Privacy Policy

Effective date: March 28, 2026  ·  Last updated: April 20, 2026

The short version: SpendPal processes your financial data entirely on your device using Apple's Vision framework. Your screenshots and transaction data are never uploaded to any server. We don't have access to your financial data — period. Optional, opt-in crash reporting sends only technical diagnostics (no financial data) to help us fix bugs.

1. Introduction

HAW Labs ("we", "us", "our") operates the SpendPal: Money Manager mobile application (the "App"). This Privacy Policy describes what information the App collects, how it is used, and what choices you have.

By using SpendPal, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Information We Collect

Data you provide directly

All of the following stays on your device (and optionally in your private iCloud account). We cannot see it.

  • Transaction data you enter manually or import via screenshot, camera, or PDF
  • Account and card names and nicknames you create
  • Categories, tags, budgets, notes, and preferences you set
  • Backup files you export using the Export & Import feature

Data processed on your device (OCR)

When you use the screenshot import feature, the selected image is processed entirely on your device using Apple's Vision framework. Specifically:

  • Screenshots are never uploaded to any server — not ours, not anyone else's
  • Text recognition (amounts, dates, merchant names) happens locally using on-device machine learning
  • Extracted data is stored only on your device and, if enabled, in your private iCloud account

Optional crash reporting (opt-in only)

On first launch, SpendPal asks if you would like to share anonymous crash reports to help us improve the app. This is entirely optional — the app works fully if you decline.

If you opt in, crash reports are sent to Sentry (sentry.io) and include only:

  • The type and location of the error (stack trace)
  • App version number
  • iOS version and device model (e.g. "iPhone 16, iOS 18.3")
  • A short sequence of in-app navigation events leading up to the crash (breadcrumbs)

Crash reports never include:

  • Transaction data, amounts, or merchant names
  • Screenshots or photos
  • Account names or bank information
  • Your name, email, or any personal identity
  • Your location

You can change your crash reporting preference at any time in Settings → Share Crash Reports.

Advertising data (free tier only)

For free-tier users, Google AdMob may collect device identifiers and limited usage data for advertising purposes, subject to your App Tracking Transparency (ATT) consent choice on iOS. If you decline tracking, only non-personalised ads are shown. Premium subscribers do not see ads.

3. How We Use Your Information

  • To provide core app functionality — tracking transactions, generating reports, and managing budgets
  • To sync your data across your Apple devices via iCloud (Apple CloudKit), if you enable this
  • To diagnose crashes and improve app stability (only if you opted in to crash reporting)
  • To display banner ads to free-tier users via Google AdMob

We do not sell, share, rent, or transfer your financial data to any third party for any purpose.

We do not have access to your financial data — it exists only on your device and in your private iCloud container.

4. Data Storage and Security

  • All financial data is stored locally on your device in the App's sandboxed private storage
  • If iCloud sync is enabled, your data is synced via Apple CloudKit, which encrypts data in transit and at rest
  • We do not operate any servers that store your personal or financial data
  • Crash reports (if opted in) are stored on Sentry's servers in the United States and are retained for 90 days

Export & Import feature

SpendPal lets you export your data as a JSON backup or CSV file using the Settings → Export & Import screen. These files are generated entirely on your device and are only shared when you explicitly choose to (via AirDrop, email, or another method you select). We never receive copies of your exported files.

You are responsible for the security of any backup files you create. Treat exported backup files as sensitive — they contain your full transaction history.

5. Third-Party Services

SpendPal integrates the following third-party services. Each is governed by its own privacy policy:

  • Apple CloudKit (iCloud sync) — optional cross-device data sync. Governed by Apple's Privacy Policy.
  • Sentry — optional, opt-in crash reporting and error monitoring. Receives only technical diagnostic data as described above. Governed by Sentry's Privacy Policy.
  • Google AdMob — banner ads for free-tier users. May collect device identifiers and usage data subject to your ATT choice. Governed by Google's Privacy Policy.
  • RevenueCat — in-app subscription management. Receives only App Store purchase receipt data, not your financial tracking data. Governed by RevenueCat's Privacy Policy.

6. Your Choices and Rights

  • Crash reporting: Toggle on or off at any time in Settings → Share Crash Reports. Turning it off immediately stops all data collection by Sentry.
  • iCloud sync: Disable at any time in the App's Settings. Your data stays on-device only.
  • Ad tracking: Opt out of personalised ads via iOS Settings → Privacy & Security → Tracking, or by revoking SpendPal's tracking permission.
  • Deleting local data: Delete the App from your device to permanently remove all locally stored data. Deleted transactions are recoverable for 7 days within the app via Settings → Recently Deleted.
  • Deleting iCloud data: Go to iOS Settings → [Your Name] → iCloud → Manage Storage → SpendPal → Delete Data.
  • Exporting your data: You can export all your data at any time via Settings → Export & Import → Export Full Backup.
  • Data inquiries: Contact us at [email protected] with any questions about your data.

7. Canadian Privacy Law

HAW Labs is incorporated in Ontario, Canada. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. In practice, SpendPal is designed to minimise data collection by design — the vast majority of your data never leaves your device.

8. Children's Privacy

SpendPal is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the App, please contact us at [email protected] and we will take steps to delete such information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notice or by updating the "Last updated" date at the top of this page. Your continued use of SpendPal after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: