FamSpendy

Privacy Policy

Effective 26 April 2026 · Last updated 26 April 2026

This is the privacy policy for FamSpendy, a household finance app operated by Somi Technologies Ltd. We've tried to write it in plain English. The short version: we collect what we need to make the app work for you, we don't sell your data, and you can delete everything any time.

Who we are

Somi Technologies Ltd is a company registered in England and Wales, registered office at 182-184 High Street North, East Ham, London, E6 2JA. We are the data controller for the personal information processed by FamSpendy. You can reach us at support@famspendy.com.

What we collect

Information you give us directly

  • Account details: your name, email address, and a hashed password (we never see your password in the clear).
  • Household details: family/household name, members you invite, your role, your base currency, and the day your budget month starts.
  • Onboarding answers: your responses to the setup questions (e.g. household type, country, what's on your mind about money).
  • Financial data: expenses, recurring bills, budgets, income, categories, merchants, and notes you add.
  • Receipts and documents: images you upload for receipt scanning, plus the parsed line items.
  • Messages to Somi: the questions you ask the in-app assistant, plus the assistant's replies. Stored so the chat persists across sessions.

Information collected automatically

  • Device and usage data: app version, OS, screen events, button taps, the steps you complete in onboarding. Used to debug issues and understand which parts of the app are useful.
  • Approximate location: derived from your IP address at signup, only to suggest a sensible default currency. We don't continuously track your location.
  • Crash and error reports: stack traces and the application state at the moment of an error. Personal identifiers are stripped.
  • Push notification tokens: if you opt into notifications, the token your device gives us.

What we use it for

  • Run the core service: store your expenses, render your dashboard, generate reports, send your weekly summary.
  • Power the Somi assistant: when you ask Somi a question, we send the relevant context (the question, your categories, the slice of your data needed to answer) to an AI model — see "AI processing" below.
  • Send transactional emails: account verification, password reset, family invitations, bill reminders, weekly reports.
  • Improve the product: aggregated analytics on which features get used and where users drop off. We don't profile individuals or sell this data.
  • Detect and fix problems: crash reports and error monitoring.
  • Comply with legal obligations: fraud prevention, billing records.

Legal bases (UK GDPR)

  • Performance of a contract — for everything needed to actually run the service for you.
  • Legitimate interests — for product analytics, error monitoring, and security. Our interest is keeping the app working and improving it; we balance this against your privacy by minimising what we collect, hosting in the EU/UK where possible, and never sharing data with advertisers.
  • Consent — for push notifications and any optional marketing emails. You can withdraw consent any time.
  • Legal obligation — for tax records, fraud prevention, and lawful disclosures.

AI processing

FamSpendy uses third-party AI models to power the in-app assistant (Somi) and to read receipts you scan. The current providers are Anthropic (Claude), OpenAI (GPT), and Google (Gemini), accessed via OpenRouter. The models we use today do not train on data sent through their commercial APIs.

We send only the information needed to answer the specific request — for example, when you ask Somi about grocery spending we send the relevant expense summary, not your entire history. We do not send your password or your contact details. The assistant's answers are AI-generated and may contain mistakes; treat them as a starting point, not financial advice.

Who we share it with

We use a small number of vetted third-party processors. None of them sell your data; they process it on our instructions to deliver the service:

  • Hetzner Online GmbH (Germany / Finland) — hosting our servers and database.
  • Cloudflare R2 — storing receipt images.
  • Resend — sending transactional emails.
  • PostHog (EU region) — product analytics and error events.
  • Sentry — crash and error monitoring.
  • OpenRouter, Anthropic, OpenAI, Google — AI model inference (see "AI processing" above).
  • Stripe — payment processing for subscriptions (when applicable). Stripe is the controller of card data; we never see your card number.
  • Apple App Store / Google Play — app distribution and, for in-app purchases, billing.

Where data is transferred outside the UK/EU (e.g. to US-based providers), we rely on Standard Contractual Clauses or equivalent safeguards.

How long we keep it

  • Account and financial data: for as long as your account is active.
  • After account deletion: we wait 30 days before purging in case you change your mind. After 30 days, all personal data is deleted from our active systems. Backups are rotated and overwritten within 90 days.
  • Receipt images: deleted with the parent account. You can also delete an individual receipt at any time.
  • Email and analytics records: retained for up to 24 months, then deleted or aggregated.
  • Billing records: retained for 7 years where required by UK tax law.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct data that's wrong or incomplete.
  • Delete your account and the data associated with it. You can do this from inside the app under Settings → Account, or by emailing us.
  • Export a copy of your data in a portable format (CSV / JSON).
  • Object to processing based on legitimate interests, including the analytics described above.
  • Withdraw consent for anything you previously opted into.
  • Complain to the UK Information Commissioner's Office at ico.org.uk.

To exercise any of these rights, email support@famspendy.com. We will respond within 30 days.

Children

FamSpendy is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has signed up, contact us and we will delete the account.

Security

Passwords are hashed with bcrypt. Data in transit uses TLS 1.2+. Data at rest in our database is encrypted by the host. Access to production systems is restricted to a small number of operators and audited. No system is perfectly secure; if we discover a breach affecting you we will notify you within 72 hours as required by law.

Changes to this policy

If we make material changes we'll let you know in-app and by email at least 30 days before they take effect. Routine updates (like adding a new processor or clarifying wording) will be reflected in the "last updated" date above.

Contact

Email: support@famspendy.com
Post: Somi Technologies Ltd, 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom