.svg){kind=icon}
Privacy Policy
PRIVACY POLICY
Last Updated: May 13, 2026
Introduction
Please read the following Privacy Policy carefully. This Privacy Policy governs and applies to your use of our Web app and our Services. By using our Web app, you acknowledge that you have read and understand all of this Privacy Policy, and you agree to be bound by our Privacy Policy. We are sensitive to the concerns that you have about the use of the Information that you disclose to us via our Web app and use of our Services. Accordingly, this Privacy Policy sets forth our privacy practices and the possible uses of the Information that we gather or you provide us through our Web app and Services.
Spendly, Inc. (collectively referred to herein as “Spendly,” “Company,” “we,” “our,” or “us”) recognizes the importance of protecting personal data we may collect from visitors and any other individual or entity (“Users,” “you,” or “your”) who visit our websites. This Privacy Policy applies to data collection by Spendly and shall apply to your use of the website, www.getspendly.com, and other Spendly-related sites, applications, software, communications, capabilities, and services (“Services”) accessible on or by any top-level Spendly domain owned by us (each, a “Site” and collectively the “Sites”), but excluding services that state that they are offered under a different privacy policy. Any capitalized words not defined in this Privacy Policy shall have the meaning ascribed to them in the Terms of Use.
The Company reserves the right to change this Privacy Policy at any time. If you do not agree to the amended Privacy Policy, you agree to stop using our Web app. You will be deemed to have accepted the amended Privacy Policy if you continue to use our Web app after such changes have been made showing the “Last Updated” date. Any changes will be effective immediately upon the posting of the new date. If changes are made, we will simply change the date appearing at the top of this page to show when the Privacy Policy was last modified, and you agree it is your responsibility to check back often for updates.
Irrespective of which country or state you live in, you authorize us to transfer, store, and use your information in the United States and any other country or state where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those in the country where you live. If you do not agree to the transfer, storage, and use of your information in the United States and any other country where we operate, you agree not to use the Sites or Services.
If you have any questions or comments about this Privacy Policy, please submit a request to spendly@getspendly.com.
When This Privacy Policy Applies
Our Privacy Policy applies to all of the Services offered by Spendly and its affiliates, including some Spendly Partners, and Services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you, or other sites linked from our Services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services.
Terms of Use
By accessing or using the Sites in any manner, you also agree to be bound by Spendly’s Terms of Use (the “Agreement”). Please read the Agreement carefully. If you do not accept all of the Terms of Use contained in or incorporated by reference into the Agreement, please do not use the Sites.
Information We Collect
We collect information, including personal data, to provide better services to all our Users. We use the term “Personal Data” or “Personal Information” to refer to any information that identifies or can be used to identify you. Common examples include: full name, contact information (including email address), digital identity (such as a login name or handle), information about your device, certain metadata, phone number, age, gender, IP address, geographic location, geo positional data, information supplied during registration, data usage trends, browser information, demographic information, browsing preferences, browsing data, type of device being used, Web app usage information, information regarding any URLs used with our Web app, data regarding use of our Web app, other information relevant to surveys or offers, and any other information we are legally allowed to collect.
Additionally, we will have access to your information, as well as financial and other information you input when using our Web app and software. This information will also include any information or data you enter about other people such as your customers, clients, or any other third parties. We require this information to provide Users with better service. We shall not be liable for, and you agree to indemnify us from, all such claims by third parties related to your misuse of such third-party information. You represent and acknowledge that you have the express written consent to use the information provided by those third parties to facilitate business and transactions with them.
“Sensitive Personal Data” refers to a smaller subset of Personal Data which is considered more sensitive to the individual, such as race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information, medical insurance data, or sexual orientation.
1. Information You Give to Us
As you evaluate whether Spendly is the right solution for your company, you may choose to provide us with Personal Data about yourself, including your name, company name, phone number, and email address by completing forms on our website. You may also choose to provide us with employment and education information when you apply for a job at Spendly via our Site. You may elect to provide us with location and address information. You may also provide us with Personal Data about yourself when you report a problem or have a question about our services.
2. Information We Obtain from Your Use of Our Services
We collect certain information automatically, such as your operating system version, browser type, and internet service provider. We also collect information about your interaction with the Services, such as creating or logging into your account, or opening or interacting with the Services on your mobile device. When you use our Site, we automatically collect and store this information in service logs, including details of how you used our Site, Internet protocol address, cookies that uniquely identify your browser, the referring web page, and pages visited. We may also collect and process information about your actual location. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.
3. Cookies and Similar Technologies
We and our partners use various technologies (including cookies, web beacons, pixel tags, and similar tracking technologies) to collect and store information when you visit our services. These technologies allow us to recognize your browser or device, count Users who visit our pages, track website statistics, analyze how visitors arrive at the Sites, and understand what content is popular. We also use third-party analytics providers to understand how visitors use our Site. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. For more information about cookies, you may visit www.allaboutcookies.org.
How We Use Information We Collect
We use your Personal Data in ways that are compatible with the purposes for which it was collected or authorized by you, including:
• To present, operate, or improve the Site and Services, including analysis of Site activity;
• To inform you about Services and products available from Spendly;
• To authorize access to our Sites and Services;
• To provide, maintain, administer, or expand the Services, perform business analyses, or for other internal purposes to support, improve, or enhance our business, the Services, and other products and services we offer;
• To offer and administer programs;
• To customize or tailor your experience of the Services;
• To communicate about, and administer your participation in, special programs, surveys, contests, online campaigns, sweepstakes, and other offers or promotions, and to deliver pertinent emails;
• To secure our Services, including to authenticate Users;
• To use statistical information that we collect in any way permitted by law;
• To respond to and support Users regarding their use of the Sites and Services;
• To comply with all applicable legal requirements;
• To enforce our Terms of Use and other agreements;
• To perform data analysis and testing;
• To investigate possible fraud or other violations of our Terms of Use or this Privacy Policy and attempts to harm our Users;
• To resolve disputes;
• To otherwise fulfill the purpose for which the information was provided.
We use information collected from cookies and other technologies to improve your User experience and the overall quality of our services. We may also use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Payment and Financial Information
From time to time, personal financial information (including credit card information) may be transmitted to facilitate transactions between you and us. Unless you authorize us as part of the Services we provide, we will not share such financial information with third parties other than those required to process and facilitate the sending and receiving of payments, including payment facilitators, banks, processing gateways, financial intermediaries, and merchant processors. You understand that we cannot control how these third parties will use such financial information to perform their services. By using our Web app and Services, you consent to this sharing of financial information. We do not store credit card information; the credit card information and actual processing does not take place on, and is not stored on, our servers. The transaction is processed on the servers of the particular credit card processor we use.
You agree to assume the risk and agree that it is your responsibility to properly handle, secure, not store, and destroy such financial information as may be necessary to protect it from misuse. You hold us harmless and indemnify us from any claims, breaches, loss, or damage resulting from the use of those payment facilitators, banks, processing gateways, financial intermediaries, and merchant processors we use. You agree we shall not be liable to you or any third party for misuse of such financial information.
Information We Share
We do not share personal data with companies, organizations, and individuals outside of Spendly unless one of the following circumstances applies:
With your consent. We will share Personal Data with companies, organizations, or individuals outside of Spendly when we have your consent to do so.
Enterprise Accounts. Your employer or organization may offer you access to our Services. We will share Personal Data with your employer or organization. Your employer or organization can review and manage your use of such enterprise Services.
For external processing. We provide personal information to our affiliates or other trusted businesses or partners to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. These third parties include marketing partners, third-party hosted services providers, and similar partners. It is our policy to only share Personal Data with contractors, service providers, and other third parties who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
For Legal Reasons. We will share Personal Data with companies, organizations, or individuals outside of Spendly if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request; enforce applicable Terms of Use, including investigation of potential violations; detect, prevent, or otherwise address fraud, security, or technical issues; or protect against harm to the rights, property, or safety of Spendly, our Users, or the public. We attempt to notify Users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
Business Transfers. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, Personal Data about our Users may be one of the transferred business assets. This includes any potential acquirer, joint venture, or successor entity, and applies in the event of bankruptcy, reorganization, or sale of assets.
Non-Personal and Aggregate Information. Spendly may compile and share information in aggregated form (i.e., in a manner that would not personally identify you) or in de-identified form so that it cannot reasonably be used to identify an individual. We may disclose such de-identified information publicly, to third parties, or to Spendly Partners under agreement with us.
We disclose Personal Information for a business purpose to the following categories of third parties:
• Our affiliates;
• Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with the Services we provide to you;
• Service providers and other third parties we use to support our business, including those performing core services such as credit card processing, customer support services, customer relationship management, accounting, auditing, advertising and marketing, analytics, email and mailing services, data storage, and security;
• Commercial providers;
• Enterprise accounts such as your employer or organization.
What We Don’t Do with the Information We Gather
We will not disclose, sell, distribute, rent, lease, or use any of a User’s data, Personal Information, or Financial Information, or the data of the User’s customers, clients, lessees, payees, mortgagors, or other third parties, to third parties who are not our officers, directors, members, managing members, employees, business partners, affiliates, strategic partners, licensors, licensees, independent contractors, third-party service providers, agents, or representatives, unless we have your permission or are required by law to do so. We do not store credit card information.
Processing of Your Data
We will not (a) modify your data, except for use with our Web app or when expressly permitted in writing by you; (b) disclose your data except as compelled by law or as expressly permitted in writing by you; or (c) access or use your data except to provide the application and prevent or address service or technical problems, or at your request in connection with customer support matters. In addition, we will comply with all applicable laws in providing the application to you. We agree to maintain the confidentiality of any data accessible by us or our Web app indefinitely following the expiration or termination of this Agreement.
Protected Health Information and HIPAA
Some of our Spendly Partners are healthcare providers, dental practices, or other entities subject to the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HIPAA”). When we provide Services to such Partners, we may receive, create, maintain, or transmit Protected Health Information (“PHI”) on their behalf, including in invoices, billing records, lab fee statements, and other documents submitted through our Web app.
When this occurs:
1. Spendly acts as a HIPAA Business Associate. Our Spendly Partner is the HIPAA Covered Entity and is responsible for the patient relationship, including obtaining all necessary patient authorizations and providing required Notices of Privacy Practices. Spendly’s role is limited to performing the Services described in our agreement with that Partner.
2. The Business Associate Agreement controls. Our handling of PHI is governed by a separate Business Associate Agreement (“BAA”) executed between Spendly and the applicable Partner. In the event of any conflict between this Privacy Policy and the BAA with respect to PHI, the BAA controls.
3. PHI is treated separately from other Personal Data. Notwithstanding any provision of this Privacy Policy that may suggest otherwise:
(a) We do not sell PHI;
(b) We do not use PHI for marketing, advertising, or to serve targeted advertisements;
(c) We do not share PHI with third-party advertising or analytics partners;
(d) We use PHI only as permitted by the BAA, including to perform the Services. Where the BAA permits Spendly to use PHI within artificial intelligence or machine learning systems to perform the Services, Spendly does so only in accordance with HIPAA and the terms of the BAA. We do not use identifiable PHI to train artificial intelligence or machine learning models in any manner not permitted by HIPAA or the BAA; and
(e) We use PHI only to perform the Services for the applicable Partner, as permitted by the BAA, or as required by law.
4. Subcontractors handling PHI. Where Spendly engages subcontractors that may receive PHI in connection with the Services, including cloud infrastructure providers and artificial intelligence service providers, Spendly maintains executed business associate agreements with such subcontractors as required by 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2).
5. De-identified information. PHI that has been de-identified in accordance with the standards set forth in 45 C.F.R. § 164.514(b) is no longer Protected Health Information under HIPAA. Spendly may use such de-identified information for any lawful purpose, including benchmarking, research, trend analysis, product improvement, and to train Spendly’s artificial intelligence and machine learning algorithms and improve Spendly’s products and services.
6. Patient requests. If you are a patient of one of our Spendly Partners and you wish to exercise rights with respect to your PHI, including rights of access, amendment, or accounting of disclosures under HIPAA, please direct your request to the Partner that provides your care. We will forward any such requests we receive to the applicable Partner for processing.
7. Breach notification. In the event of a breach of unsecured PHI, Spendly will notify the affected Partner in accordance with the timelines and requirements set forth in the applicable BAA.
8. State health-data laws. Some U.S. states (including, without limitation, Texas, California, and Washington) impose health-data protections that are stricter than or supplemental to HIPAA. Where applicable, Spendly will comply with such laws in addition to HIPAA.
For more information about how Spendly handles PHI, please contact your account representative or email spendly@getspendly.com.
Artificial Intelligence (AI) Disclaimer
This section outlines our use of Artificial Intelligence (“AI”) and machine learning technologies. By using our Web app, you acknowledge and agree to the practices described herein.
1. How We Use AI. We may leverage AI and machine learning through our Web app and our or third-party software for various purposes to enhance your experience, improve our services, and operate more efficiently. These uses may include: personalization (tailoring content, recommendations, and features based on your preferences and usage patterns); service improvement (analyzing aggregated and de-identified data to identify trends, improve functionality, and develop new features); security and fraud prevention (detecting and preventing malicious activities, unauthorized access, and fraudulent transactions); content moderation (assisting in identifying and moderating inappropriate or harmful content in accordance with our Terms of Service); customer support (powering chatbots or intelligent assistants to provide faster and more efficient support); and data analysis and insights (extracting insights from data to optimize our operations, marketing, and business strategies).
2. Data Used by AI. Our AI systems may process various types of data, including: information you provide directly (such as your profile information, communications, content you submit, and other Personal Data); automatically collected data (such as usage data, device information, IP addresses, location data, and other Personal Data); and in some cases, publicly available information. We endeavor to use anonymized or aggregated data where possible for AI training and analysis to minimize the use of personally identifiable information.
3. Limitations and Accuracy of AI. AI models, by their nature, may occasionally produce outputs that are incorrect, incomplete, or based on flawed assumptions. AI models are trained on data, and if that data contains biases, the AI may perpetuate or even amplify those biases. AI may not always fully grasp the nuances of human language, intent, or complex real-world situations, potentially leading to misinterpretations. Any decisions or actions taken based solely on AI outputs should be critically reviewed. Our AI systems are designed to assist, not replace, human judgment and oversight.
4. No Automated Decision-Making with Legal or Significant Effects. Unless explicitly disclosed and with your explicit consent where required by law, we do not use AI for automated decision-making that produces legal effects concerning you or similarly significantly affects you.
5. Data Security and Privacy. We implement appropriate technical and organizational measures to protect the data processed by our AI systems, in accordance with our Privacy Policy. This includes data encryption, access controls, and regular security audits.
6. Your Choices and Rights. Your rights regarding your personal data, as outlined in the “Your Rights and Choices” section of this Privacy Policy, apply to data processed by our AI systems. Depending on your jurisdiction, you may have rights related to access, rectification, erasure, restriction of processing, and objection to processing, even when AI is involved.
7. PHI within AI Systems. For customers who are HIPAA Covered Entities, Spendly’s use of PHI within AI systems is governed by the BAA between the parties, as described in the “Protected Health Information and HIPAA” section above.
8. Changes to this AI Disclaimer. We may update this AI Disclaimer from time to time to reflect changes in our AI practices or legal requirements. We will notify you of any material changes by posting the updated disclaimer on our website or through other appropriate communication channels. Your continued use of our Web app and Services after such modifications constitutes your acknowledgment and acceptance of the revised AI Disclaimer.
Your Rights and Choices
You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you use our Services, we aim to provide you with choices about how we use your Personal Data and access to your Personal Data. If that information is wrong, we strive to give you ways to update it quickly or to delete it, unless we have to keep that information for legitimate business or legal purposes. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
Depending on where you live and the applicable privacy laws, your rights may include:
• Access and Update: You may access and update your personal information.
• Correction: You can ask us to correct any inaccurate or incomplete Personal Data we have.
• Deletion: You can request that we delete your Personal Data in certain circumstances.
• Portability: You may obtain a portable copy of the Personal Data we maintain about you.
• Opt-Out of Marketing: You can opt out of receiving marketing communications from us at any time.
• Do Not Sell/Share: You have the right to direct us not to “sell” or “share” your Personal Data.
• Opt-Out of Targeted Advertising: You have the right to opt out of targeted advertising by us.
• Opt-Out of Automated Profiling: You have the right to opt out of automated profiling for the purposes of making decisions that produce legal or similarly significant effects.
• Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.
California Residents (CCPA)
Under the California Consumer Privacy Act (“CCPA”), California residents have specific rights regarding their personal information, including the rights to access, portability, deletion, and non-discrimination for the exercise of privacy rights. California residents may also opt out of our disclosure of Personal Data to third parties for their direct marketing purposes under the California “Shine the Light” law. To exercise these rights, you may submit a request via email to spendly@getspendly.com. You may also designate an agent to exercise your privacy rights on your behalf, with appropriate documentation (valid power of attorney, requester’s government-issued identification, and authorized agent’s government-issued identification).
Other U.S. State Residents (VCDPA, CPA, CTDPA, UCPA)
The Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), and Utah Consumer Privacy Act (“UCPA”) provide residents of those states with rights to confirm and access, correct, delete, port, and opt out of certain types of processing of Personal Information. Residents may exercise these rights by contacting spendly@getspendly.com.
European Union Residents (GDPR)
Some data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”) and corresponding legislation in the United Kingdom, provide you with certain rights in connection with Personal Data you have shared with us. If you are resident in the European Economic Area, you may have the rights to be informed, access, correction, erasure (“right to be forgotten”), to object (opt-out), to data portability, to refuse to be subjected to automated decision-making (including profiling), and to lodge a complaint with a supervisory authority. A list of Supervisory Authorities is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Canadian Residents (PIPEDA)
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) provides Canadian residents with the right to access the personal information we hold about them and the right to challenge the accuracy and completeness of that information and have it amended as appropriate. Canadian residents may submit a request to spendly@getspendly.com.
Our Response to Your Request
Upon receiving your request, we will confirm receipt by sending you an email. We may take steps to verify your identity before granting you access to the information. We will respond to your request within the timeframe required by applicable law (forty-five (45) days for California requests; thirty (30) days for Canadian requests). If we require more time, we will inform you of the reason and extension period in writing.
In some cases, our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. For PHI requests, please see the “Protected Health Information and HIPAA” section above.
Sale of Personal Information
In the preceding twelve (12) months, we have not sold any Personal Information.
Our Legal Basis for Collecting Personal Data
Our legal bases for collecting and using Personal Data may include:
• Your consent to such collection and use;
• Necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
• Our legitimate business interest, including intra-organization transfers for administrative purposes, product development and enhancement, communications and marketing (subject to opt-in where required), fraud detection and prevention, enhancement of cybersecurity, and general business operations and diligence.
In each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. We will limit such processing for our legitimate business interest to what is necessary for its purposes.
Our Opt-in/Opt-out Policy
By providing an email address on the Spendly Sites or Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any Service-related notices, or to provide you with information about our events, invitations, or related educational information. “Opt-in” is generally defined as any affirmative action by a User to submit or receive information.
You may opt out at any time by:
• Following the unsubscribe link provided in offers, newsletters, or other email messages (except for e-commerce confirmation or service notice emails);
• Contacting us through spendly@getspendly.com to unsubscribe from the service and opt out of our right per your consent under the terms of this Privacy Policy to share your Personal Data.
We reserve the right to contact you in the event of a change in this Privacy Policy or to provide you with any service-related notices.
Your Ad Choices
Third-party partners may place or recognize a unique cookie on your browser when you visit our Sites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). You may find more information about entities involved in online advertising and additional choices you may make, including opt-out of having your information used for internet-based advertising, through the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”).
Spendly Partners
Spendly customers (“Spendly Partners”) engage us to deliver Services to their employees, customers, and other users. Partner Information, Information about our Partners’ Contacts, and Archival Information are governed by this Privacy Policy, the Spendly Terms of Use, and any other services agreements between Spendly and the applicable Partner.
Spendly Partner Information. We collect information about individuals within our Spendly Partners’ organizations, including name, work email address, work phone number, job title, or similar information. We use Partner Information to support the Partner account, maintain our business relationship with the Partner, respond to Partner inquiries, or perform accounting functions. Spendly Partners may update personal information and password by logging into the Spendly Platform and updating their account, or contact Spendly support to delete their Personal Data. In some cases, we may not be able to delete Partner Information, and in such cases we will tell you why.
Information about our Partners’ Contacts. We collect information about contacts (employees, customers, and others) that may be uploaded into the Spendly Platform. This may include name, email address, phone number, job title, or similar information. We use this information to provide Services to such contacts. Spendly Partners may update or delete this information in the Spendly Platform or by contacting Spendly support.
Archival Information. We collect communications information for archival purposes on behalf of, and as directed by, our Spendly Partners. This information may include emails, texts, websites, and other forms of data or electronic communications. We do not control or monitor the information our Spendly Partners collect and store through our services. It is the Partner’s obligation to obtain all necessary consents and to comply with all applicable laws. Individuals must contact the applicable Partner to correct, amend, or delete their information.
Automatically Collected Information. We collect information automatically about how our Spendly Partners use our services via cookies, web beacons, and similar tracking technologies. We collect this information to monitor, support, and improve our services or to provide Spendly Partners with certain customized features.
We treat Partner Information, Information about our Partners’ Contacts, Archival Information, and Automatically Collected Information as the confidential and proprietary information of our Spendly Partners, subject to the terms of the Spendly Terms of Use and any other service agreement between Spendly and the Partner. We will retain Partner Information for as long as needed to provide services to our Partner, or for the period of time requested by a particular Partner.
Third Party Links
The Sites may contain links to webpages operated by parties other than Spendly. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. We strongly recommend that each User review the third party’s terms and policies before linking to or providing information to those websites. Users may be permitted to export, transfer, upload, or archive their data and other information from our Web app into various external cloud storage locations. User understands and agrees that we have no control over the security or privacy policies of those external connectors, integration systems, websites, or third-party software applications and agrees to hold us harmless from any claims related to any loss sustained related in any way to the export, transfer, upload, or archive of their data and other information.
International Transfer
Spendly currently processes all customer data within the United States. We do not currently market or offer our Services to residents of the European Economic Area, United Kingdom, or Switzerland.
If you are located in the European Economic Area, United Kingdom, or Switzerland and you choose to use our Services, you authorize the transfer of your information to the United States, where data protection laws may differ from those in your country. If we expand our operations to serve European customers in the future, we will implement appropriate data transfer mechanisms (such as Standard Contractual Clauses or certification under the EU-U.S. Data Privacy Framework) and update this Privacy Policy accordingly.
Data Security
Spendly maintains administrative, technical, and physical safeguards designed to protect the User’s Personal Data and information against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account technological reality, cost, the scope, context, and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms. We restrict access to personal information to Spendly employees, contractors, business partners, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations. We use commercially reasonable security measures such as encryption, firewalls, and Secure Socket Layer software (“SSL”) or hypertext transfer protocol secure (“HTTPS”) to protect Personal Data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will use reasonable efforts to protect each User’s personal data, we cannot guarantee the security of data transmitted to our Web app; any transmission is at the risk of each User. Please do not email or text us credit card information or other sensitive personal or financial information.
Data Retention
We may retain your Personal Data for a period of time consistent with the original purpose for collection. We keep your Personal Data for no longer than reasonably necessary for your use of Web apps and Services and for a reasonable period of time afterward. We may also retain your Personal Data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
We retain your Personal Data even after your business relationship with us ends if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Use, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed. PHI retention is governed by the BAA.
Children
The Site is not intended for use by children. Our Web app and Services are not intended for those under 18, and we will not knowingly collect any information from anyone under the age of 18. If we discover that we have collected any personally-identifying information from a child or person under the age of 18, we will promptly remove that information from our database. If you believe we might have any information from a child under 18, please contact us at spendly@getspendly.com.
Direct Marketing and Do Not Track Signals
Spendly does not track its users over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals. However, some third-party sites do keep track of your browsing activities when they serve you content. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons, and similar technologies, to allow you to opt out of data collection through those technologies.
Global Privacy Control (“GPC”) is a technical specification that you can use to inform websites of your privacy preferences regarding ad trackers. We honor the GPC signal automatically in your cookie preferences.
Your Failure to Provide Personal Data
Your provision of Personal Data is required in order to use certain parts of our Services and Web apps. If you fail to provide such Personal Data, you may not be able to access and use our Services and/or Web apps, or parts of our Services and/or Web apps.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services or programs, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
How to Contact Us
Please contact us if you have any specific questions or would like to access your personal information, request that your personal information be removed from our database, or to have your information updated, changed, or modified. You can contact us via email at spendly@getspendly.com.
