Privacy Policy

Last updated: March 2026

1. Introduction

Spendplane ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI execution and cost optimization platform. Please read this policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name, and authentication credentials (via Google, GitHub, or email OTP).

2.2 Workspace and Team Data

We collect information about your workspaces, team members, roles, and permissions. This helps us manage access control and billing for team accounts.

2.3 Usage Data and Logs

We log all API requests routed through our platform, including:

  • Prompt and completion token counts
  • Model selection and provider used
  • Cost estimates and actual provider charges
  • Timestamps and request duration
  • Workspace and user identifiers
  • Telemetry data (file references, code blocks, IDE detection)

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. We retain transaction IDs, amounts, and billing metadata for accounting and support purposes.

2.5 Vault Keys

If you choose to provide your own provider API keys (OpenRouter, etc.), we store them encrypted in our vault system. These keys are used solely to route your requests to the respective providers.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Service
  • Process your requests and route them to appropriate AI providers
  • Calculate and track usage costs
  • Generate invoices and manage billing
  • Enforce spend caps and budget controls
  • Provide analytics and insights about your usage
  • Issue forecast accuracy credits when cost estimates exceed thresholds
  • Communicate with you about your account and the Service
  • Improve our routing algorithms and cost optimization
  • Detect and prevent fraud or abuse

4. Data Sharing and Disclosure

4.1 Upstream AI Providers

When you use the Service, your AI requests are forwarded to third-party providers (OpenRouter, RunPod, Vast.ai, etc.). These providers will receive your prompts and may process them according to their own privacy policies. We encourage you to review those policies.

4.2 Service Providers

We use third-party services such as Stripe (payment processing), Firebase (authentication and database), and hosting providers. These processors have access to your data only to perform their functions and are bound by confidentiality obligations.

4.3 Legal and Safety

We may disclose your information if required by law, regulation, or legal process; to protect our rights, property, or safety; or to investigate potential violations of our Terms of Service.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

5. Data Retention

We retain your account information and usage logs for as long as your account is active or as needed to provide the Service. Usage logs are retained for up to 24 months for billing and analytics. Inactive accounts are retained for 90 days after closure. You may request deletion of your account and associated data by contacting support, but we may retain certain information as required by law or for legitimate business purposes (e.g., tax records).

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (HTTPS/TLS), encrypted storage for vault keys, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your data (subject to limitations)
  • Data portability
  • Restriction of processing
  • Objection to certain processing activities

To exercise these rights, contact us at privacy@spendplane.ai. We will respond within the timeframe required by applicable law.

8. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service, analyze usage patterns, and personalize your experience. You can control cookie preferences through your browser settings. Disabling cookies may limit certain functionality.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. By using the Service, you consent to such transfers and acknowledge that data protection laws in those countries may differ from those in your jurisdiction.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@spendplane.ai
Company: Spendplane Inc.
Address: [Your company address]