Your privacy matters. We collect only what's necessary to provide SpendNote, and we never sell your data to third parties.
1. Overview
Sildsys, LLC, a Delaware limited liability company ("Company", "we", "our", or "us"), operates the SpendNote service available at spendnote.app. Sildsys, LLC is the data controller responsible for your personal data.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy regulations.
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose |
|---|---|
| Name & Email | Account creation, waitlist/newsletter signup & communication |
| Password (hashed) | Account security |
| Company name (optional) | Receipt customization |
| Receipt content | Service functionality |
| Payment information | Subscription billing (processed by Stripe) |
2.2 Information Collected Automatically
- Usage data: Features used, pages visited, actions taken
- Device information: Browser type, operating system, device type
- IP address: For security and fraud prevention
- Cookies: Session and preference cookies (see Section 8)
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process transactions and send related information
- Send administrative notifications and updates
- Send product updates and early access invitations if you join our waitlist/newsletter (you can unsubscribe at any time)
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues and fraud
We do NOT: Sell your data - Use it for advertising - Share with third parties for marketing
4. Information Sharing
We share your information only in the following circumstances:
- Service providers: Third parties that help us operate the Service (hosting, payment processing, email delivery)
- Legal requirements: When required by law, legal process, or government request
- Business transfers: In connection with a merger, acquisition, or sale of assets
- With your consent: When you explicitly authorize sharing
Our Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing & subscription billing | United States |
| Cloudflare, Inc. | Website hosting, security, CDN | Global |
| Supabase, Inc. | Authentication and database hosting | EU (Frankfurt, Germany) |
| Resend, Inc. | Transactional email delivery | United States |
| Google LLC | Analytics (Google Analytics), OAuth authentication | United States |
| Microsoft (Clarity) | Privacy-focused session analytics | United States |
Each service provider is contractually obligated to protect your data and use it only for the purposes described above.
5. Data Security
We implement industry-standard security measures:
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access controls: Role-based access, principle of least privilege
- Payment security: Credit card data is handled exclusively by Stripe (PCI DSS Level 1 certified). We never store your full card number.
- Monitoring: Security monitoring and intrusion detection
- Backups: Regular encrypted backups
- Password security: Passwords hashed using bcrypt with salt
6. Data Retention
We retain your data as follows:
- Active accounts: Data retained while account is active
- Account deletion: When you delete your account, all associated data (receipts, transactions, cash boxes, personal data) is permanently removed. We do not retain copies of deleted user data.
- Payment processing records: Payment transaction records are stored by our payment processor (Stripe) in accordance with their own retention policies. We do not store your credit card details.
- Legal requirements: Some data may be retained longer if required by law
7. International Data Transfers
Sildsys, LLC is based in the United States. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For users in the EEA, UK, and Switzerland, we ensure appropriate safeguards for international data transfers through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service providers that participate in recognized data transfer frameworks
- Contractual obligations requiring equivalent data protection standards
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
8.1 GDPR Rights (EEA, UK, Switzerland)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Withdraw consent: Withdraw consent for optional processing
8.2 CCPA Rights (California Residents)
- Right to know: What personal information we collect and how we use it
- Right to delete: Request deletion of your personal information
- Right to opt-out: Opt out of the sale of personal information (we do not sell personal data)
- Non-discrimination: We will not discriminate against you for exercising your rights
To exercise any of these rights, contact us at legal@spendnote.app. We will respond within 30 days (or as required by applicable law).
9. Cookies
We use the following types of cookies:
- Essential cookies: Required for the Service to function (authentication, security)
- Preference cookies: Remember your settings and preferences
- Analytics cookies: Help us understand how you use the Service (anonymized)
Geo-based consent behavior: For users in the EEA, UK, and Switzerland, non-essential analytics are disabled by default and enabled only after explicit consent. For users outside these regions, analytics may be enabled by default to support service reliability and product improvement.
Consent choices: Where consent is required, we show a cookie choice banner with options for essential-only or accepting analytics. Your choice is stored in your browser and can be changed by clearing site data/cookies in browser settings.
Monitoring note: We use privacy-focused technical monitoring (for example error tracking) to detect and resolve service issues. In strict-consent regions, this monitoring is treated as non-essential analytics and is loaded only after consent.
You can also manage cookie preferences in your browser settings. Disabling essential cookies may affect Service functionality.
10. Children's Privacy
SpendNote is not intended for children under 16 (or under 13 in the United States). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a prominent notice on the Service at least 30 days before the changes take effect. Your continued use after changes become effective constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or concerns:
- Email: legal@spendnote.app
- Support: support@spendnote.app
Sildsys, LLC
1111 S Governors Ave, B #45989
Dover, DE 19904
United States
If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.