Skip to Content
LegalPrivacy Policy

Privacy Policy

Last Updated: February 18, 2024

Introduction

AiSpendTrack (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at aispendtrack.com and app.aispendtrack.com (collectively, the “Service”).

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

Information You Provide to Us

Account Information:

  • Email address
  • Name (optional)
  • Company name (optional)
  • Payment information (processed by Stripe, we don’t store card details)

Usage Data:

  • API key (generated by us, hashed for storage)
  • Customer IDs (if you tag calls)
  • Feature tags (if you tag calls)

Information Automatically Collected

API Call Metadata:

  • Model used (e.g., gpt-4, claude-3-opus)
  • Token counts (prompt tokens and completion tokens)
  • Cost in USD
  • Timestamp
  • Latency (response time)
  • Status code (200, 429, 500, etc.)
  • Error type (if applicable)
  • Provider (OpenAI, Anthropic)

Technical Information:

  • IP address (for security and rate limiting)
  • Browser type and version
  • Operating system
  • Device information
  • Referring URL

Cookies and Similar Technologies:

  • Session cookies (authentication)
  • Preference cookies (dashboard settings)
  • Analytics cookies (with your consent)

Information We Do NOT Collect

We explicitly do NOT collect:

  • ❌ Your prompts sent to AI models
  • ❌ AI responses from models
  • ❌ User data contained in prompts or responses
  • ❌ Your OpenAI or Anthropic API keys (they pass through but are never stored)
  • ❌ Any content you or your users create using AI models

How We Use Your Information

We use the information we collect to:

Provide the Service:

  • Track and display your API costs
  • Calculate token usage and costs
  • Generate analytics and insights
  • Send cost alerts and notifications
  • Provide customer support

Improve the Service:

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance

Communicate with You:

  • Send transactional emails (alerts, receipts)
  • Respond to your inquiries
  • Send product updates (with your consent)

Security and Compliance:

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations

Marketing (with your consent):

  • Send promotional emails
  • Provide product recommendations
  • Share company news

You can opt out of marketing emails at any time.

How We Share Your Information

We do NOT sell your personal information.

We may share your information with:

Service Providers:

  • Railway - Proxy hosting
  • Neon - Database hosting
  • Vercel - Dashboard hosting
  • Clerk - Authentication
  • Resend - Email delivery
  • Stripe - Payment processing

These providers are contractually obligated to protect your information and use it only for providing services to us.

Legal Requirements: We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Legal processes
  • Government requests
  • Protection of our rights

Business Transfers: If we’re acquired or merged with another company, your information may be transferred to the new entity.

With Your Consent: We may share your information for other purposes with your explicit consent.

Data Retention

Active Data:

  • Free tier: 7 days
  • Pro tier: 90 days
  • Enterprise: Custom (up to 365 days)

Account Data: Retained while your account is active and for 30 days after deletion request.

Backups:

  • Daily backups: 30 days
  • Weekly backups: 90 days
  • Backups purged within 30 days after account deletion

Aggregated Data: We may retain aggregated, anonymized data indefinitely for analytics and improving the Service.

Your Rights and Choices

GDPR Rights (EU Users)

If you’re in the European Economic Area, you have:

Right to Access: Request a copy of your data. Email privacy@aispendtrack.com or export from Settings → Export Data.

Right to Rectification: Correct inaccurate data. Update in Settings or contact support.

Right to Erasure: Request deletion of your data. Settings → Delete Account or email privacy@aispendtrack.com.

Right to Restrict Processing: Limit how we use your data. Contact privacy@aispendtrack.com.

Right to Data Portability: Receive your data in a portable format. Settings → Export Data.

Right to Object: Object to our processing of your data. Contact privacy@aispendtrack.com.

Right to Withdraw Consent: Withdraw consent for marketing or analytics. Settings → Preferences.

We will respond to requests within 30 days.

CCPA Rights (California Users)

If you’re a California resident, you have:

Right to Know: What personal information we collect, use, and share.

Right to Delete: Request deletion of your personal information.

Right to Opt-Out: We don’t sell personal information, so there’s nothing to opt out of.

Right to Non-Discrimination: We won’t discriminate against you for exercising your rights.

To exercise these rights, email privacy@aispendtrack.com.

Email Preferences

Unsubscribe: Click “Unsubscribe” in any marketing email or go to Settings → Notifications.

Transactional Emails: We must send certain emails (receipts, alerts, security notifications) as part of the Service.

Data Security

We implement industry-standard security measures:

Encryption:

  • TLS 1.3 for data in transit
  • AES-256 for data at rest

Access Controls:

  • Role-based access for employees
  • Two-factor authentication required
  • Principle of least privilege

Infrastructure:

  • SOC 2 Type II certified providers
  • Regular security audits
  • Penetration testing annually

Monitoring:

  • Real-time threat detection
  • Automated alerts
  • 24/7 security monitoring

Incident Response:

  • Documented incident response plan
  • Notification within 72 hours (GDPR)
  • Regular drills and updates

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

International Data Transfers

Primary Location: Your data is stored in the United States (AWS US-East-1).

EU Users:

  • We use Standard Contractual Clauses (SCCs) for data transfers
  • Enterprise customers can request EU-only data storage
  • All subprocessors are GDPR-compliant

Safeguards:

  • Encryption in transit and at rest
  • Regular compliance audits
  • Privacy Shield alternatives (SCCs)

Children’s Privacy

Our Service is not directed to children under 13 (or 16 in the EU).

We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately at privacy@aispendtrack.com and we will delete it.

Cookies and Tracking

Essential Cookies

Required for the Service to function:

  • Session cookies - Keep you logged in
  • Security cookies - Prevent fraud
  • Preference cookies - Remember your settings

You cannot opt out of essential cookies.

Analytics Cookies

Help us understand how you use the Service:

  • Usage analytics - Page views, clicks, time on site
  • Performance analytics - Load times, errors

You can opt out: Settings → Privacy → Analytics.

Third-Party Cookies

We use:

  • Clerk - Authentication cookies
  • Vercel - Analytics cookies (if enabled)

You can control cookies in your browser settings.

Do Not Track

We currently do not respond to Do Not Track (DNT) signals.

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective when posted.

Material changes:

  • We’ll notify you by email
  • We’ll post a notice in the dashboard
  • You’ll have 30 days to object before changes take effect

How to check:

Contact Us

Privacy Questions: Email: privacy@aispendtrack.com

Data Protection Officer: Email: dpo@aispendtrack.com

Mailing Address: AiSpendTrack
[Your Company Address]
Bengaluru, Karnataka, India

Response Time: We respond to privacy inquiries within 30 days.

We process your data based on:

Contract Performance: Processing necessary to provide the Service you signed up for.

Legitimate Interests:

  • Improving the Service
  • Security and fraud prevention
  • Analytics (with appropriate safeguards)

Consent:

  • Marketing communications
  • Optional analytics
  • Non-essential cookies

Legal Obligation:

  • Compliance with laws
  • Response to legal requests

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Data Protection Impact Assessment

We’ve conducted a Data Protection Impact Assessment (DPIA) for our Service. The assessment concluded that our processing activities present low risk to your privacy due to:

  • No processing of prompts or AI responses
  • Metadata-only logging
  • Strong security measures
  • Limited data retention
  • User control over data

Full DPIA available upon request for Enterprise customers.

Effective Date: February 18, 2024

Version: 1.0

Last updated on
ComplianceTerms of Service