Privacy Policy

Effective Date: March 29, 2026

Fingarde Technologies Inc. (“Fingarde,” “we,” “us,” or “our”) provides Spendifique, a software service that helps businesses, bookkeepers, and accounting firms capture receipts and invoices, extract and organize document data, and export or sync information into accounting workflows.

This Privacy Policy explains what information we collect, how we use it, when we share it, how we transfer and retain it, and the choices available to you when you use Spendifique, our website, and related services.

1. Who We Are

Company: Fingarde Technologies Inc.
Product: Spendifique
Website: spendifique.com
Support: support@spendifique.com
Privacy Contact: privacy@spendifique.com
Security Contact: security@spendifique.com
Address: 501 - 3292 Production Way
Burnaby, BC V5A 4R4
Canada

2. What This Policy Covers

This Privacy Policy applies to Spendifique, our website, user accounts, workspaces, uploaded documents, connected integrations, support interactions, service communications, and optional marketing communications.

It does not apply to third-party products or services that you choose to use with Spendifique, such as QuickBooks Online, Xero, Google Sign-In, Stripe, or other third-party services. Those services have their own terms and privacy policies.

3. Information We Collect

We collect information directly from you, automatically through your use of the service, and from certain third parties when you connect them.

Information you provide

Depending on how you use Spendifique, this may include:

Account and profile information
Your name, email address, password, phone number, company name, and role or job title.

Business and workspace information
Business address, tax preferences, accounting settings, chart of accounts preferences, subscription details, and related workspace settings.

Documents and workspace content
Receipts, invoices, PDFs, images, file attachments, line items, tags, classes, notes, and other information contained in uploaded or emailed documents.

Billing and subscription information
Billing contact information, subscription status, invoice history, and limited payment-related information made available through our payment providers. We do not store your full payment card details ourselves.

Support, onboarding, and communication information
Emails, support messages, onboarding responses, surveys, feedback, feature requests, and related communications.

Marketing and lead information
If you subscribe to updates, join a waitlist, fill out a form, download a resource, or otherwise engage with our marketing, we may collect your name, email address, business information, and any other information you choose to provide.

Public content
If you post comments, testimonials, or other content in public-facing areas we may offer in the future, that information may be visible to others.

Information we collect automatically

When you use Spendifique or visit our website, we may collect technical and usage information such as:

• IP address
• device type
• browser type
• operating system
• pages viewed
• clicks
• session length
• referral URL
• login timestamps
• failed login attempts
• API logs
• audit logs
• similar telemetry

When you upload or email documents into Spendifique, we may also collect metadata such as the date and time of submission, the source email address or user ID, and certain device or browser details associated with the upload.

Information from third parties and integrations

If you connect third-party services, we may receive information needed to make those services work with Spendifique.

For example:

Accounting integrations
If you connect QuickBooks Online or Xero, we may import or access chart of accounts, vendors, tax codes, classes, and other integration-related data needed to provide the service.

Payment and billing providers
From Stripe and related billing tools, we may receive subscription status, invoice history, billing contact information, and limited payment-related metadata.

Sign-in providers
If you sign in with Google, we may receive your email address, profile image, first name, and last name.

CRM and communication tools
If you fill out forms or interact with communications managed through tools such as HubSpot, we may collect the information you provide there.

4. How We Use Information

We use information to operate, improve, secure, and support Spendifique.

To provide the service

This includes creating and managing accounts and workspaces, authenticating users, processing uploaded documents, extracting data from receipts and invoices, generating categorizations and duplicate detection, enabling exports and syncs, supporting firm and client workflows, and managing subscriptions and billing.

To improve and protect the service

This includes troubleshooting, usage analysis, performance monitoring, backups and recovery, investigating failed logins or abuse, enforcing our terms, and improving product features and usability.

To communicate with you

We may send service-related emails and messages such as verification emails, password resets, onboarding emails, billing notices, legal or policy updates, support responses, and account-related confirmations. These are generally service communications, not marketing emails.

To send optional marketing communications

If you opt in, or where otherwise permitted by law, we may send newsletters, product updates, event announcements, or promotions. You can unsubscribe from marketing emails at any time using the unsubscribe or preferences link in the message.

To comply with law and protect rights

We may use information to comply with legal obligations, respond to lawful requests, establish, exercise, or defend legal claims, investigate fraud or misuse, and protect Fingarde, Spendifique, our users, and others.

To create aggregated, anonymized, or de-identified information

We may create and use aggregated, anonymized, or de-identified information for lawful business purposes, including analytics, service improvement, reporting, and product performance analysis.

This information will not identify you, your organization, or any individual as the source.

For clarity, this section does not give us the right to publicly disclose your Customer Content in identifiable form.

5. Legal Bases for Processing

If you are in the European Economic Area, the UK, or another jurisdiction that requires a legal basis for processing, we generally rely on one or more of the following:

Performance of a contract
Where processing is necessary to provide Spendifique, manage your account, process uploaded documents, support integrations, and deliver related support or billing functions.

Legitimate interests
Where processing is necessary for our legitimate interests, such as securing the service, preventing abuse, maintaining and improving functionality, analyzing service performance, responding to support issues, and communicating with business users about the service, provided those interests are not overridden by your rights and freedoms.

Consent
Where we rely on consent, such as for certain marketing communications or certain cookies and similar technologies where consent is required by law.

Legal obligation
Where processing is necessary to comply with applicable law, regulation, court order, tax requirements, record-keeping obligations, or breach-reporting obligations.

6. AI, OCR, and Automated Processing

Spendifique uses OCR and AI-assisted processing to help extract information from documents and generate suggestions.

This may include extracting vendor names, invoice numbers, dates, totals, taxes, currency, and line items, as well as suggesting categorizations, normalizing fields, identifying possible duplicates, and assigning confidence scores.

These outputs may be generated automatically and may contain errors or omissions. Users remain responsible for reviewing and confirming outputs before relying on them for bookkeeping, accounting, reporting, tax, or other business purposes.

At this time, we do not train our own models on customer data. If that changes in a material way, we expect to update this Privacy Policy and provide appropriate notice.

We currently use Google Gemini for certain AI or document-processing functions, and we may use other AI or OCR providers in the future.

7. How We Share Information

We do not sell personal information for money. We also do not trade or rent personal information. We share information only in the limited ways described below.

Service providers

We may share information with service providers that help us operate Spendifique, such as providers for hosting, storage, analytics, billing, authentication, support, communications, and AI-assisted processing.

These may include Amazon Web Services, Google Sign-In, Google Analytics, Google Gemini, Stripe, PostHog, Microsoft Clarity, HubSpot, and Skyvia.

User-directed integrations

If you connect QuickBooks Online, Xero, or another supported integration, we may share or receive the data necessary to enable that integration.

Authorized users and firms

Workspace data may be accessible to organization admins, teammates, accountants, bookkeepers, and other service providers that a customer authorizes to access the workspace on its behalf.

Advertising and analytics partners

We may allow advertising, analytics, and measurement partners to collect information through cookies, pixels, tags, scripts, and similar technologies on our website or marketing pages. For more detail, see Sections 8 and 9 below.

Affiliates and business transfers

We may disclose information to our affiliates or as part of a merger, financing, acquisition, restructuring, sale of assets, insolvency process, or similar transaction, subject to applicable confidentiality and legal requirements.

Legal, safety, and protection disclosures

We may disclose information where reasonably necessary to comply with law, respond to legal process, investigate fraud or abuse, protect the rights or safety of Fingarde or others, enforce our terms, or reduce or prevent harm.

8. Sale, Sharing, and Targeted Advertising

We do not sell personal information for monetary consideration.

We may allow certain advertising, analytics, and marketing partners, such as Reddit, LinkedIn, Meta, and Google, to collect information through cookies, pixels, tags, or similar technologies on our website or marketing pages. Depending on the applicable law and how those technologies are configured, this may be considered a “sharing” of personal information, use for targeted advertising, or cross-context behavioral advertising.

Where required by applicable law, we will provide appropriate notice and any required rights or opt-out choices.

If our practices change, we may update this Privacy Policy and any related consent or preference tools accordingly.

9. Cookies and Tracking Technologies

We and our service providers may use cookies, pixels, tags, scripts, local storage, and similar technologies to:

• keep users signed in
• remember preferences and settings
• secure the service
• understand how our website and product are used
• improve performance and usability
• measure engagement with communications and pages
• support analytics and, where permitted by law, marketing and advertising activities

We and our service providers may also use advertising and remarketing technologies, including pixels or similar tools provided by partners such as Reddit, LinkedIn, Meta, and Google, to:

• measure campaign performance
• understand visits and conversions
• improve marketing
• where permitted by law, support targeted advertising

You can control cookies through your browser settings and, where available, through consent or preference tools we provide. If you disable certain cookies, some parts of the website or service may not work properly.

10. Third-Party Sites and Links

Our website or service may contain links to third-party websites, products, or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies and terms before providing information to them.

11. Workspace Control

The business or organization associated with a workspace controls the data in that workspace, including documents uploaded by its authorized users.

If a bookkeeping firm, accountant, or other service provider uploads documents or manages data within a client workspace, that data is treated as the client organization’s workspace data. In that context, the service provider acts as an authorized user or agent of the client for that workspace.

If you use Spendifique through an employer, client, bookkeeping firm, or accounting firm, that organization may control your access to the workspace and may be able to access, manage, export, or delete workspace data based on the roles and permissions in place.

If the relationship between a client and a bookkeeping firm or other service provider ends, the client may keep the workspace and remove that service provider’s access, subject to reasonable account security and verification procedures.

12. International and Cross-Border Transfers

Spendifique is hosted on AWS in the United States, currently in the us-east-1 region in North Virginia. Backups are currently stored in the same region. Depending on the tools and providers involved, information may also be processed in Canada, the United States, or other jurisdictions where our service providers operate.

Where personal information is transferred across borders, we aim to use appropriate safeguards and lawful transfer mechanisms where required. Depending on the circumstances, these may include:

• adequacy decisions
• the European Commission’s Standard Contractual Clauses
• the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses
• contractual protections with service providers
• supplementary technical and organizational safeguards where appropriate

If you are located in Canada, the EEA, the UK, or another jurisdiction with data transfer restrictions, please be aware that your information may be transferred to, stored in, or accessed from outside your home jurisdiction, including the United States, where different laws may apply.

13. Security

We use reasonable technical and organizational safeguards designed to protect information, taking into account the nature of the service and the company’s stage.

Examples include:

• encryption in transit in production
• encrypted storage for certain systems
• secure password hashing
• role-based access controls
• MFA for key internal administrative access
• backup and recovery mechanisms
• security or vulnerability checks in development and deployment workflows

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Breach Response and Notification

If we become aware of a breach of security safeguards affecting personal information, we will investigate and take reasonable steps to contain, assess, and remediate the incident.

Where required by applicable law, we will provide notifications to affected individuals, regulators, or others. Under PIPEDA, if a breach of security safeguards creates a real risk of significant harm, we will report it to the Office of the Privacy Commissioner of Canada and notify affected individuals as soon as feasible. We may also notify other organizations or government institutions where required or where doing so may reduce the risk of harm.

We maintain records of security breaches as required by applicable law.

15. Retention, Export, and Deletion

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, subject to legal, operational, security, and dispute-related needs.

Our standard retention periods are intended to be as follows, unless a longer period is required or justified by law, legal hold, dispute, fraud-prevention, security, tax, or audit needs:

Account and profile information
Retained while the account is active and for up to 24 months after account closure or deactivation.

Workspace and uploaded document data
Retained while the workspace or account is active and for up to 24 months after closure or cancellation, unless deleted earlier by the customer or retained longer for legal, security, or operational reasons.

Billing, payment, invoicing, and tax records
Retained for up to 7 years after the end of the relevant financial year or longer where required by law.

Support communications and customer service records
Retained for up to 3 years after the support matter is closed.

Marketing leads and newsletter data
Retained until you unsubscribe, withdraw consent where applicable, or for up to 24 months after our last meaningful interaction, unless a longer period is justified by consent or applicable law.

Security logs, audit logs, and fraud-prevention records
Retained for up to 24 months, except where longer retention is needed for security investigations, legal obligations, or dispute-resolution purposes.

Backup copies
Typically retained for up to 90 days, though some backup artifacts may persist temporarily in line with disaster-recovery and operational processes.

Aggregated, anonymized, or de-identified data
May be retained indefinitely, provided it does not identify you, your organization, or any individual and is maintained in aggregated, anonymized, or de-identified form.

Breach records and legal hold data
Retained as long as required by applicable law or for the duration of the relevant investigation, dispute, or legal process.

Cancellation of a paid subscription does not automatically delete account or workspace data. At this time, Spendifique supports partial export and partial deletion rather than comprehensive export or guaranteed full deletion across all systems and storage layers. Certain documents, reports, and individual expenses may be exportable or deletable, while full account-level or organization-level export or deletion is not yet fully supported in all cases.

16. Your Privacy Rights and Choices

Depending on your location and the applicable law, you may have rights to:

• know whether we hold personal information about you
• access personal information we hold about you
• correct inaccurate personal information
• request deletion of personal information
• object to or restrict certain processing
• withdraw consent where consent is the basis for processing
• request portability of certain personal information
• opt out of marketing communications
• manage cookies and similar technologies through available tools

You may also disconnect integrations, update certain account information, or delete certain documents directly in the product where those features are available.

We may also provide the ability to export certain categories of data, either directly through the service or upon request where applicable. At this time, data export functionality is partial rather than comprehensive. Some information, such as certain transaction data, documents, or reports, may be exportable, while other categories of information may not yet be fully exportable in a structured format.

To make a privacy request, contact us at privacy@spendifique.com. We aim to respond within a reasonable time and, where required by applicable law, within the time period required by law. For EEA and UK requests, we generally aim to respond within one month unless an extension is permitted. For Canadian privacy access and correction requests, we generally aim to respond within 30 days where applicable.

Because some deletion and export functionality is still partial, some requests may not be fully achievable at this time. We may also retain certain information where needed for legal, billing, fraud-prevention, security, tax, audit, or dispute-related reasons.

17. For EEA and UK Users

If you are in the EEA or UK, you may have the rights listed above, including the right of access, rectification, erasure, restriction, portability, objection, and the right not to be subject to a decision based solely on automated processing where applicable.

You may also lodge a complaint with the supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

If we process personal information based on legitimate interests, you may object to that processing in certain circumstances. If we process personal information based on consent, you may withdraw consent at any time, although that will not affect the lawfulness of processing before withdrawal.

If we are required to appoint an EU or UK representative under applicable law, we will identify that representative and their contact details in this Privacy Policy or another appropriate notice.

18. For Certain U.S. State Residents

If you are a resident of a U.S. state that provides privacy rights, you may have rights such as:

• the right to know or access certain personal information
• the right to correct inaccurate personal information
• the right to delete certain personal information
• the right to obtain a portable copy of certain personal information
• the right to opt out of the sale of personal information, sharing for cross-context behavioral advertising, or certain targeted advertising activities where applicable
• the right to appeal certain decisions regarding your privacy request, where applicable law provides that right

To exercise applicable rights, contact us at privacy@spendifique.com.

If we deny a request and applicable law gives you a right to appeal, you may submit an appeal by replying to our decision email or by emailing privacy@spendifique.com with the subject line “Privacy Appeal.”

19. Children

Spendifique is intended for adults and businesses. It is not directed to children, and we do not knowingly collect personal information from children.

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to Spendifique, our practices, legal requirements, or operational needs.

If we make a material change, we may provide notice through the service, by email, or by other reasonable means before the change becomes effective where required by law.

The “Effective Date” above shows when this version took effect.

21. Contact Us

For privacy questions, rights requests, complaints, or security questions, contact:

Privacy Team
Fingarde Technologies Inc.
501 - 3292 Production Way
Burnaby, BC V5A 4R4
Canada

privacy@spendifique.com
security@spendifique.com
support@spendifique.com

‍