Unspend

Privacy Policy

Effective date: March 14, 2026   |   Last updated: April 8, 2026

Your privacy is important to us. At Unspend, we are careful about what data we collect, request the minimum access needed to run the product, keep information only as long as necessary, and aim to be clear about how personal information is collected, used, and shared.

This policy explains what we collect, why we collect it, how we use it, and the choices you have.

Who We Are and What This Policy Covers

Unspend connects to your email inbox (Gmail or Microsoft) and uses AI to identify invoice PDFs, then extracts invoice details so you can manage them inside Unspend (the "Services").

This policy applies to information we collect when you use the Services, including connecting an email account and contacting support.

Information We Collect

We collect information only when needed to provide, secure, and improve the Services.

We collect data in three ways:

  1. Information you provide directly
  2. Information collected automatically
  3. Information received from connected third parties

Information You Provide to Us

Account information

  • Email address
  • Name and company name (if provided)
  • Login and security details needed to run your account

Billing information (if paid plans apply)

  • Billing contact details
  • Subscription status and invoices/receipts for payment

Payment card details are typically handled by payment processors and not stored directly by Unspend.

Communications

  • Messages and attachments you send to support
  • Replies and support notes

Information We Access From Your Email Inbox (With Your Permission)

Unspend uses OAuth to connect to Gmail or Microsoft. We do not ask for your email password. We request the minimum permissions needed for core features.

Google permissions we request

  • Google Sign-In: openid, email, and profile to authenticate your account
  • Gmail connection: https://www.googleapis.com/auth/gmail.readonly to read emails for invoice extraction

What we access

  • Email metadata (sender, recipient, date/time, subject)
  • Email content (only as needed to detect invoices)
  • Attachments (invoice PDFs)

Extracted data storage

Unspend stores extracted invoice fields (vendor, amount, date, etc.) in our database. Raw email content and attachments are not retained after processing.

When you unlink Gmail from Unspend, we revoke the Google OAuth token and stop future Gmail access.

We do not use inbox data for advertising.

Unspend's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Reference: Google API Services User Data Policy and Microsoft API terms require least-privilege access and safeguards.

Information We Collect Automatically

  • Log data (IP, browser/device type, timestamps)
  • Usage data (features used, clicks, errors, performance metrics)
  • Approximate location inferred from IP address
  • Cookies/similar technologies for sessions, security, and basic analytics

How and Why We Use Information

  • Provide the Services: account setup, inbox connection, extraction, and in-app display
  • Maintain security and reliability: abuse prevention and troubleshooting
  • Improve the Services: performance, bug fixes, extraction quality
  • Communicate with you: support, billing, security, and product notices

AI Processing

Unspend uses automated processing (including AI) to detect invoice emails/PDFs and extract structured fields.

If third-party providers are used (e.g. infrastructure/model providers), they act as service providers and process data only to deliver Unspend Services. We do not permit these providers to use Google user data to train generalized AI/ML models.

Human review of inbox-derived data is limited to support, security incident response, and abuse prevention.

Sharing Information

We share data only in limited circumstances:

  • Service providers helping us operate Unspend (hosting, monitoring, support, payments)
  • Legal/safety obligations where disclosure is reasonably necessary
  • Business transfers (e.g. merger, acquisition, asset sale)
  • With your direction (for example, when exporting data)
  • Aggregated/de-identified statistics that do not identify you

How Long We Keep Information

  • Extracted invoice data: retained while your account is active and for a reasonable period thereafter where needed for security, legal, and operational purposes. We process deletion requests in accordance with applicable law and our internal retention practices.
  • Gmail connection tokens: kept while connected; revoked on unlink and removed from active use
  • Operational logs: retained for limited periods needed for security, fraud prevention, and reliability

Backup deletion may take additional time due to rotation schedules.

Security

  • Encryption at rest and in transit (TLS)
  • Access controls (least privilege)
  • Monitoring and logging
  • Secure key/token storage practices

Your Choices

  • Disconnect Gmail/Microsoft access in Unspend
  • Revoke access in Google/Microsoft account settings
  • Request deletion of extracted invoice data
  • Close your account
  • Opt out of marketing emails (service-critical emails still apply)

Your Rights

Depending on location, you may have rights to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Receive a portable copy of your data

To exercise rights, contact us at support@unspend.io. We may verify account ownership first.

International Data Transfers

Information may be processed in countries different from where you live. Where required, Unspend uses contractual and technical safeguards for cross-border transfers.

Changes to This Policy

We may update this policy from time to time. The "Last updated" date indicates the latest revision. If changes are material, we will take reasonable steps to notify you (for example, by email or in-app notice).

Organized teams manage their subscriptions.
Plug the gaps now.