Privacy Policy

SpendStreak — Last updated: 4 March 2026

SpendStreak ("the App") is a gamified expense tracking application developed by Taylor Walker as part of a university dissertation project at Queen's University Belfast. This policy explains what data we collect, why, and how we protect it.

1. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the UK GDPR:

• Contract performance: Processing your account, expense, and gamification data is necessary to deliver the core service you signed up for.
• Consent: Connecting your bank account via Open Banking is entirely optional and requires your explicit consent through TrueLayer's authorisation flow. You may withdraw this consent at any time.

By creating an account, you agree to this privacy policy and the processing described within it.

2. Data We Collect

When you use SpendStreak, we collect the following information:

• Account information: Email address and display name, used for authentication via AWS Cognito.
• Financial data: Expense entries you create manually (amount, category, description, date) and, if you choose to connect your bank, selected transaction fields (amount, description, date, category) retrieved via TrueLayer's Open Banking API. Raw bank responses are not stored.
• Profile & gamification data: Daily budget goal, streak progress, XP, level, and achievement status.
• Device information: Basic device identifiers provided by the operating system for authentication token management. We do not collect location data.
• Server logs: Our hosting infrastructure (AWS AppRunner) may automatically log IP addresses and request metadata for operational and debugging purposes. These logs are not used for tracking or profiling.

3. How We Use Your Data

• To provide the core expense tracking and budgeting functionality.
• To calculate streaks, award XP, and evaluate achievement progress.
• To enrich and categorise bank transactions for a better user experience.
• To authenticate you securely and maintain your session.

We do not use your data for advertising, profiling, or selling to third parties.

4. Third-Party Services

The App uses the following third-party services that may process your data:

• AWS (Cognito, RDS, AppRunner): Authentication, data storage, and backend hosting. Data is stored in the AWS US-East-1 (Virginia) region. International transfers from the UK are covered by the EU-US Data Privacy Framework. See AWS Privacy Policy.
• TrueLayer: Open Banking data retrieval (only if you connect a bank account). TrueLayer is FCA-authorised. See TrueLayer Privacy Policy.
• Expo (EAS): App build and update delivery. See Expo Privacy Policy.

5. Data Storage & Security

• All data is stored in a PostgreSQL database hosted on AWS RDS.
• Communication between the App and backend is encrypted via HTTPS/TLS.
• Authentication tokens are managed by AWS Cognito using industry-standard OAuth 2.0 / OIDC flows.
• Bank credentials are never stored by SpendStreak — TrueLayer handles all banking authentication directly.

6. Data Retention

Your data is retained for the duration of the beta testing period. As this is a university project, all user data — including database records and automated backups — will be deleted at the conclusion of the project (expected by September 2026). You may request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

• Request access to the personal data we hold about you.
• Request correction or deletion of your data.
• Withdraw consent and disconnect your bank account at any time.
• Request a copy of your data in a portable format.

8. Beta Testing

SpendStreak is currently in beta. The App is being tested as part of an academic dissertation and is not a commercial product. By participating in the beta, you acknowledge that the App is under active development and features may change.

9. Children's Privacy

SpendStreak is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy as the App develops. Any changes will be reflected on this page with an updated date.