Back

Privacy Policy

Effective February 27, 2026

At EndSpend, we're all about helping you understand (and laugh at) your spending habits without compromising your privacy. This policy explains what data we collect, how we use and protect it, and your choices. By using or signing up for EndSpend (even in beta/coming soon), you agree to these practices. If you don't agree, please don't use the app.

Information We Collect

We collect only the data necessary to deliver personalized spending insights, trends, and — of course — those spicy roasts.

  • Financial transaction data: When you connect your bank account via Stripe Financial Connections, we access transaction details like amounts, merchant names, dates, categories, and related metadata. Stripe securely handles your bank login credentials — we never see or store them. This powers the core magic of EndSpend.
  • Account information: Name, email address, and any other details you provide when signing up or updating your profile.
  • Usage and device data: How you interact with the app (e.g., features used, session duration), device type, OS, IP address, and approximate location (from IP, not precise geolocation).
  • AI-generated content: Insights, summaries, tips, and roasts created from your transaction data.

Categories of Personal Information (for California & Similar Laws)

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (e.g., name, email, IP address)
  • Commercial/financial information (e.g., transaction history, merchant details)
  • Internet or network activity (e.g., app usage, interactions)
  • Geolocation data (approximate, from IP)
  • Inferences drawn from the above (e.g., spending patterns, AI insights)

We do not collect sensitive personal information like precise geolocation, SSN, or biometric data beyond what's needed for account security.

How We Use Your Data

Your transaction data fuels our AI to deliver:

  • Personalized spending breakdowns, trends, and progress tracking
  • Smart tips to help you spend smarter
  • Entertaining roasts and commentary based on your patterns

We also use data to:

  • Improve the app and its features
  • Provide support and communicate with you
  • Detect fraud, abuse, or security issues
  • Comply with legal obligations

We do not sell your personal information. We do not use your data to train external AI models. Your data stays within EndSpend to serve you.

Data Sharing & Third Parties

We share data only as needed:

  • Service providers: Stripe (for bank connections — they never share your credentials with us), Firebase/Google Cloud (secure storage and backend), and our AI provider (for processing insights — data is not retained or used for their training).
  • Legal & safety: If required by law, subpoena, court order, or to protect rights/safety (e.g., fraud prevention).
  • Business transfers: In case of merger, acquisition, or sale of assets — your data would transfer with notice where required.

No sharing for marketing or behavioral advertising. Third parties are contractually bound to protect your data and use it only for the services they provide us.

Data Storage, Security & Retention

Data is stored on Firebase (Google Cloud) with industry-standard protections:

  • Encryption in transit (TLS 1.3+) and at rest (AES-256)
  • Logical isolation and access controls

We retain your data while your account is active. If inactive for over 24 months, we may delete it (with notice where possible). Upon account deletion (via app or email), we permanently remove your data within 30 days, except for limited records required by law (e.g., fraud logs).

International Data Transfers

EndSpend operates in the US. Data may be stored/processed in the US or other countries where Firebase operates. We rely on mechanisms like the EU-U.S. Data Privacy Framework (where applicable) to ensure adequate protections for international transfers.

Children's Privacy

EndSpend is not directed to children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from children. If we learn we've collected such data, we will delete it promptly. Contact us if you believe this has occurred.

Your Rights & Choices

You control your data:

  • Request access to, correction of, or a copy of your data
  • Delete your account and associated data (via app settings or email)
  • Disconnect your bank account to stop new transaction collection
  • Opt out of certain processing (though core features require transaction data)

For California residents (CCPA/CPRA rights): You have the right to know what personal information we collect/use/share, to delete it, to limit use of sensitive info (we don't collect much sensitive data), and to non-discrimination for exercising rights. Submit requests to company@devfall.com. We respond within 45 days (extendable if needed).

We may verify your identity before acting on requests.

Changes to This Policy

We may update this policy. Significant changes will be notified via email or in-app notice. Continued use after changes means you accept the updated terms. Check back periodically — last updated: February 27, 2026.

Contact Us

Questions, requests, or concerns? Email us at company@devfall.com. We're here to help (and promise no roasts in our replies).