework with optional iCloud sync to your personal private CloudKit database. This data resides in your iCloud account and is subject to Apple’s privacy and security practices — we do not have server-side access to your CloudKit data.

5. Encryption and Security

5.1 Encryption at Rest

On-device: All local data benefits from iOS hardware-level encryption (Data Protection class). Sensitive items are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection.
Hierarchical key architecture: The App employs a Secure Enclave-backed root key → Key Encryption Key (KEK) → per-record Content Encryption Key (CEK) hierarchy for sensitive on-device data encryption using AES-256-GCM.
iCloud: Data synced via CloudKit is encrypted at rest by Apple using Apple’s iCloud encryption standards.
Server-side: Firestore data is encrypted at rest by Google Cloud’s default encryption. Plaid access tokens are stored in Google Secret Manager with additional server-side access controls.

5.2 Encryption in Transit

All network communications use TLS 1.2 or higher. App Transport Security (ATS) is enforced, ensuring no plaintext HTTP connections.

5.3 Aperture End-to-End Encryption

Data shared through the Aperture feature is protected by end-to-end encryption:

Key Agreement: P256 Elliptic Curve Diffie-Hellman (ECDH)
Symmetric Encryption: AES-256-GCM authenticated encryption
Key Storage: Private keys are stored in the iOS Keychain with device-only access (kSecAttrAccessibleWhenUnlockedThisDeviceOnly)
Zero-Knowledge Server: Our servers transport only ciphertext. We have no ability to derive the shared secret or decrypt Aperture data.

5.4 Plaid Security

Bank credentials are provided by you directly to Plaid and are never transmitted to or stored by us.
Plaid access tokens are stored in Google Secret Manager on our server infrastructure.
All Plaid API calls are proxied through Firebase Cloud Functions; no direct Plaid API communication occurs from your device.
When you remove a bank connection or delete your account, we programmatically revoke the associated Plaid access tokens.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or financial data to any third party. We do not share your data with advertisers. We do not engage in data brokerage.

6.2 Third-Party Service Providers

We share data with the following categories of service providers, solely to the extent necessary to operate the App:

Provider	Data Shared	Purpose
Plaid, Inc.	Bank connection tokens (server-side only)	Bank account synchronization
Google (Firebase/GCP)	Authentication data, anonymized analytics events, crash reports, Firestore documents, push tokens	Infrastructure, analytics, stability
Apple	Purchase receipts, subscription status, iCloud-synced data	App Store billing, iCloud sync
Yahoo Finance (via server proxy)	Stock ticker symbols (no personal data)	Market data retrieval

6.3 Aperture — User-Directed Sharing

When you use the Aperture feature, you direct us to make encrypted financial data available to your designated Trusted Contacts. This sharing is initiated and controlled entirely by you. We transport only encrypted ciphertext and cannot access the plaintext content.

6.4 Legal Obligations

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:

Comply with a legal obligation, subpoena, or court order;
Protect and defend the rights or property of Strata Veritate;
Prevent or investigate possible wrongdoing in connection with the App;
Protect the personal safety of users or the public.

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via in-app notice or email before your information becomes subject to a different privacy policy.

7. Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide you with the App’s services.

Data Type	Retention Period
On-device financial data (SwiftData)	Until you delete it or delete your account
iCloud-synced data (CloudKit)	Governed by your iCloud storage; deleted when you delete your account
Firestore server-side data	Until account deletion
Firebase Analytics data	Retained per Google’s standard analytics retention (up to 14 months)
Crashlytics reports	Retained per Google’s standard Crashlytics retention (90 days)
Plaid access tokens	Until you disconnect the bank or delete your account
Subscription records	For the duration of the subscription plus applicable legal retention periods
Push notification tokens	Until logout or account deletion

7.2 Deleted Accounts

When you delete your account, we execute a comprehensive data removal pipeline:

Firebase Authentication account — permanently deleted
Plaid connections — all access tokens are programmatically revoked and deleted
Firestore data — all user documents are permanently deleted
Local on-device data — all SwiftData records are purged
Encryption keys — all Keychain-stored keys (root key, KEK, Aperture private keys) are destroyed
Session state — all cached state and session tokens are cleared

Certain aggregated, de-identified data that cannot be used to identify you may be retained for analytical purposes.

7.3 Ephemeral Data

Receipt images captured for OCR scanning exist only in device memory during processing and are never persisted to disk, uploaded, or transmitted.

8. Your Rights and Choices

8.1 Access and Portability

You can view all your financial data within the App at any time. Pro subscribers can export transaction data via CSV export for data portability.

8.2 Correction

You can edit your transactions, accounts, budgets, goals, and profile information directly within the App at any time.

8.3 Deletion

You can:

Delete individual transactions, accounts, budgets, or goals within the App;
Delete your entire account and all associated data using the account deletion feature in Settings;
Request deletion by contacting us at the address below.

8.4 Notification Preferences

You have granular control over notifications. You can enable or disable individual notification categories (budget alerts, bill reminders, goal milestones, savings nudges, etc.) and configure Quiet Hours to suppress notifications during specified periods.

8.5 Bank Connection Management

You can disconnect individual bank connections at any time, which revokes the associated Plaid access token. You may also remove all bank connections simultaneously through account deletion.

8.6 Data Sharing (Aperture) Control

You can revoke Aperture data sharing with any Trusted Contact at any time, immediately terminating their access to your encrypted data.

8.7 Analytics Opt-Out

Firebase Analytics collects anonymized usage data. You may limit analytics collection by adjusting your device’s privacy settings under Settings > Privacy & Security > Analytics & Improvements.

8.8 Rights Under GDPR (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have the right to:

Access the personal data we hold about you;
Rectification of inaccurate personal data;
Erasure (“right to be forgotten”) of your personal data;
Restrict processing of your personal data;
Data portability — receive your data in a structured, machine-readable format;
Object to processing based on legitimate interests;
Withdraw consent at any time where processing is based on consent;
Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at the address below.

8.9 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose;
Delete your personal information;
Opt out of the sale of personal information (we do not sell personal information);
Non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at the address below.

9. Children’s Privacy

The App is not intended for use by children under the age of sixteen (16) or the minimum age of digital consent in the applicable jurisdiction, whichever is higher. We do not knowingly collect personal data from children below these age thresholds.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child below the applicable minimum age, we will take prompt steps to delete such data from our systems.

10. Cookies and Tracking Technologies

The App itself does not use cookies. Our website (spendlensapp.com) may use essential cookies for basic functionality. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. We do not participate in ad networks or programmatic advertising.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers maintain facilities (including Google Cloud regions for Firebase services). Where data is transferred internationally, we rely on standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms to ensure appropriate safeguards are in place.

12. Third-Party Links and Services

The App may contain links to third-party websites or services (e.g., your bank’s website, Apple’s subscription management). We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Updating the “Last Updated” date at the top of this policy;
Providing an in-app notification where practicable;
Sending an email notification for material changes that significantly affect how we handle your data.

Your continued use of the App after any modifications to this Privacy Policy constitutes acceptance of the updated policy.

14. Data Protection Officer

For privacy inquiries, data subject access requests, or to exercise any of your rights, contact our data protection team:

Strata Veritate — Data Protection
Email: security@spendlensapp.com
Website: https://spendlensapp.com/support

We will respond to all legitimate requests within thirty (30) days, or within the timeframe required by applicable law.

15. Contact Information

For general questions about this Privacy Policy, please contact us at:

Strata Veritate
Email: support@spendlensapp.com
Website: https://spendlensapp.com/support

By using Spendlens, you acknowledge that you have read, understood, and agree to the practices described in this document.