Privacy Policy

1. Who We Are

CheckSpent (“we”, “us”, “our”) operates the website at checkspent.com. We provide an AI-powered tool that analyses bank statements to detect recurring subscription charges. For privacy inquiries, contact us at privacy@checkspent.com.

2. Information We Collect

We collect only what is necessary to provide and improve the service:

3. How We Use Your Information

We use your information for the following purposes and legal bases:

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Data Retention

• Uploaded files: Deleted immediately after analysis. Not stored on disk.
• Subscription reports: Expire automatically after 24 hours.
• Anonymous analytics: Retained indefinitely (no PII).
• Email addresses: Retained until you unsubscribe or request deletion.
• Payment records: Retained as required by Australian tax law (typically 5–7 years).
• Consent records: Retained for the duration of your use of the service plus 7 years.

5. Third-Party Service Providers

We use the following categories of third-party service providers to operate CheckSpent:

• Cloud database providers — secure database and analytics storage (no PII stored).
• AI processing providers — for automated bank statement analysis. Files are processed transiently and are not used to train AI models under our data processing agreements. The specific AI provider may change from time to time; any provider used will be bound by equivalent or stronger data protection obligations.
• Payment processors (such as Stripe) — to handle secure payment transactions.
• Hosting and CDN providers — to serve the website globally.

We do not share transaction data or bank statement contents with any of these providers beyond what is strictly necessary to perform the analysis. All third-party providers are bound by data processing agreements that require them to protect your data in accordance with applicable privacy laws.

6. International Data Transfers

CheckSpent is based in Australia. Some of our third-party service providers may process data in jurisdictions outside Australia, including the United States and the European Economic Area. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission (for EU/UK data).
• Data processing agreements with all providers.
• Verification that the receiving jurisdiction provides adequate data protection or that appropriate contractual protections are in place.

By using CheckSpent, you consent to the transfer of your information to these jurisdictions for the purposes described in this policy.

7. Cookies and Tracking

CheckSpent uses cookies and similar technologies to keep the website functioning, remember session state, and measure aggregate usage. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings; some site features may not function correctly if you do.

8. Referral Links

Some links on CheckSpent (including on the Referral Codes and Savings Hub pages) are referral or affiliate links. If you click one and sign up or make a purchase, CheckSpent may receive a commission or bonus at no extra cost to you. These relationships do not influence the editorial selection of services listed. All referral relationships are disclosed in accordance with the requirements of the Australian Competition and Consumer Commission (ACCC).

9. Security

We take reasonable technical and organisational measures to protect information against unauthorised access, loss, or disclosure, including:

• Bank statement files are processed in isolated server memory and are not persisted to any storage medium.
• Our analytics database uses row-level security and is accessible only via server-side credentials.
• All data in transit is encrypted using TLS/SSL.
• Access to production systems is restricted to authorised personnel only.
• We conduct periodic security reviews of our infrastructure and third-party providers.

Despite these measures, no internet transmission is completely secure and we cannot guarantee absolute security. If you become aware of any security incident affecting your data, please contact us immediately at privacy@checkspent.com.

10. Data Breach Notification

In the event of an eligible data breach under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law. We will also notify affected EU/UK residents under GDPR Article 33 and UK GDPR Article 33 where applicable. Notification will be provided without undue delay and, where feasible, within 72 hours of becoming aware of a qualifying breach.

11. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request erasure of personal data (subject to legal retention obligations).
• Portability (GDPR/UK GDPR): Request your data in a structured, machine-readable format.
• Objection (GDPR/UK GDPR): Object to processing based on legitimate interests.
• Restriction (GDPR/UK GDPR): Request restriction of processing in certain circumstances.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Automated decision-making (GDPR/UK GDPR): You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. CheckSpent's AI analysis produces informational reports only and does not make decisions with legal or similarly significant effects on you.

To exercise any of these rights, contact us at privacy@checkspent.com. We will respond within 30 days. Australian users may also lodge a complaint with the OAIC at oaic.gov.au. EU users may lodge a complaint with their local data protection authority. UK users may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Children's Privacy

CheckSpent is not directed at children under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Do Not Track

CheckSpent does not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard interpretation of DNT. We do not use third-party advertising or tracking cookies regardless of your DNT setting.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated “Last updated” date at the top of this page. If a change materially affects how we handle your personal data, we will make reasonable efforts to notify you (for example, by email or prominent website notice). Continued use of the service after changes constitutes acceptance of the revised policy.

15. Contact Us

For privacy requests, questions, or complaints, contact us at: privacy@checkspent.com. We aim to respond to all enquiries within 30 days.