Privacy Policy

ClearSpend ("ClearSpend", "we", "our", or "us") is a SaaS spend and subscription management platform operated by ClearSpend AI LLC. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data, including data we receive from Google APIs, when you use our platform, browser extension, and website (the "Service").

1. Information We Collect

We collect only the personal data necessary to provide and improve the Service:

• Account Information: Name, email, job title, and company name.

• Financial & Transactional Data: Invoices, receipts, bank statements, and subscription metadata (vendor names, renewal dates, costs) that you upload or that is synced on your behalf.

• Third-Party Integration Data: Data retrieved through integrations you connect, including Google Workspace (Gmail and Google Drive), Plaid, ERP systems, and Slack, used to detect and track SaaS spend.

• Usage Data & Identifiers: IP addresses, browser type, device identifiers, and cookies or similar technologies recording your interactions with the Service.

2. Google User Data and Limited Use

ClearSpend integrates with Google Workspace to automatically detect software and subscription spend. This section describes specifically how we access, use, store, and share data received from Google APIs.

Affirmative statement. The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access and why:

• Gmail (read-only): We access Gmail on a read-only basis only as necessary to identify subscription-related receipts, invoices, vendor names, charge amounts, and renewal information needed to provide spend-discovery features. To minimize what we process, we filter messages for spend-related keywords (such as "invoice," "receipt," or "payment") and process the contents only of messages that match; messages that do not match are not processed. We do not send, delete, or modify any email on your behalf.

• Google Drive: We access documents you make available to ClearSpend (such as invoices and receipts) solely to build your audit-ready document library and reconcile spend. We access only the files needed for this feature.

How we use Google data. Google user data is used only to provide or improve user-facing features that are visible and prominent in the ClearSpend interface — namely subscription detection, renewal alerts, AI spend tracking, and document management.

What we do NOT do with Google data:

• We do not use Google user data, or any data aggregated, anonymized, or derived from it, to train, fine-tune, or improve any general or proprietary machine-learning or AI model.

• We do not sell or transfer Google user data to third parties, except as narrowly permitted by the Limited Use requirements (to provide a user-facing feature with your consent, for security purposes, to comply with law, or in connection with a merger or acquisition with prior consent).

• We do not use Google user data for advertising of any kind.

• We do not allow humans to read Google user data, except where you give explicit consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized and is used for internal operations in accordance with the Limited Use requirements.

You can disconnect Google integrations and revoke ClearSpend's access at any time through your Google Account permissions at myaccount.google.com/permissions or from within the ClearSpend settings.

3. Legal Basis for Processing (GDPR/UK GDPR)

If you are located in the EEA or UK, we process your personal data under the following legal bases:

• Performance of a Contract: To provide the Service you signed up for.

• Legitimate Interests: To improve our platform, ensure security, and conduct analytics, where not overridden by your rights.

• Consent: Where you have explicitly opted in (for example, connecting an integration or receiving marketing communications).

• Legal Obligation: To comply with tax, fraud prevention, or regulatory requirements.

4. How We Use Your Personal Data

We use your personal data to:

• Deliver the Service: Categorize expenses, identify redundant subscriptions, detect renewals, and provide analytics.

• Automate document processing: Extract text and structured fields from invoices, receipts, and statements you provide.

• Communicate: Send system updates, security alerts, renewal notifications, and customer support responses.

• Improve the platform: Monitor platform performance and develop new features, using data that is not received from Google APIs (see Section 5).

5. AI Processing & Sub-Processors

• AI use: Our platform uses AI to automate spend discovery and to extract structured data from the documents you provide.

• Sub-processors: Third-party AI providers (for example, OpenAI and Anthropic) may process uploaded documents to extract text and fields. These providers are contractually restricted from using your data to train their general models, and processing is temporary and limited to the extraction task.

• No model training on your data: We do not use your personal or financial data — and specifically do not use any Google user data, or data derived from it — to train or improve our own or any third party's machine-learning models.

• Data minimization: Only the minimum data necessary to perform a task is sent to a sub-processor, and identifiers are removed wherever the feature allows.

• No selling: We never sell your personal or financial data.

6. Cookies and Tracking

We use cookies to maintain sessions and improve site functionality:

• Necessary Cookies: Required for technical reasons, such as keeping you logged in.

• Analytical Cookies: Help us understand usage patterns (for example, Google Analytics).

You can manage cookies through your browser, though some features may not function if necessary cookies are disabled.

7. Sharing Personal Data

We share personal data only when necessary:

• Service Providers: Cloud hosting (AWS/Azure), payment processing (Stripe), and support tooling.

• Legal Compliance: When required by law or valid legal process.

• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the restrictions in Section 2 for Google user data.

We do not share Google user data with any party except as described in Section 2.

8. Data Security

We implement rigorous security measures:

• Encryption: AES-256 at rest; TLS 1.2+ in transit.

• Access Controls: Multi-factor authentication (MFA) and least-privilege internal access.

• Audits & Reviews: Regular vulnerability scans and internal security assessments, consistent with the security requirements applicable to restricted Google API scopes.

If you believe your account or data has been compromised, contact us immediately at info@clearspend.ai.

9. Data Retention & Deletion

• Retention: Personal data is kept while your account is active or as required for legal or audit purposes.

• Google user data: We do not retain raw Google user content (such as the body of an email message or a Drive file) longer than necessary to provide the requested feature, and we do not keep cached copies longer than permitted. Subscription metadata and records generated by the Service from that content (for example, vendor name, renewal date, and cost) may be retained while your account remains active. This data is deleted when you disconnect the integration, delete the associated records, or close your account.

• Right to erasure: We delete personal data within 90 days of a verified request.

• Anonymized data: Aggregated, de-identified data that is not derived from Google APIs may be retained for trend analysis. Such data is never used to train AI or ML models.

• Deletion requests: You can request deletion of your data at any time by emailing info@clearspend.ai or using the in-app deletion controls. Help documentation explaining how to manage and delete your data is available in the ClearSpend settings and at docs.clearspend.ai.

10. International Data Transfers

Your personal data may be processed in the U.S. or other countries where we or our sub-processors operate. Where required, international transfers out of the EEA or UK are protected through Standard Contractual Clauses (SCCs) and other legally recognized safeguards.

11. Your Rights & Regional Notices

Depending on your location, you have the following rights:

• Access & Portability: Request a copy of your personal data.

• Correction/Deletion: Fix errors or remove your data.

• Marketing Preferences: Opt out of promotional emails at any time via the "Unsubscribe" link.

• California Residents (CCPA/CPRA): We do not sell or share personal information for cross-contextual behavioral advertising. You may opt out of automated decision-making.

To exercise any right, contact info@clearspend.ai.

12. Children's Privacy

The Service is intended for business users and is not directed to children under 16. We do not knowingly collect personal data from minors.

13. Changes & Contact

We may update this Privacy Policy. Material changes will be communicated through the platform with an updated Effective Date.

Email: info@clearspend.ai

Operated by: ClearSpend AI LLC, 30 N Gould St, Sheridan, WY 82801-6317, US

Website: www.clearspend.ai