SpendCaddie Logo
SpendCaddie
LoginGet Started

Privacy Policy

Version: 1.0Effective Date: January 11, 2026Last Updated: January 11, 2026

Quick Summary (Plain Language)

  • • We collect your account info (name, email) and financial data (via Plaid) to provide our service.
  • • We do NOT sell your personal information to third parties.
  • • We share data only with service providers who help us operate (Plaid, Stripe, etc.).
  • • You can access, correct, delete, or export your data at any time.
  • • We use encryption and security best practices to protect your data.
  • • We honor opt-out signals including Global Privacy Control (GPC).
  • California, Colorado, Virginia, Connecticut, and Utah residents have additional rights - see our State Privacy Addendum.
  • • Contact privacy@spendcaddie.com for any privacy questions.

Table of Contents

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, and password when you register
  • Phone Number: Optional, for SMS alerts and two-factor authentication
  • Profile Preferences: Financial mode selection, notification preferences, goals
  • Manual Entries: Credit card details you manually enter (names, APRs, promotional periods)
  • Communications: Emails, support requests, and feedback you send us

1.2 Financial Data from Plaid (With Your Permission)

When you connect your financial accounts, we receive read-only data through Plaid:

  • • Account balances and available credit
  • • Transaction history (purchases, payments, transfers)
  • • Account metadata (account type, institution name, last 4 digits)
  • • Credit card information (credit limits, APR when available, due dates)

Important: We never receive or store your bank login credentials. Plaid handles authentication directly with your financial institution.

1.3 Payment Information

Payment card details are collected and processed by Stripe (our payment processor). We only receive and store: transaction records, the last 4 digits of your card, card brand, and expiration date. We do not store full card numbers.

1.4 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, timestamps, interaction patterns
  • Cookies: Session cookies, preference cookies (see Cookie Policy)
  • Log Data: Error logs, performance metrics, security events

2. How We Use Your Information

Service Delivery (Required)

  • • Provide core platform features
  • • Calculate payment recommendations
  • • Monitor account balances
  • • Generate debt payoff projections
  • • Send alerts and notifications

Communications

  • • Send account alerts (low balance, due dates)
  • • Deliver payment reminders
  • • Provide customer support
  • • Share service updates
  • • Send promotional communications (with consent)

Platform Improvement (With Consent)

  • • Analyze usage patterns (de-identified)
  • • Fix bugs and errors
  • • Develop new features
  • • Improve user experience
  • • Conduct research (aggregated)

Security & Compliance

  • • Verify your identity
  • • Prevent fraud and abuse
  • • Protect against security threats
  • • Comply with legal obligations
  • • Respond to legal requests

3. How We Share Information

We do NOT sell your personal information to third parties.

We share information only in these limited circumstances:

3.1 Service Providers

We share data with trusted service providers who help us operate the Service:

Plaid
Bank data connection
Stripe
Payment processing
Supabase
Database hosting
Vercel
Application hosting
Resend
Email delivery
Sentry
Error monitoring

3.2 Legal Requirements

We may disclose information when required by law, court order, subpoena, or government request, or to protect our rights, property, or safety.

3.3 Business Transfers

In connection with a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you of any such change.

3.4 With Your Consent

We may share information with other parties when you explicitly consent to such sharing.

4. Data Security

Technical Measures

  • • TLS 1.3 encryption in transit
  • • AES-256 encryption at rest
  • • Row-level security policies
  • • Regular penetration testing

Operational Security

  • • Multi-factor authentication
  • • Comprehensive audit logging
  • • Regular security reviews
  • • Incident response procedures

While we implement industry-standard security measures, no system is 100% secure. We will notify you of any data breaches as required by applicable law.

5. Data Retention

We retain your information only as long as necessary for the purposes described in this policy:

  • Active Accounts: Data retained while your account is active
  • After Account Deletion: Most data deleted within 30 days
  • Consent Records: Retained for at least 3 years (legal compliance)
  • Financial Records: May be retained up to 7 years as required by law
  • Anonymized Data: May be retained indefinitely for analytics

6. Your Rights and Choices

All Users Have the Right To:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (portability)
  • Opt-out of marketing communications
  • Disconnect linked financial accounts
  • Manage notification preferences

How to Exercise Your Rights

  • Account Settings: Most actions available in-app
  • Email: privacy@spendcaddie.com
  • Response Time: Within 45 days
  • Verification: We may verify your identity

7. State Privacy Addendum

Residents of certain U.S. states have additional rights under state privacy laws. This section provides information required by these laws. If you are a resident of California, Colorado, Virginia, Connecticut, or Utah, this section applies to you.

7.1 California Residents (CCPA/CPRA)

Your California Privacy Rights

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal information
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising your privacy rights

Categories of Personal Information Collected

CategoryExamplesCollected
IdentifiersName, email, IP addressYes
Financial InformationAccount balances, transactionsYes
Internet ActivityBrowsing history, interactionsYes
GeolocationGeneral location from IPYes
Sensitive Personal InfoAccount login credentialsYes (passwords are hashed)

Sale/Sharing Disclosure

We do not sell or share your personal information for cross-context behavioral advertising as defined under the CCPA/CPRA. We honor Global Privacy Control (GPC) signals.

How to Submit a Request

  • Email: privacy@spendcaddie.com
  • Subject Line: "California Privacy Request"
  • Response Time: 45 days (may extend by additional 45 days if needed)
  • Verification: We will verify your identity using account information
  • Authorized Agent: You may designate an authorized agent with written permission

7.2 Colorado Residents (CPA)

Under the Colorado Privacy Act (CPA), Colorado residents have the following rights:

Your Colorado Privacy Rights

  • Access your personal data
  • Correct inaccuracies in your personal data
  • Delete your personal data
  • Data Portability - obtain a copy in a portable format
  • Opt-out of targeted advertising, data sales, or profiling
  • Appeal if we deny your request

Sensitive Data Notice

Colorado law requires opt-in consent for processing sensitive personal data. Financial data obtained through Plaid requires your explicit consent via the Plaid Link flow.

Universal Opt-Out Signals

We recognize and honor universal opt-out mechanisms including Global Privacy Control (GPC).

How to Submit a Request

  • Email: privacy@spendcaddie.com
  • Subject Line: "Colorado Privacy Request"
  • Response Time: 45 days (may extend by additional 45 days if needed)
  • Appeal: You may appeal denials within 45 days

7.3 Virginia Residents (VCDPA)

Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have the following rights:

Your Virginia Privacy Rights

  • Confirm whether we are processing your personal data
  • Access your personal data
  • Correct inaccuracies in your personal data
  • Delete your personal data
  • Data Portability - obtain a copy in a portable format
  • Opt-out of targeted advertising, data sales, or profiling
  • Appeal if we deny your request

How to Submit a Request

  • Email: privacy@spendcaddie.com
  • Subject Line: "Virginia Privacy Request"
  • Response Time: 45 days (may extend by additional 45 days if needed)
  • Appeal: You may appeal denials within 60 days; we respond within 60 days of appeal

7.4 Connecticut Residents (CTDPA)

Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the following rights:

Your Connecticut Privacy Rights

  • Access your personal data
  • Correct inaccuracies in your personal data
  • Delete your personal data
  • Data Portability - obtain a copy in a portable format
  • Opt-out of targeted advertising, data sales, or profiling
  • Appeal if we deny your request

Universal Opt-Out Signals

We recognize and honor universal opt-out mechanisms including Global Privacy Control (GPC).

How to Submit a Request

  • Email: privacy@spendcaddie.com
  • Subject Line: "Connecticut Privacy Request"
  • Response Time: 45 days (may extend by additional 45 days if needed)
  • Appeal: You may appeal denials; we respond within 60 days of appeal

7.5 Utah Residents (UCPA)

Under the Utah Consumer Privacy Act (UCPA), Utah residents have the following rights:

Your Utah Privacy Rights

  • Confirm whether we are processing your personal data
  • Access your personal data
  • Delete your personal data
  • Data Portability - obtain a copy in a portable format
  • Opt-out of targeted advertising or data sales

How to Submit a Request

  • Email: privacy@spendcaddie.com
  • Subject Line: "Utah Privacy Request"
  • Response Time: 45 days (may extend by additional 45 days if needed)

Verification Process (All States)

To protect your privacy, we verify your identity before processing requests:

  • • We match the email address on your request to your account
  • • We may ask for additional information to verify your identity
  • • We will not fulfill requests we cannot verify
  • • Authorized agents must provide written authorization from the consumer

8. Cookies and Tracking

For detailed information about the cookies we use, please see our Cookie Policy.

Essential Cookies

Required for authentication and security

Preference Cookies

Remember your settings

Analytics Cookies

Help us improve (with consent)

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

9. Children's Privacy

SpendCaddie is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately at privacy@spendcaddie.com and we will delete the information.

10. International Users

SpendCaddie is available only to residents of the United States. We do not intentionally collect personal information from individuals outside the U.S. If you access the Service from outside the United States, please be aware that your information may be transferred to and processed in the U.S.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via:

  • • Posting the new policy with an updated effective date
  • • Sending an email notification to registered users
  • • Displaying a prominent notice in the app

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Bobby Built Ventures, LLC

DBA SpendCaddie

Privacy Inquiries:
privacy@spendcaddie.com

General Support:
support@spendcaddie.com

Mailing Address:
1500 N Grant St, Ste R
Denver, CO 80203, USA

Version History

VersionDateChanges
1.0January 11, 2026Initial release with State Privacy Addendum