← ClearSpend

Privacy Policy

Last updated: 30 June 2026 — ClearSpend v1.1 (Shared Wallet)

Local-first by default. Sharing is your choice.
The short version: If you use ClearSpend on your own, nothing changes and nothing is collected — you create no account and your transactions, budgets, categories, and wallets live only on your device (or in your own private iCloud). Shared Wallet is a separate, opt-in feature. Only when you choose to share a wallet with another person do we sync that one wallet's records to a secure cloud database so you and your invited member can both see and edit it. Your personal wallets stay 100% on your device even then. We never link to your bank, never sell your data, never run ads, and never track you.

1. Two ways to use ClearSpend

ClearSpend has two distinct modes, and they have very different privacy profiles. Read the section that applies to you.

ModeAccount?Where your data livesWho can see it
Solo (the default) None Only on your device (optionally your own private iCloud) Only you
Shared Wallet (opt-in) Sign in with Apple (or Google / email) The shared wallet's records sync to a cloud database (Google Firebase); your personal wallets stay on-device You and the one member you invite

You are in Solo mode unless and until you deliberately turn on Shared Wallet. There is no background switch and no default sharing.

2. Solo mode — no account, nothing collected

If you never open a Shared Wallet, ClearSpend behaves exactly as a fully local app:

3. No bank linking, ever — in either mode

ClearSpend is manual-first by design. It does not connect to your bank, does not use Plaid or any aggregation service, and never asks for bank credentials — not for solo wallets and not for shared wallets. You log spending by hand, including cash, so there is no financial-institution login for us, or anyone, to access.

4. Shared Wallet (opt-in) — what changes

Shared Wallet lets you and one other person (a partner, household member, or roommate) co-manage one set of finances on the same live records. Making this work requires an account and a cloud database. We keep that footprint as small and honest as possible: only the wallet you choose to share is involved, and only while you choose to share it.

4.1 Sign in with Apple (and other sign-in options)

To create or join a Shared Wallet you must sign in, because there are two real people who need a stable identity to be paired together. We use Firebase Authentication (a Google service). On iOS the primary option is Sign in with Apple; Sign in with Google and email/password are also available. If you use Sign in with Apple, you can choose Apple's Hide My Email relay so we never see your real address. We receive only what the sign-in provider returns — a user identifier and, depending on your choice, an email address and display name — which we use solely to authenticate you and connect you to your shared wallet. Account creation happens only when you start or accept a share. Solo users never see a sign-in screen.

4.2 What gets synced to the cloud

When you share a wallet, and only for that wallet, the following is stored in Google Firebase / Cloud Firestore so both members can see and edit it:

4.3 What never leaves your device, even when you share

4.4 Who can see shared data

Only the wallet's members — you and the one person you invite — can read or write a shared wallet. This is enforced by server-side security rules: a record under a share is accessible only to accounts listed as that share's members, and a client cannot add itself to a share (only our server-side invite logic can add a member you invited). Invite links and codes are single-use and expire after 72 hours.

Google as a processor. Because shared data lives on Google Firebase, Google processes and stores it on our behalf as a sub-processor. Firebase encrypts data in transit (TLS) and at rest (AES-256). Like essentially every finance app built on a cloud database, Google can technically access data on its servers to operate the service; we do not grant any other party access, we never sell or share it for advertising, and we are exploring stronger end-to-end encryption for a future version. We are honest about this rather than claiming a protection we do not yet provide.

4.5 Leaving, removing, and deleting a share

You are never locked in. The principle is: you can always walk away with a local copy of anything you could see.

4.6 Retention

Shared records persist in the cloud only while the share is active. Deleted records sit in a 30-day recovery bin and are then permanently erased. Authentication records persist while your account exists and are removed when you delete your account. We keep no shared-wallet data after a share is deleted beyond the grace window.

4.7 Export and portability

Either member can export the shared wallet's records as CSV or JSON at any time, the same as solo data. This satisfies your right to data portability.

5. Analytics and crash reporting

ClearSpend contains no analytics SDK (no Amplitude, Mixpanel, Firebase Analytics, Segment, or equivalent) and no third-party crash reporting service (no Sentry, Crashlytics, or equivalent). Enabling Shared Wallet does not turn on analytics — the Firebase services we use are Authentication, Firestore, and (if you opt in) messaging, not Analytics. If you submit a crash report through Apple's standard iOS dialog, it goes to Apple under Apple's privacy policy and never contains your financial data.

6. Advertising and tracking

ClearSpend contains no advertising SDK and shows no ads. We do not use the App Tracking Transparency framework because we do not track you across apps or websites, and we never use your data for advertising — in either mode.

7. Purchases

Optional Pro purchases (a one-time lifetime unlock or a yearly subscription) and the Household subscription that powers Shared Wallet are processed entirely by Apple through the App Store using StoreKit 2, with RevenueCat managing entitlements. We never see your payment details, card number, or Apple ID email. Apple's privacy policy governs payment processing.

8. Notifications

Solo: ClearSpend schedules local notifications on-device (e.g., budget alerts or a daily reminder); no content is sent to any server. Shared Wallet: if you opt in, you may receive push notifications when your partner changes the shared wallet, delivered via Firebase Cloud Messaging. Notifications are off until you enable them, and you can revoke permission at any time in iOS Settings › Notifications › ClearSpend.

9. Device identifiers

ClearSpend does not read, store, or transmit advertising identifiers (no IDFA) and does not use the device IDFV for tracking. The only identifier associated with cloud data is the account user identifier created when you sign in for a Shared Wallet, used solely to authenticate you and manage membership.

10. Children

ClearSpend is rated 4+ and is not directed at children under 13. Shared Wallet requires signing in and is intended for adults managing a household; we do not knowingly collect data from children.

11. Legal bases (GDPR) and your rights

Where the GDPR applies, our legal basis for processing shared-wallet data is the performance of the service you requested when you chose to share a wallet (contract), and your consent for optional notifications. For shared data we act as a data controller and Google (Firebase) acts as our processor under Google's data processing terms. You have the right to access, export, correct, and delete your data; the in-app export and account-/share- deletion tools above provide these directly. Under the CCPA, we do not and will not sell or share your personal information.

12. Third-party services

Solo mode integrates only with Apple's own frameworks (SwiftData, CloudKit, StoreKit, UserNotifications). Shared Wallet additionally uses Google Firebase (Authentication, Cloud Firestore, and optional Cloud Messaging), governed by the Google Privacy Policy, and RevenueCat for purchase entitlements. Apple's handling is governed by the Apple Privacy Policy.

13. Changes to this policy

If this policy changes, the date above is updated and the change is noted in the app's release notes. A change that would materially increase data collection requires your action to take effect — for example, you must opt into Shared Wallet before any cloud collection begins.

14. Contact

Questions about this policy or a data request? Email dark2torch@gmail.com. We aim to respond within two business days.

See also our Terms of Use.

A note on financial guidance

ClearSpend is a personal budgeting and expense-tracking tool for general awareness. It is not financial, investment, accounting, or tax advice, and is not a substitute for a qualified professional. For decisions specific to your situation, consult a licensed financial advisor or accountant.