SpendReady Privacy Policy
Fix Your Cloud LLC · Last updated: May 16, 2026
1. Information We Collect
We collect the following categories of information:
- Account information: Email address and name when you create an account.
- Salesforce org data (read-only): When you connect your Salesforce org, we access User records, LoginHistory, UserLicense, PermissionSetLicenseAssign, and PermissionSetLicense objects via read-only OAuth. We never access Opportunity, Contact, Account, or custom object data. We never write to your Salesforce org.
- Payment information: Processed by Stripe. We store only your subscription status and Stripe customer ID — never raw card numbers.
- Usage data: Page views, feature interactions, and error logs collected to improve the product. No Salesforce org data is included in usage telemetry.
2. How We Use Your Information
- To generate and deliver weekly Salesforce license audit reports to your specified recipients
- To calculate and display estimated savings based on your Salesforce license data
- To process payments and manage your subscription
- To send transactional emails (report delivery, payment receipts, account notices)
- To monitor application health and diagnose errors
- We do not use your Salesforce org data to train AI models or share it with third parties for advertising
3. Subprocessors
We share data with the following subprocessors to operate the service:
| Subprocessor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, storage | US (us-east-1) |
| Stripe | Payment processing | US / EU |
| Resend | Email delivery | US |
| Vercel | Web hosting | US / Global edge |
| Railway | Worker hosting | US |
| Salesforce | Source org data (read-only) | Customer's region |
| Sentry | Error tracking (no org data) | US |
| PostHog | Product analytics (no org data) | US |
| Google Analytics 4 | Anonymous funnel analytics (no org data, no PII) | US |
| Google Ads | Paid-search conversion tracking (no org data) | US |
| LinkedIn Insight Tag | Paid-social conversion tracking (no org data) | US |
| Meta Pixel | Paid-social conversion + retargeting (no org data) | US |
Full subprocessor details: subprocessors page.
4. Data Retention
- Audit reports: Retained until you request deletion or close your account. This lets you access historical renewal evidence even after disconnecting your Salesforce org. You can permanently delete every audit report at any time via Settings → Danger Zone → Delete all my reports.
- Salesforce OAuth tokens: Deleted immediately upon org disconnection or account cancellation. Disconnecting a Salesforce org revokes the OAuth token and marks the connection inactive, but historical audit reports are preserved unless you explicitly delete them.
- Account data: Deleted within 30 days of account deletion upon written request to privacy@getspendready.com.
5. Your Rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email privacy@getspendready.com. We respond within 30 days.
GDPR (EU/EEA residents): You have the right to access, rectification, erasure, restriction, portability, and to object to processing. Our legal basis for processing your Salesforce org data is contract performance.
CCPA (California residents): We do not sell personal information. You have the right to know what data we collect and request deletion.
Texas TDPSA: Texas residents have rights consistent with the Texas Data Privacy and Security Act.
6. Security
Salesforce OAuth tokens are encrypted at rest using pgsodium (libsodium). All data is transmitted over TLS. Access to production systems is limited to the founding team. We do not store passwords — authentication is handled by Supabase Auth.
7. Contact
Fix Your Cloud LLC
Email: privacy@getspendready.com
Texas, United States