SpendReady Privacy Policy
Fix Your Cloud LLC · Last updated: May 2, 2026
1. Information We Collect
We collect the following categories of information:
- Account information: Email address and name when you create an account.
- Salesforce org data (read-only): When you connect your Salesforce org, we access User records, LoginHistory, UserLicense, PermissionSetLicenseAssign, AuthSession, and OAuthToken objects via read-only OAuth. We never access Opportunity, Contact, Account, or custom object data. We never write to your Salesforce org.
- Payment information: Processed by Stripe. We store only your subscription status and Stripe customer ID — never raw card numbers.
- Usage data: Page views, feature interactions, and error logs collected to improve the product. No Salesforce org data is included in usage telemetry.
2. How We Use Your Information
- To generate and deliver weekly Salesforce license audit reports to your specified recipients
- To calculate and display estimated savings based on your Salesforce license data
- To process payments and manage your subscription
- To send transactional emails (report delivery, payment receipts, account notices)
- To monitor application health and diagnose errors
- We do not use your Salesforce org data to train AI models or share it with third parties for advertising
3. Subprocessors
We share data with the following subprocessors to operate the service:
| Subprocessor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, storage | US (us-east-1) |
| Stripe | Payment processing | US / EU |
| Resend | Email delivery | US |
| Vercel | Web hosting | US / Global edge |
| Railway | Worker hosting | US |
| Salesforce | Source org data (read-only) | Customer's region |
| Sentry | Error tracking (no org data) | US |
| PostHog | Product analytics (no org data) | US |
Full subprocessor details: subprocessors page.
4. Data Retention
- Audit findings: Retained for the duration of your subscription plus 90 days after cancellation.
- Salesforce OAuth tokens: Deleted immediately upon org disconnection or account cancellation.
- Account data: Deleted within 30 days of account deletion upon written request.
5. Your Rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email privacy@getspendready.com. We respond within 30 days.
GDPR (EU/EEA residents): You have the right to access, rectification, erasure, restriction, portability, and to object to processing. Our legal basis for processing your Salesforce org data is contract performance.
CCPA (California residents): We do not sell personal information. You have the right to know what data we collect and request deletion.
Texas TDPSA: Texas residents have rights consistent with the Texas Data Privacy and Security Act.
6. Security
Salesforce OAuth tokens are encrypted at rest using pgsodium (libsodium). All data is transmitted over TLS. Access to production systems is limited to the founding team. We do not store passwords — authentication is handled by Supabase Auth.
7. Contact
Fix Your Cloud LLC
Email: privacy@getspendready.com
Texas, United States