SpentioSpentio
Back to Home
GDPR & Swiss DSG Compliant

Privacy Policy

Last updated: January 15, 2025

Quick Navigation
1. Information We Collect2. How We Use Your Information3. Data Storage and Security4. Data Sharing5. Your Rights Under GDPR6. Your Rights Under Swiss DSG7. Data Retention8. International Transfers9. Children's Privacy10. Changes to This Policy11. Contact Us
256-bit Encryption

All data encrypted in transit and at rest

Swiss-Hosted

Data stored in Switzerland

Your Data, Your Control

Export or delete your data anytime

At Spentio ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking application and related services (the "Service").

1. Information We Collect

We collect information you provide directly to us:

  • Account Information: Email address, name, and password when you create an account
  • Financial Data: Transaction data you import or manually enter, including amounts, dates, merchants, and categories
  • Usage Data: Information about how you use our Service, including features accessed and time spent
  • Device Information: Device type, operating system, and browser type
  • Communication Data: Messages you send us for support or feedback

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and categorize your financial transactions using AI
  • Generate personalized insights and reports about your spending
  • Send you technical notices, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and unauthorized access

Legal basis (GDPR): We process your data based on contractual necessity, legitimate interests, legal obligations, and your consent where applicable.

3. Data Storage and Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit
  • Infrastructure: Data is hosted on secure servers in Switzerland
  • Access Control: Strict access controls and authentication mechanisms
  • Monitoring: Continuous security monitoring and regular penetration testing
  • Backups: Regular encrypted backups with geographic redundancy

4. Data Sharing

We do not sell your personal data. We may share your information only in these circumstances:

  • Service Providers: With trusted third parties who help us operate our Service (payment processors, hosting providers)
  • Legal Requirements: When required by law or to respond to legal process
  • Protection: To protect the rights, property, and safety of Spentio, our users, or others
  • Business Transfers: In connection with any merger, acquisition, or sale of assets (with prior notice to users)

5. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@spentioapp.com or use the data export/deletion features in your account settings.

6. Your Rights Under Swiss DSG

If you are in Switzerland, the Swiss Federal Act on Data Protection (DSG) grants you similar rights:

  • Information: Right to know what data we process about you
  • Access: Request access to your personal data
  • Data Portability: Obtain your data in electronic format
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion under certain circumstances
  • Objection: Object to data processing for direct marketing

You may also file a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

7. Data Retention

We retain your personal data only as long as necessary to provide our Service and fulfill the purposes described in this policy. When you delete your account:

  • Personal data is deleted within 30 days
  • Anonymized analytics data may be retained for service improvement
  • Backups are purged within 90 days
  • Legal retention requirements may require longer storage of certain records

8. International Transfers

Your data is primarily stored and processed in Switzerland. If we transfer data to other countries, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers only to countries with adequate data protection laws
  • Supplementary measures where required

9. Children's Privacy

Spentio is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide prominent notice or send you a direct notification.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Email: privacy@spentioapp.com

Address: Spentio GmbH, Zurich, Switzerland

Related policies:Terms of ServiceCookie Policy