Unspend
Get Started

Privacy Policy

Effective date: [Insert date]   |   Last updated: [Insert date]

Your privacy is important to us. At Unspend, we are careful about what data we collect, request the minimum access needed to run the product, keep information only as long as necessary, and aim to be clear about how personal information is collected, used, and shared.

This policy explains what we collect, why we collect it, how we use it, and the choices you have.

Who We Are and What This Policy Covers

Unspend connects to your email inbox (Gmail or Microsoft) and uses AI to identify invoice PDFs, then extracts invoice details so you can manage them inside Unspend (the “Services”).

This policy applies to information we collect when you use the Services, including connecting an email account and contacting support.

Information We Collect

We collect information only when needed to provide, secure, and improve the Services.

We collect data in three ways:

  1. Information you provide directly
  2. Information collected automatically
  3. Information received from connected third parties

Information You Provide to Us

Account information

  • Email address
  • Name and company name (if provided)
  • Login and security details needed to run your account

Billing information (if paid plans apply)

  • Billing contact details
  • Subscription status and invoices/receipts for payment

Payment card details are typically handled by payment processors and not stored directly by Unspend.

Communications

  • Messages and attachments you send to support
  • Replies and support notes

Information We Access From Your Email Inbox (With Your Permission)

Unspend uses OAuth to connect to Gmail or Microsoft. We do not ask for your email password. We request the minimum permissions needed for core features.

What we access

  • Email metadata (sender, recipient, date/time, subject)
  • Email content (only as needed to detect invoices)
  • Attachments (invoice PDFs)

Invoice PDFs are not stored

PDFs are processed transiently and deleted immediately after extraction. We may keep extracted invoice fields and minimal technical identifiers required for deduplication and sync health.

We do not use inbox data for advertising.

Reference: Google API Services User Data Policy and Microsoft API terms require least-privilege access and safeguards.

Information We Collect Automatically

  • Log data (IP, browser/device type, timestamps)
  • Usage data (features used, clicks, errors, performance metrics)
  • Approximate location inferred from IP address
  • Cookies/similar technologies for sessions, security, and basic analytics

How and Why We Use Information

  • Provide the Services: account setup, inbox connection, extraction, and in-app display
  • Maintain security and reliability: abuse prevention and troubleshooting
  • Improve the Services: performance, bug fixes, extraction quality
  • Communicate with you: support, billing, security, and product notices

AI Processing

Unspend uses automated processing (including AI) to detect invoice emails/PDFs and extract structured fields.

If third-party providers are used (e.g. infrastructure/model providers), they act as service providers and process data only for delivering Unspend Services.

Sharing Information

We share data only in limited circumstances:

  • Service providers helping us operate Unspend (hosting, monitoring, support, payments)
  • Legal/safety obligations where disclosure is reasonably necessary
  • Business transfers (e.g. merger, acquisition, asset sale)
  • With your direction (for example, when exporting data)
  • Aggregated/de-identified statistics that do not identify you

How Long We Keep Information

  • Invoice PDFs: not stored; deleted immediately after processing
  • Extracted invoice data: kept while your account is active unless deleted
  • Email connection tokens: kept while connected; invalidated when disconnected
  • Logs: retained for limited periods (for example, [30 days])

Backup deletion may take additional time due to rotation schedules.

Security

  • Encryption in transit (TLS)
  • Access controls (least privilege)
  • Monitoring and logging
  • Secure key/token storage practices

Your Choices

  • Disconnect Gmail/Microsoft access in Unspend
  • Revoke access in Google/Microsoft account settings
  • Request deletion of extracted invoice data
  • Close your account
  • Opt out of marketing emails (service-critical emails still apply)

Your Rights

Depending on location, you may have rights to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Receive a portable copy of your data

To exercise rights, contact us at hello@unspend.io. We may verify account ownership first.

International Data Transfers

Information may be processed in countries different from where you live. Where required, Unspend uses contractual and technical safeguards for cross-border transfers.

Changes to This Policy

We may update this policy from time to time. The “Last updated” date indicates the latest revision. If changes are material, we will take reasonable steps to notify you (for example, by email or in-app notice).

How to Reach Us

[Legal Entity Name]
[Registered Address]
Email: hello@unspend.io

Organized teams manage their subscriptions.
Plug the gaps now.