Privacy Policy

Account Information

When you create an account, we collect your name, email address, organization name, and password (stored as a bcrypt hash). We never store plaintext passwords.

API Keys

Provider API keys you connect (OpenAI, Anthropic, etc.) are encrypted at rest using AES-256-GCM. Keys are used solely for proxying your requests to the respective providers and are never logged, shared, or used for any other purpose.

Usage Data

We process metadata about your AI API calls: timestamps, model names, token counts, cost calculations, and response status codes. We do not store the content of your prompts or completions unless you explicitly enable audit logging.

Audit Logs

If you enable Spendpol Audit, we store request and response metadata for compliance purposes. PII detection runs in real-time — detected PII is flagged but original content is not retained beyond your configured retention period.

Core Service

We use your data to provide cost tracking, budget enforcement, policy evaluation, and analytics. All processing happens within your organization's isolated tenant boundary.

Multi-Tenancy Isolation

Every database query is scoped by organization ID using PostgreSQL Row Level Security (RLS). Your data is never accessible to other organizations, even at the database level.

No Training

We never use your data, API call content, or usage patterns to train machine learning models. Your data is yours.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys use additional application-level encryption. Database connections require SSL.

Infrastructure

For cloud-hosted customers: data is stored in SOC 2 Type II certified data centers. For self-hosted customers: data never leaves your infrastructure.

Access Controls

Internal access to production systems requires multi-factor authentication, VPN, and role-based access. All access is logged and audited.

Configurable Retention

Audit log retention is configurable per plan: 30 days (Free), 1 year (Pro), custom (Enterprise). After the retention period, data is permanently deleted.

Account Deletion

You can request complete account and data deletion at any time. Upon deletion, all organization data including API keys, budgets, policies, audit logs, and analytics are permanently removed within 30 days.

Third Parties

We do not sell, rent, or share your data with third parties for marketing purposes. Data is only shared with: (a) AI providers you connect, for request proxying; (b) payment processors (Stripe), for billing; (c) infrastructure providers, for hosting.

Integrations

When you connect integrations (Slack, Jira, Teams, Linear), only the data necessary for that integration's function is shared — such as alert notifications or ticket creation. You control which integrations are active.

GDPR Rights

If you are in the EU/EEA, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing. Contact privacy@spendpol.com to exercise these rights.

Data Export

You can export your data at any time through the API or dashboard. Supported formats include JSON and CSV.

Essential Cookies Only

We use a single session cookie (spendpol_token) for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

We will notify you of material changes via email and dashboard notification at least 30 days before they take effect. Continued use after changes constitutes acceptance.

For privacy questions or data requests: privacy@spendpol.com. For security concerns: security@spendpol.com.