1. Who we are
BigSpenda ("BigSpenda," "we," "us," or "our") operates the BigSpenda website and application at bigspenda.io and related subdomains (collectively, the "Service"). The Service helps you monitor credit utilization and spending patterns and sends automated text-message alerts, including humorous spending feedback you opt into.
If you have questions about this Privacy Policy or our data practices, contact us at privacy@bigspenda.io.
2. Scope
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use the Service. It applies to visitors, registered users, and anyone who connects a financial account or opts in to text-message alerts.
This policy does not cover third-party websites or services you may access through links in the Service, including your bank's website and Plaid's services. Those parties have their own privacy policies.
3. Information we collect
We collect the following categories of information:
- Account information. When you sign up, we receive information from our authentication provider (Clerk), such as your email address and account identifiers.
- Phone number. If you enable text alerts, we collect and store the phone number you provide, along with your SMS opt-in status and related consent records.
- Financial account data via Plaid. When you choose to link a bank or card account, we use Plaid Inc. ("Plaid") to connect to your financial institution. Through Plaid, we may receive account metadata and transaction data, including institution name, account name, account type, masked account numbers, credit limits, balances, transaction amounts, merchant names, categories, and transaction dates. We do not receive or store your bank login credentials.
- Spending analysis data. We derive behavioral and spending-pattern summaries from your transaction history (for example, dining frequency, utilization percentages, and repeat-merchant statistics) to power alerts and in-app insights.
- Messages. We store copies of automated alert messages sent to you and inbound messages you send to our messaging number (for example, STOP, HELP, or onboarding keywords), along with delivery metadata.
- Technical and usage data. We automatically collect standard log and device information, such as IP address, browser type, pages viewed, and timestamps, to operate, secure, and improve the Service.
4. How we use information
We use personal information to:
- Provide, maintain, and improve the Service
- Connect and sync financial accounts you authorize through Plaid
- Calculate credit utilization and monitor spending against limits you configure
- Send automated spending alerts and optional humorous feedback by SMS or iMessage, when you have opted in
- Generate message content using AI services based on your spending data
- Respond to HELP and STOP requests and comply with messaging laws
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with legal obligations and enforce our terms
We do not sell your personal information. We do not use Plaid data for advertising, credit underwriting for third parties, or resale to data brokers.
5. How we use Plaid
BigSpenda uses Plaid to connect to financial institutions you select. When you use Plaid Link, you authenticate directly with your financial institution (or through Plaid's interface). Plaid transfers the account and transaction data you authorize to BigSpenda so we can provide the Service.
Plaid collects and processes information under its own privacy policy. We encourage you to review Plaid's End User Privacy Policy to understand how Plaid handles your data, what choices you have, and how to use Plaid Portal to manage connections.
By linking an account, you direct Plaid to share your financial data with BigSpenda for the purposes described in this Privacy Policy. We access Plaid data only as permitted by your authorization and applicable law.
6. How we share information
We share personal information with service providers that help us operate the Service, only as needed to perform their functions and subject to contractual confidentiality and security obligations:
- Plaid — bank account linking and financial data aggregation
- Clerk — user authentication and account management
- Anthropic — AI generation of alert message text from spending context you provide through use of the Service
- Sendblue and/or Twilio — delivery of SMS and iMessage alerts to the phone number you provide
- Render and related infrastructure providers — application hosting, databases, and background job processing
We may also disclose information if required by law, legal process, or government request; to protect the rights, property, or safety of BigSpenda, our users, or others; or in connection with a merger, acquisition, or sale of assets, with notice where required by law.
We do not share mobile phone numbers or SMS opt-in consent data with third parties for their own marketing purposes.
7. Data retention
We retain personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
- Plaid access tokens are retained while your bank connection remains active and for a limited period after disconnection to complete deletion and compliance tasks.
- Transaction and account data is retained while your account is active and, after you disconnect a bank or delete your account, deleted or anonymized within a reasonable period unless a longer retention period is required by law.
- Message logs are retained to support delivery, compliance, and dispute resolution.
- SMS opt-in records are retained to demonstrate consent and honor opt-out requests.
8. Your choices and rights
You may:
- Disconnect a bank account through the Service or by contacting us. We will revoke our Plaid connection and stop syncing new data from that institution.
- Stop text messages at any time by replying STOP to any message. You may also disable alerts in the Service where available.
- Request access, correction, or deletion of personal information we hold about you by emailing privacy@bigspenda.io. We will respond as required by applicable law.
- Manage Plaid connections through Plaid Portal.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of certain sharing. We do not sell personal information as defined by the CCPA.
9. Security
We use administrative, technical, and organizational measures designed to protect personal information, including encryption of Plaid access tokens at rest, access controls, and secure hosting environments. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If you believe your account or data has been compromised, contact us immediately at privacy@bigspenda.io.
10. Children
The Service is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
11. International users
BigSpenda is operated from the United States. If you access the Service from outside the U.S., your information may be processed in the U.S. and other countries where our service providers operate, which may have different data protection laws than your jurisdiction.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the effective date. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
13. Contact us
BigSpenda
Email: privacy@bigspenda.io
Web: bigspenda.io