Privacy Policy
Last updated:
1. Controller and Contact
The Spreadsheet is the controller of the personal data described in this Privacy Policy. This notice explains what we collect, why we use it, who we share it with, how long we keep it, and the rights you may have. If you have questions about this policy or our handling of personal data, contact support@thespreadsheet.com.
2. Information We Collect
Depending on how you use the service, we may collect the following categories of personal data:
- Account and profile data: Email address, authentication-related account details, first name, last name, date of birth, language and locale preferences, country, profile image, and other profile settings you choose to save.
- Financial and planning data: Information you enter into the app, such as income, budgets, expenses, debts, goals, insurance, investments, property and mortgage information, retirement assumptions, household data, and other planning inputs.
- Technical and support data: Session and device identifiers, basic security and activity information, household invite activity, support or feedback messages you send us, and limited operational data needed to run, secure, and troubleshoot the service.
3. How We Use Your Information and Our Lawful Bases
We use your data to create and secure your account, provide the features you ask us to provide, save your settings, support household sharing, respond to support requests, prevent abuse, and improve the reliability of the service. Our main lawful bases are contract, where processing is needed to provide the service you requested; legitimate interests, where processing is needed to secure, operate, and improve the app; legal obligation, where we must keep or disclose information; and consent, where we ask for it specifically. We do not use your data for solely automated decisions that produce legal or similarly significant effects.
4. Sharing, Processors, and International Transfers
We do not sell your personal data to third parties.
We share data only where needed to run the service, such as with hosting, database, authentication, storage, email, and support providers. At the time of writing this includes services such as Supabase and Resend, plus other infrastructure providers we use to operate the app.
Some providers may process data outside the UK or EEA. Where that happens, we rely on appropriate safeguards, such as adequacy decisions or approved contractual protections. We may also disclose information where required by law or in response to valid requests from public authorities.
5. Retention and Security
We keep account and financial data while your account is active so the service works as expected. When you delete your account, we delete or de-identify the data linked to it unless we need to retain limited information for security, fraud prevention, dispute handling, backup recovery, or legal compliance. We use access controls, authentication, encrypted transport, and database security controls, but no internet service can guarantee absolute security.
6. Your Rights
Depending on the law that applies and the reason we are processing your data, you may have the following rights:
- Access and Correction: You can ask for a copy of your personal data and ask us to correct inaccurate or incomplete information. Many profile and planning fields can already be updated in the app.
- Erasure: You can ask us to delete your account and associated personal data where the right applies. You can initiate account deletion in the security area or contact support.
- Portability: Where the right applies, you can ask for a copy of the data you provided to us in a structured, commonly used, machine-readable format.
- Restriction and Objection: You can ask us to restrict certain processing or object where we rely on legitimate interests, subject to the limits set by data protection law.
- Complaint: You can contact us first at support@thespreadsheet.com, and you also have the right to complain to the Information Commissioner's Office in the UK.
7. Household and Shared Data
If you use household features, selected financial information can be visible to other members of the same household workspace. You should only invite people you want to share that data with. Leaving a household stops future shared access, but some records created within that shared workspace may remain there unless deleted separately.
8. Cookies and Storage Technologies
We use cookies and similar technologies, including browser storage such as localStorage and sessionStorage, to keep you signed in, secure your account, remember preferences like theme, language, and active workspace, and support core app reliability features. Some of these technologies are strictly necessary for the service you request.
We also use limited performance measurement tools, including Vercel Speed Insights, to understand site performance and reliability. We do not currently use advertising cookies or third-party marketing trackers.
9. Changes and Contact
We may update this Privacy Policy from time to time. When we make material changes, we will publish the updated version on this page and update the "Last updated" date.
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at support@thespreadsheet.com.