Privacy Policy

Effective Date: March 7, 2026

1. Introduction

SaaS Expenses ("we", "our", or "the Service") is a personal finance dashboard that helps users track their expenses by reading bank notification emails from their Gmail account. This Privacy Policy explains how we collect, use, and protect your information.

2. Information We Collect

We collect the following information:

  • Google Account Information: Your name, email address, and profile picture, obtained through Google OAuth authentication.
  • Bank Transaction Data: Amounts, merchant names, dates, and currency extracted exclusively from bank notification emails sent by BCP, BBVA, and Interbank.
  • Gmail Access Tokens: OAuth tokens required to access your Gmail account, stored securely with encryption.

3. How We Use Gmail Data

We request the gmail.readonly scope to access your Gmail account. This access is used exclusively to:

  • Search for emails from specific Peruvian bank senders (BCP, BBVA, Interbank).
  • Read the content of those bank notification emails to extract transaction data (amount, merchant, date, currency).

We do NOT:

  • Read, store, or process any emails other than bank notifications.
  • Access your Gmail contacts, drafts, or sent emails.
  • Send emails on your behalf.
  • Share your email content with any third party.

4. Data Storage and Security

Your data is stored securely on encrypted servers. Gmail OAuth tokens are encrypted at rest using AES-256-CBC encryption. We implement industry-standard security measures including HTTPS encryption, secure headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options), and token-based authentication (Laravel Sanctum).

5. Data Sharing

We do not sell, rent, or share your personal data or financial information with any third parties. Your data is used solely to provide the Service to you.

6. Data Retention

Your data (including transaction history and Gmail tokens) is retained for as long as your account is active. If you disconnect your Gmail account or delete your account, we will remove the associated tokens and may retain anonymized transaction data for up to 30 days before permanent deletion.

7. Your Rights and Choices

  • Disconnect Gmail: You can disconnect your Gmail account at any time from the Settings page. This immediately revokes our access to your Gmail data.
  • Revoke Access: You can also revoke access from your Google Account permissions page.
  • Data Export: You may request an export of your transaction data by contacting us.
  • Account Deletion: You may request complete deletion of your account and all associated data.

8. Third-Party Services

We use Google OAuth 2.0 and the Gmail API provided by Google LLC. Your use of Google services is subject to Google's Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting the updated policy on this page with a new effective date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@saas-expenses.com