← Back to homeispendtoomuch

Privacy Policy

Last updated: 2026-03-02

This Privacy Policy describes how ispendtoomuch (“we,” “us,” or “our”) collects, uses, and protects your information when you use our website and services at https://ispendtoomuch.com. We are committed to transparency and compliance with applicable data protection laws, including the GDPR and CCPA.

1. Who we are

ispendtoomuch operates the service ispendtoomuch, which helps users understand their online spending by reading order confirmation emails (with your permission) and presenting the data in a dashboard. For privacy-related requests, contact us via our contact form.

2. Data we collect

2.1 Account and contact data

  • Email address (when you sign up for the waitlist or create an account)
  • Name and profile information if you provide them

2.2 Email inbox access (read-only)

If you connect your email (e.g. Gmail) to our service, we request read-only access. We do not send, delete, or modify your emails. We only read messages that appear to be order confirmations from supported merchants.

From those emails we extract and store only:

  • Merchant or store name
  • Transaction amount and currency
  • Date of purchase
  • Subject line (for matching and display)

We do not store the full body of your emails, attachments, or any content beyond what is necessary to build your spending dashboard.

2.3 Usage and technical data

  • Log data (e.g. IP address, browser type, pages visited) for security and operation
  • Cookies and similar technologies as described in our Cookie Policy

3. How we use your data

  • To provide and improve the ispendtoomuch service
  • To build and display your spending dashboard from order data we extract
  • To communicate with you (e.g. product updates, support, legal notices)
  • To comply with legal obligations and enforce our Terms of Service
  • To protect our systems and users (e.g. fraud prevention, security)

We do not sell your personal data to third parties.

4. Legal basis (GDPR)

If you are in the European Economic Area, we process your data on the following bases:

  • Contract: Processing necessary to provide the service you requested
  • Consent: Where you have given clear consent (e.g. connecting your inbox)
  • Legitimate interests: Operation, security, and improvement of our service, where balanced against your rights
  • Legal obligation: Where required by law

5. Sharing and third parties

We may share data with:

  • Service providers (hosting, email, analytics, payment processors such as Polar or Stripe) who process data on our instructions and under agreements
  • Authorities when required by law or to protect rights and safety

We use Google OAuth for email connection. Your use of that service is subject to Google's privacy policy. We do not share your extracted spending data with Google for advertising.

6. Data retention

We retain extracted order data (merchant, amount, date) for as long as your account is active and you use the service. If you disconnect your inbox or delete your account, we will delete or anonymize this data within a reasonable period (typically 30 days) unless we must retain it for legal reasons.

Log and technical data may be retained for longer for security and compliance.

7. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority (e.g. in your EU member state)

To exercise these rights, contact us via our contact form. We will respond within the timeframes required by applicable law.

8. Security

We use industry-standard measures (e.g. encryption in transit, access controls, secure hosting) to protect your data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. International transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards (e.g. standard contractual clauses, adequacy decisions) where required by law.

10. Children

Our service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected a child's data, contact us and we will delete it.

11. Changes

We may update this policy from time to time. We will post the revised policy on this page and update the “Last updated” date. For material changes, we may notify you by email or a prominent notice on the service.

12. Contact

For privacy questions or to exercise your rights, contact us via our contact form or at:

ispendtoomuch
1st Floor, Plot, Plot 6 Main PWD Rd
Sector C
Islamabad, ICT 44000
Pakistan

← Return to ispendtoomuch