Privacy Policy

Last updated: April 2025

Spencer is a receipt-filing tool for FreeAgent users. This policy explains what personal data we collect, how we use it, who we share it with, and what your rights are under UK data protection law. We’ve written it in plain English on purpose.

Who we are

Spencer is operated by Owen Priestley, based in the United Kingdom. For the purposes of UK GDPR, we are the data controller for the personal data described in this policy.

If you have questions about how we handle your data, or want to exercise any of your rights, contact us at privacy@getspencer.co.

What data we collect

Account information

Your email address and name, collected when you sign in with Google. We use this to identify your account, send you service-related emails, and manage your billing.

Receipt content

When you forward or upload a receipt, we store the original file (PDF or image) and the email metadata (sender address, subject line). We process this content using AI to extract the merchant, amount, date, currency, and category. Both the raw file and the extracted data are stored in your account.

FreeAgent connection

When you connect your FreeAgent account, we store OAuth access and refresh tokens so Spencer can read your expenses and file receipts on your behalf. We do not store your FreeAgent password. You can disconnect at any time from Settings, which removes all stored tokens.

Telegram

If you choose to link Telegram, we store your Telegram chat ID so we can send you filing notifications. We do not store your Telegram username or phone number. You can unlink Telegram from Settings at any time.

Billing

We store your Stripe customer ID and subscription status so we can manage your billing. Card details are handled entirely by Stripe — we never see or store them.

Usage and technical data

We use Google Analytics to understand how people use Spencer (page views, general navigation). This data is anonymised and aggregated — it does not identify you personally. We also use session cookies to keep you signed in.

How we use your data

We use your data only to provide and improve Spencer. Specifically:

  • To process receipts and file them in FreeAgent on your behalf
  • To send you notifications about receipts via Telegram or email
  • To manage your subscription and process payments
  • To respond to support requests
  • To understand how the product is used so we can improve it

We do not sell your data, use it for advertising, or share it with anyone except the third-party services listed below that are necessary to operate Spencer.

Third-party services

Spencer relies on the following third-party processors. Each acts on our instructions and only processes data necessary to deliver their service.

Supabase
Database and file storage. Your account data, receipt records, and uploaded files are stored on Supabase infrastructure.
Anthropic (Claude)
AI processing. Receipt content — including any files you send — is processed by Anthropic's Claude API to extract merchant, amount, date, and category. Anthropic does not use API inputs to train their models.
FreeAgent
Your accounting software. Spencer reads your expenses and files receipts via the FreeAgent API using the OAuth tokens you provide.
Stripe
Payment processing. Handles subscription billing and stores payment method details. Spencer only receives subscription status updates from Stripe.
Resend
Email receiving. Forwards receipt emails sent to your Spencer address and delivers them to our processing pipeline.
Telegram
Optional notifications. If you link Telegram, Spencer uses the Telegram Bot API to send you filing updates.
Google
Sign-in (Google OAuth via Supabase) and analytics (Google Analytics). Analytics data is anonymised. You can opt out of Google Analytics using standard browser tools.

How long we keep your data

Raw receipt files — PDFs and images are automatically deleted within 7 days of being received, whether or not they were successfully filed. If a receipt is filed earlier, the file is deleted at that point.

Receipt records — The extracted data and filing history (merchant, amount, date, match reasoning) are kept in your account so you can review what was filed. You can delete individual receipts or clear your entire history from Settings at any time.

Account data — Kept for as long as you have an active account. When you delete your account, all your data is removed from Spencer’s systems immediately, including your profile, receipts, forwarding addresses, FreeAgent tokens, and any stored files. Note that receipts already filed in FreeAgent will remain in FreeAgent — Spencer cannot delete them on your behalf.

Billing records — Stripe retains billing history as required for financial and legal compliance, independent of your Spencer account status.

Your rights

Under UK GDPR you have the right to:

  • Access your data — export a full copy from Settings › Export my data
  • Erasure — delete your account from Settings › Delete account
  • Portability — download your data as JSON from Settings › Export my data
  • Rectification — contact us to correct inaccurate data
  • Restriction or objection — contact us to restrict how we process your data

Most of these rights are available self-serve in your Settings. For anything else, email privacy@getspencer.co and we will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Cookies

Spencer uses two types of cookies:

  • Authentication cookie — set when you sign in, kept for the duration of your session. Strictly necessary for the service to work.
  • Google Analytics — used to understand how people use Spencer in aggregate. No personal data is collected. You can opt out using a browser extension like Google’s Analytics Opt-out Add-on.

Changes to this policy

If we make significant changes to how we handle personal data, we will notify active users by email before the changes take effect. The “last updated” date at the top of this page always reflects the most recent version.

Contact

Questions about this policy or how we handle your data? Email privacy@getspencer.co.