Legal

Privacy Policy

Last updated: 25 May 2026

SafeSpend ("we", "our", or "the Service") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information in accordance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and other applicable regulations.

1. Information We Collect

We collect only the information necessary to provide the Service:

  • Account data: Your name, email address, and authentication credentials when you register.
  • Financial data: Credit card details (names, limits, billing dates, due dates, statement balances, interest rates, and payment status), bank account names and balances, income details, loan and EMI details, spending categories, goals, and transactions you manually enter or import.
  • Statement import and AI feature content: Statement, receipt, or agreement files you choose to upload; images or PDFs of those documents; pasted transaction text; chat messages; and any PDF password you enter for an encrypted file.
  • AI chat context: When you use SafeSpend AI chat, we may include the financial snapshot needed to answer your question, such as card balances, limits, due dates, bank balances, loans, income, upcoming invoices, expenses, and top spending categories.
  • Usage data: Pages visited, features used, import attempts, error states, and interactions within the app, collected to keep the Service reliable and improve the product.
  • Technical data: IP address, browser type, app version, device information, diagnostics, and cookies or tokens for session management, security, and fraud prevention.
  • Billing data: Subscription status, plan, renewal dates, purchase identifiers, and payment provider events. We do not store full card numbers.

We do not collect actual bank card numbers, CVVs, PINs, card passwords, or banking passwords. Do not upload documents containing CVVs, PINs, government IDs, unrelated passwords, or unrelated personal information. SafeSpend currently does not connect directly to your bank accounts unless you separately choose a connected-finance feature when offered.

2. How We Use Your Data

Your data is used exclusively to:

  • Provide, operate, and maintain the SafeSpend Service.
  • Personalise your dashboard, reports, and notifications.
  • Run optional AI features, such as statement extraction, transaction quick-fill, planning import, and SafeSpend AI chat, only after you choose to use them and, where required, give permission before data is sent.
  • Extract values from uploaded statements so you can review and edit a draft before anything is saved to your account.
  • Send service-related emails (password resets, billing alerts).
  • Process subscriptions, trial status, refunds, cancellations, and support.
  • Improve and develop new features based on aggregated, anonymised usage data.
  • Comply with legal obligations under UAE law.

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes.

3. Optional AI Features and Third-Party AI Processing

SafeSpend includes optional AI features that help read financial documents and answer questions about your own SafeSpend data. These features are not required to use the app. You can enter information manually instead.

Who receives the data: When you use an AI feature and give consent, SafeSpend sends the necessary content to Anthropic, PBC, our third-party AI service provider, through Anthropic's API. SafeSpend may update or replace AI vendors in the future, but the app will identify the provider before sending your personal data.

What is sent for statement import: The file or text you select, which may include your name, bank or issuer name, account or card nickname/last digits if visible in the document, balances, limits, due dates, salary dates, interest rates, installment details, merchant names, categories, transaction dates, amounts, and notes. If the PDF is locked and you provide a password, that password is sent only as needed to unlock and process that file.

What is sent for AI chat: Your chat message and the relevant SafeSpend financial snapshot needed to answer it, such as credit card balances, limits, due dates, bank balances, loans, income, upcoming invoices, monthly income and expenses, and top spending categories.

Why it is sent: The data is sent only to provide the feature you requested: extracting fields from a statement, preparing draft transactions, importing plan details, or generating an answer in SafeSpend AI chat.

What happens to AI output: AI output is treated as a draft. For statement import, SafeSpend shows the extracted details to you so you can review, edit, or reject them before saving. The AI provider does not decide payments, approve credit, make financial decisions, or automatically change your saved financial records.

Provider protections: We require our service providers to protect personal data using protections that are the same as or comparable to those described in this policy, including confidentiality, security, and use limitations. AI provider data handling is governed by its enterprise/API terms and data processing commitments, not by consumer advertising or tracking.

4. Data Storage and Security

All data is stored on servers located in the UAE, EU, or other provider-supported regions with industry-standard security measures:

  • TLS 1.3 encryption for all data in transit.
  • AES-256 encryption for data at rest.
  • Regular security audits and penetration testing.
  • Access controls — only authorised personnel can access production data.
  • Automatic backups with 30-day retention.

Files uploaded for AI extraction are used to complete the requested import and may be temporarily stored by SafeSpend or its infrastructure providers for processing, security, debugging, and abuse prevention. We do not use uploaded statements to train SafeSpend models.

5. Data Sharing

We may share your data only in the following circumstances:

  • Service providers: Trusted sub-processors that help us run SafeSpend, including hosting, database, authentication, file storage, email delivery, customer support, analytics, crash/diagnostic reporting, and subscription processing. These providers may only use data to provide services to SafeSpend.
  • Anthropic, PBC for optional AI features: If you explicitly consent inside the app, we send only the selected file, pasted text, chat message, relevant SafeSpend financial context, or PDF password needed to run the AI feature you requested. Anthropic is used for app functionality, not advertising or tracking.
  • Identity providers: If you sign in with Apple or Google, we receive and store the account identifiers and email/name information those providers make available to us.
  • Payment providers: Subscription platforms and app stores process purchases, renewals, cancellations, and receipts. SafeSpend receives subscription status and purchase metadata, not your full payment card number.
  • Legal requirements: When required by UAE law, court order, or government authority.
  • Business transfer: In the event of a merger or acquisition, with prior notice to you.

6. Your Choices and Consent

You control whether optional AI features are used. Before SafeSpend sends a statement, pasted text, chat message, relevant financial context, or PDF password to Anthropic, the app asks for your permission and identifies the data being sent, the provider receiving it, and the purpose of the transfer. If you do not agree, you can cancel and enter the information manually.

You may delete imported records, edit extracted drafts before saving, avoid uploading sensitive documents, or request account deletion by contacting us. If you have already used an AI feature, deleting your SafeSpend account removes the copy stored in SafeSpend according to the retention rules below; data already processed by a third-party provider is handled under that provider's data processing terms.

7. Your Rights Under UAE PDPL

Under the UAE Personal Data Protection Law, you have the right to:

  • Access your personal data held by us.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Port your data in a machine-readable format.
  • Object to certain processing activities.

To exercise these rights, contact us at info@safespend.ae. We will respond within 15 business days.

8. Cookies

We use cookies strictly for authentication session management and security purposes. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this may prevent login functionality.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal and financial data is permanently deleted within 30 days. Anonymised aggregate data (totals, statistics) may be retained indefinitely.

AI extraction drafts that you do not save may be retained temporarily in server logs, diagnostics, or storage needed to operate the feature, then deleted according to our operational retention practices. Saved extracted records become part of your SafeSpend account until you edit or delete them.

10. Children's Privacy

SafeSpend is not directed to individuals under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has provided personal data, we will delete it promptly.

11. International Transfers

Some providers that help us operate SafeSpend, including AI, hosting, authentication, diagnostics, and subscription providers, may process data outside the country where you live. When this happens, we rely on contractual, technical, and organisational safeguards designed to protect your personal data.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you by email and through an in-app notice at least 30 days before material changes take effect. Your continued use of the Service after changes constitutes acceptance.

13. Contact

For privacy questions or to exercise your rights: