WeSpend Privacy Policy

Effective Date: February 18, 2026 Last Updated: February 18, 2026

1. Introduction

WeSpend ("App", "we", "us", or "our") values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our expense tracking application.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy laws worldwide.

2. Information We Collect

2.1 Information You Provide

Data Type	Purpose	Required
Email address	Account identification, password reset	Required (email signup)
Password	Account authentication	Required (email signup)
Display name (nickname)	User identification within household	Optional
Apple ID information	Apple Sign-In authentication	Required (Apple login)
Google account information	Google Sign-In authentication	Required (Google login)

2.2 Information Generated Through Service Use

Data Type	Purpose
Expense records (amount, category, memo, date)	Core service functionality
Payment method (card/cash)	Expense categorization and statistics
Attribution (me/partner/together)	Shared household tracking
Household invite codes	Partner invitation feature

2.3 Automatically Collected Information

Data Type	Purpose
Device identifiers	Anonymous login, service provision
App usage logs	Service improvement, error analysis

3. How We Collect Information

Direct input during registration and login
Social login via Apple Sign-In or Google Sign-In
Automatic generation during app usage

4. How We Use Your Information

We use your personal data only for the following purposes:

Purpose	Description	Legal Basis (GDPR)
Service Provision	Expense tracking, statistics, shared household features	Contract performance
Account Management	User identification, login, password reset	Contract performance
Partner Connection	Household sharing via invite codes	Consent
Service Improvement	Error analysis, usability improvements	Legitimate interest

5. Data Retention

Account deletion: Data deleted immediately upon request (except where retention is required by law)
Service records: Retained until account deletion
Deleted expenses: Retained for recovery feature, permanently deleted upon account deletion

6. Data Sharing

WeSpend does not sell your personal data. We share your information only in the following circumstances:

With your consent: When you explicitly agree to share
Legal requirements: When required by law or legal process
Shared household: With partners you connect via invite code (core service feature)

7. Data Processors and International Transfers

We use the following third-party service providers:

Provider	Service	Location	Transfer Method
Google LLC (Firebase)	Cloud storage, authentication	United States	Network transfer during service use
Apple Inc.	Apple Sign-In authentication	United States	Network transfer during Apple login

International Transfer Safeguards: These providers are certified under the EU-US Data Privacy Framework or comply with GDPR Standard Contractual Clauses (SCCs).

8. Your Rights

All Users

Access: Request access to your personal data
Rectification: Request correction of inaccurate data
Deletion: Request deletion of your data via account deletion
Restriction: Request restriction of data processing

EU/EEA Residents (GDPR Rights)

Data Portability: Receive your data in a structured, machine-readable format
Processing Restriction: Restrict processing in certain circumstances
Automated Decision-Making: Object to decisions based solely on automated processing
Supervisory Authority: Lodge a complaint with your local Data Protection Authority

California Residents (CCPA Rights)

Know: Request information about data collection categories and sources
Delete: Request deletion of your personal information
Opt-Out of Sale: WeSpend does not sell personal information
Non-Discrimination: Exercise rights without discriminatory treatment

How to Exercise Your Rights

In-App Settings: Edit nickname, logout, delete account
Email: privacy@wespend.app

We will respond to your request within 30 days (or as required by applicable law).

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: Passwords are encrypted at rest (Firebase Authentication)
Transport Security: All data transmitted via TLS/HTTPS
Access Controls: Database access restricted via Firestore Security Rules
Authentication: Industry-standard OAuth 2.0 for social logins
Regular Reviews: Periodic security assessments and updates

10. Children's Privacy

WeSpend is not intended for children under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Cookies and Tracking

The WeSpend app does not use web cookies. We may collect anonymized usage statistics through Firebase Analytics for service improvement purposes only.

Tracking Opt-Out: You can deny app tracking permission in your iOS device settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via in-app notification or email before the changes take effect.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices:

Email: privacy@wespend.app

14. Regulatory Contacts

European Union (EU/EEA)

You may lodge a complaint with your local Data Protection Authority: - EU DPA List: https://edpb.europa.eu/about-edpb/about-edpb/members

United States (California)

California Attorney General: https://oag.ca.gov/privacy

South Korea

Personal Information Infringement Report Center: 118, https://privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972, https://www.kopico.go.kr

This Privacy Policy is effective as of February 18, 2026.