Privacy

spache is a household + side-hustle budgeting app. We need a few things to run it: who you are, the receipts you upload, and the budgets you set. We never sell that data, never train AI on your receipts, and never share it with advertisers. You can export everything or delete your account at any time.

spache is built and operated by Noetic Labs (Pty) Ltd, a private company registered in Gaborone, Botswana (“we”, “us”). For data-protection purposes Noetic Labs is the data controller (GDPR) / responsible party (POPIA) for the personal information you give spache. Reach us on WhatsApp or at support@spache.app.

• Account info — your name, email, optional phone number, and a profile photo if you sign in with Google. We need this to give you a stable login and let other household members recognise you on shared budgets.
• Your budget data — the categories, monthly amounts, expenses, and member tags you create. This is the entire point of the app; we cannot run a budget tracker without storing the budget.
• Receipts you upload — the image and the data extracted from it (vendor, amount, date, category). Stored in your private Firebase Storage folder.
• Space metadata — for shared households or business Spaces, the membership list and per-member roles. Members can see what other members do inside that Space, by design.
• Technical signals — standard server logs (IP address, timestamp, request path, user agent), retained for 30 days for abuse, debugging, and rate-limiting. We don’t pair these with your account identity beyond the immediate request.

Our legal basis under GDPR / POPIA is performance of contract (we cannot deliver the service without these data points) and legitimate interest for the technical signals (keeping the service available and free of abuse).

• Store it so we can show it back to you the next time you open the app.
• Share it with the household / business Space members you’ve invited — only the lines tagged Joint or belonging to that Space.
• Send your receipt image once to Google’s Gemini API for OCR, so we can fill in vendor / amount / date / category for you. Google does not retain the image or train models on it (per the Gemini API enterprise terms).
• Send transactional email (account verification, household invitations, password resets) via Resend.

• We don’t sell your data. Ever.
• We don’t train AI models on your receipts, expenses, or budget data.
• We don’t share your data with advertisers.
• We don’t use third-party trackers (no Facebook Pixel, no AdSense, no Google Analytics).
• We don’t send marketing email without explicit opt-in.

Your account, budgets, expenses, receipt records, and organisation memberships are stored in MongoDB Atlas in the EU (Frankfurt). The receipt image files themselves are stored in Firebase Storage in Google Cloud’s eur3 multi-region (Europe). The API service that reads and writes your data runs on Google Cloud Run in europe-west1 (Belgium). Everything in transit is TLS-encrypted; everything at rest is encrypted by the underlying provider.

We use a small set of third-party providers to operate spache. Each is bound by a Data Processing Agreement appropriate for their role:

• Google LLC — Firebase Authentication (sign-in), Firebase Storage (receipt images), Google Cloud Run (the spache API), Gemini API (one-shot OCR on receipt images).
• MongoDB, Inc. — MongoDB Atlas, the database that holds your budgets, expenses, and account.
• Resend, Inc. — transactional email delivery.
• Cloudflare, Inc. — static hosting + DNS for the marketing site at spache.app.

If we add a new subprocessor that handles personal data, we’ll update this list and the “last updated” date above before they begin processing.

Most of your data stays in Europe (see “Where it lives”). The exception is the Gemini OCR call, which Google routes to its US endpoints. Google Cloud’s Standard Contractual Clauses (SCCs) cover this transfer for EU / UK users. If you are in Botswana or South Africa, this transfer happens with your knowledge under POPIA s72 — you can avoid it by adding receipts manually instead of using the AI scanner.

• While your account is active: as long as it’s useful to you. We keep budget history forever unless you tell us otherwise — year-on-year comparison is one of the headline features.
• After you delete your account: active copies are removed within 30 days; encrypted backups roll off within 90 days.
• Server logs: 30 days, then auto-deleted.
• Transactional email records: 30 days at the email provider, kept only for delivery troubleshooting.

Under POPIA, GDPR, and the Botswana Data Protection Act you can ask us to:

• Access a copy of the personal information we hold about you.
• Correct anything that’s wrong — most fields are editable from inside the app; for the rest, email us.
• Delete your account and the data we hold about you. Use Settings → Delete Account, or email us if you can’t reach the in-app option.
• Export everything in a portable format (JSON or CSV).
• Object to or restrict a particular use of your data (e.g. “please don’t send my receipts to the AI scanner”).
• Withdraw consent for anything we’ve asked your permission for, at any time.

We respond to rights requests within 30 days. If you think we’ve mishandled your data, you can complain to your local regulator — Botswana’s Information and Data Protection Commission, the South African Information Regulator, or your EU member state’s DPA — but we’d much rather you tell us first so we can fix it.

spache is not intended for children under 16. We don’t knowingly collect personal information from anyone under 16. If you believe a child has signed up, email us and we’ll delete the account.

The spache app and the marketing site use a small number of strictly-necessary cookies and browser-storage entries: a Firebase session token (so you stay signed in), a preferences flag (light/dark theme), and a CSRF token. We don’t use third-party analytics on the app today. If we add lightweight, privacy-preserving analytics on the marketing site, we’ll list the provider here and ensure no personal data leaves the visitor’s browser.

We use TLS in transit, provider-managed encryption at rest, Firebase Authentication for identity, and per-user Mongo queries scoped to your organisation memberships. Receipts in Firebase Storage live behind path-based rules tied to your organisation. We rotate API keys when staff change, and we run security audits before each major release.

If you discover a vulnerability, please email support@spache.app with the subject line “Security”. We’ll acknowledge within two working days.

When we make a material change, we’ll bump the “last updated” date at the top and email anyone with an active account before the change takes effect. Editorial fixes (typos, clarity) won’t trigger a notification.

Privacy and data-rights questions: support@spache.app. Postal: Noetic Labs (Pty) Ltd, Gaborone, Botswana — ask us by email for the registered street address if you need to send formal notice. We’ll reply within one working day for general questions, within 30 days for statutory rights requests.

Plain-English summary — Terms of service.