Privacy Policy

Last updated: 12 May 2026

What we store

• Email: for account + transactional emails (welcome, alerts, billing).
• sg_token: random opaque ID linking your account to usage data.
• Usage metadata: provider name (anthropic/openai), model name, token counts, cost in USD, timestamp.
• Optional webhook URLs you provide for alert delivery.

What we do NOT store

• ❌ Prompt or response content (request body is forwarded but not logged).
• ❌ Your provider API keys (passed through proxy in headers, not persisted).
• ❌ Tracking cookies or analytics beyond Cloudflare's standard request logs.

Data retention

• Free tier: 7 days of logs
• Pro: 30 days
• Team: 90 days
• Insured: 1 year

Third parties

• Cloudflare: hosts proxy + database. Sees request metadata.
• Stripe: payment processing. Sees email + payment info.
• SendGrid: email delivery. Sees recipient email + body.
• Anthropic / OpenAI: forwarded API requests. Same as if you called them directly.

Your rights

Email hi@spend-guardian.io to:

• Export all data we have on you
• Delete your account + all data
• Update or correct any data

We respond within 7 business days.

Changes

If we materially change this policy, we'll email you.