Last updated: 30 June 2026 — ClearSpend v1.1 (Shared Wallet)
ClearSpend has two distinct modes, and they have very different privacy profiles. Read the section that applies to you.
| Mode | Account? | Where your data lives | Who can see it |
|---|---|---|---|
| Solo (the default) | None | Only on your device (optionally your own private iCloud) | Only you |
| Shared Wallet (opt-in) | Sign in with Apple (or Google / email) | The shared wallet's records sync to a cloud database (Google Firebase); your personal wallets stay on-device | You and the one member you invite |
You are in Solo mode unless and until you deliberately turn on Shared Wallet. There is no background switch and no default sharing.
If you never open a Shared Wallet, ClearSpend behaves exactly as a fully local app:
ClearSpend is manual-first by design. It does not connect to your bank, does not use Plaid or any aggregation service, and never asks for bank credentials — not for solo wallets and not for shared wallets. You log spending by hand, including cash, so there is no financial-institution login for us, or anyone, to access.
Shared Wallet lets you and one other person (a partner, household member, or roommate) co-manage one set of finances on the same live records. Making this work requires an account and a cloud database. We keep that footprint as small and honest as possible: only the wallet you choose to share is involved, and only while you choose to share it.
To create or join a Shared Wallet you must sign in, because there are two real people who need a stable identity to be paired together. We use Firebase Authentication (a Google service). On iOS the primary option is Sign in with Apple; Sign in with Google and email/password are also available. If you use Sign in with Apple, you can choose Apple's Hide My Email relay so we never see your real address. We receive only what the sign-in provider returns — a user identifier and, depending on your choice, an email address and display name — which we use solely to authenticate you and connect you to your shared wallet. Account creation happens only when you start or accept a share. Solo users never see a sign-in screen.
When you share a wallet, and only for that wallet, the following is stored in Google Firebase / Cloud Firestore so both members can see and edit it:
Only the wallet's members — you and the one person you invite — can read or write a shared wallet. This is enforced by server-side security rules: a record under a share is accessible only to accounts listed as that share's members, and a client cannot add itself to a share (only our server-side invite logic can add a member you invited). Invite links and codes are single-use and expire after 72 hours.
Google as a processor. Because shared data lives on Google Firebase, Google processes and stores it on our behalf as a sub-processor. Firebase encrypts data in transit (TLS) and at rest (AES-256). Like essentially every finance app built on a cloud database, Google can technically access data on its servers to operate the service; we do not grant any other party access, we never sell or share it for advertising, and we are exploring stronger end-to-end encryption for a future version. We are honest about this rather than claiming a protection we do not yet provide.
You are never locked in. The principle is: you can always walk away with a local copy of anything you could see.
Shared records persist in the cloud only while the share is active. Deleted records sit in a 30-day recovery bin and are then permanently erased. Authentication records persist while your account exists and are removed when you delete your account. We keep no shared-wallet data after a share is deleted beyond the grace window.
Either member can export the shared wallet's records as CSV or JSON at any time, the same as solo data. This satisfies your right to data portability.
ClearSpend contains no analytics SDK (no Amplitude, Mixpanel, Firebase Analytics, Segment, or equivalent) and no third-party crash reporting service (no Sentry, Crashlytics, or equivalent). Enabling Shared Wallet does not turn on analytics — the Firebase services we use are Authentication, Firestore, and (if you opt in) messaging, not Analytics. If you submit a crash report through Apple's standard iOS dialog, it goes to Apple under Apple's privacy policy and never contains your financial data.
ClearSpend contains no advertising SDK and shows no ads. We do not use the App Tracking Transparency framework because we do not track you across apps or websites, and we never use your data for advertising — in either mode.
Optional Pro purchases (a one-time lifetime unlock or a yearly subscription) and the Household subscription that powers Shared Wallet are processed entirely by Apple through the App Store using StoreKit 2, with RevenueCat managing entitlements. We never see your payment details, card number, or Apple ID email. Apple's privacy policy governs payment processing.
Solo: ClearSpend schedules local notifications on-device (e.g., budget alerts or a daily reminder); no content is sent to any server. Shared Wallet: if you opt in, you may receive push notifications when your partner changes the shared wallet, delivered via Firebase Cloud Messaging. Notifications are off until you enable them, and you can revoke permission at any time in iOS Settings › Notifications › ClearSpend.
ClearSpend does not read, store, or transmit advertising identifiers (no IDFA) and does not use the device IDFV for tracking. The only identifier associated with cloud data is the account user identifier created when you sign in for a Shared Wallet, used solely to authenticate you and manage membership.
ClearSpend is rated 4+ and is not directed at children under 13. Shared Wallet requires signing in and is intended for adults managing a household; we do not knowingly collect data from children.
Where the GDPR applies, our legal basis for processing shared-wallet data is the performance of the service you requested when you chose to share a wallet (contract), and your consent for optional notifications. For shared data we act as a data controller and Google (Firebase) acts as our processor under Google's data processing terms. You have the right to access, export, correct, and delete your data; the in-app export and account-/share- deletion tools above provide these directly. Under the CCPA, we do not and will not sell or share your personal information.
Solo mode integrates only with Apple's own frameworks (SwiftData, CloudKit, StoreKit, UserNotifications). Shared Wallet additionally uses Google Firebase (Authentication, Cloud Firestore, and optional Cloud Messaging), governed by the Google Privacy Policy, and RevenueCat for purchase entitlements. Apple's handling is governed by the Apple Privacy Policy.
If this policy changes, the date above is updated and the change is noted in the app's release notes. A change that would materially increase data collection requires your action to take effect — for example, you must opt into Shared Wallet before any cloud collection begins.
Questions about this policy or a data request? Email dark2torch@gmail.com. We aim to respond within two business days.
See also our Terms of Use.
ClearSpend is a personal budgeting and expense-tracking tool for general awareness. It is not financial, investment, accounting, or tax advice, and is not a substitute for a qualified professional. For decisions specific to your situation, consult a licensed financial advisor or accountant.