Privacy Policy

Jotspend ("we," "our," or "us") is an AI-powered travel expense tracking application built and operated by Hadi, based in Dubai, United Arab Emirates. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Jotspend mobile application and related services (collectively, the "Service").

By using Jotspend, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you sign up for Jotspend, we collect information through Google Sign-In, including:

• Your name
• Your email address
• Your profile picture
• Your Google account identifier

1.2 Expense Data

As you use Jotspend to track your travel expenses, we collect and store:

• Expense descriptions, amounts, currencies, and categories
• Trip names, dates, and destinations
• Receipt images and photos you upload or capture
• Chat messages and text input you provide to the AI assistant
• Audio recordings you voluntarily submit for expense entry

1.3 Subscription Information

If you subscribe to a paid plan, we collect subscription-related information through RevenueCat, our subscription management provider. This may include:

• Subscription status and plan type
• Purchase history and transaction identifiers
• Device identifiers associated with your subscription

We do not directly collect or store your payment card details. All payment processing is handled by Apple (App Store) or Google (Play Store) through their respective in-app purchase systems.

1.4 Device and Usage Information

We may automatically collect certain technical information, including:

• Device type, operating system, and version
• App version
• General usage patterns and feature interactions
• Crash reports and performance data

2. How We Use Your Information

We use your information for the following purposes:

• Provide and operate the Service: To create and manage your account, store your expense data, and deliver the core functionality of the app.
• AI-powered expense parsing: Your chat messages, text input, audio recordings, and receipt images are processed by third-party AI services (OpenAI and Anthropic) to automatically extract and categorize expense information.
• Improve the Service: To understand how our Service is used, diagnose technical issues, and develop new features.
• Manage subscriptions: To process and manage your subscription through RevenueCat and the relevant app store.
• Communicate with you: To send you important updates about the Service, respond to your inquiries, and provide customer support.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Third-Party Services

Jotspend relies on the following third-party services to operate. Each service has its own privacy policy governing the use of your data:

3.1 Google Sign-In

We use Google Sign-In for authentication. When you sign in, Google provides us with your basic profile information. Google's privacy policy is available at https://policies.google.com/privacy.

3.2 Supabase

We use Supabase as our backend database and infrastructure provider to store your account information and expense data. Supabase's privacy policy is available at https://supabase.com/privacy.

3.3 OpenAI and Anthropic

We use AI services provided by OpenAI and Anthropic to process your chat messages, text input, and receipt images for expense parsing and categorization. Your input data is sent to these services for processing. We do not use your data to train AI models.

• OpenAI's privacy policy: https://openai.com/privacy
• Anthropic's privacy policy: https://www.anthropic.com/privacy

3.4 RevenueCat

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat may collect device identifiers and purchase-related information. RevenueCat's privacy policy is available at https://www.revenuecat.com/privacy.

3.5 Expo

Our mobile application is built using Expo (React Native). Expo may collect certain device and usage data for app delivery and updates. Expo's privacy policy is available at https://expo.dev/privacy.

4. Data Storage and Security

Your data is stored securely using Supabase's cloud infrastructure. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest
• Secure authentication via Google Sign-In and token-based sessions
• Access controls limiting data access to authorized systems and personnel
• Regular security reviews of our infrastructure and dependencies

While we strive to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Expense data, trip information, and associated receipt images will be permanently deleted upon account deletion.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request correction of inaccurate or incomplete personal data.
• Deletion: You can request deletion of your personal data and account.
• Export: You can export your expense data from within the app.
• Restriction: You can request restriction of processing of your personal data in certain circumstances.
• Objection: You can object to processing of your personal data in certain circumstances.
• Withdrawal of consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at hadi@heffl.com.

7. Account Deletion

You may delete your Jotspend account at any time by contacting us at hadi@heffl.com. Upon receiving your request, we will:

• Permanently delete your account and profile information
• Permanently delete all your expense data, trip data, and receipt images
• Remove your data from our active databases within 30 days
• Cancel any active subscription (you may also cancel directly through your app store)

Please note that some data may persist in encrypted backups for a limited period before being permanently removed, and we may retain certain information as required by law.

8. Children's Privacy

Jotspend is not intended for use by children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers operate. These countries may have different data protection laws. By using our Service, you consent to the transfer of your data to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the app or by sending you a notification. The "Effective Date" at the top of this policy indicates when it was last revised. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: