Last updated: March 2026
SpenGo is a personal expense tracker that stores all your financial data directly in your own Google Spreadsheet. We do not operate any servers, databases, or backend infrastructure that stores, processes, or transmits your personal or financial information.
This policy explains what Google user data SpenGo accesses, why, how it is used, and how you can delete it.
When you sign in with Google, SpenGo requests the following permissions:
| Scope | Data accessed | Why it is needed |
|---|---|---|
spreadsheets |
One specific Google Spreadsheet created by SpenGo | To read, write, and delete your expense records |
drive.file |
Files created by SpenGo only — not your entire Drive | To search for an existing SpenGo spreadsheet and to permanently delete it when you request a reset |
userinfo.profile |
Your display name and profile photo | To show your name and avatar inside the app |
userinfo.email |
Your Google account email address | To pre-select the correct account on subsequent sign-ins, avoiding the account picker popup |
SpenGo requests only the minimum scopes necessary to provide its functionality. We do not request access to Gmail, Calendar, Contacts, or any other Google service.
Data obtained via Google APIs is used solely to provide SpenGo's expense tracking functionality:
Your email address is stored locally in your browser solely to avoid the Google account-picker popup when you reload the app. It is not transmitted to any server, used for communication, or shared with any third party.
SpenGo does not use Google user data to train AI or machine learning models, for advertising, or for any purpose beyond what is described in this policy. This complies with the Google API Services User Data Policy Limited Use requirements.
SpenGo does not share your Google user data with any third parties. There are no analytics services, advertising networks, data brokers, or external APIs involved in processing your data.
All communication happens directly between your browser and Google's APIs (Sheets API, Drive API, People API, Google Identity Services). No intermediate server or proxy is involved.
Google Drive: Your expense records are stored exclusively in a Google Spreadsheet in your personal Google Drive account. This file is protected by Google's own security infrastructure and your Google account credentials.
Browser localStorage: SpenGo caches the following data locally in your browser to enable offline viewing and faster load times:
| Key | Contents | Purpose |
|---|---|---|
spengo_sheet_id |
Your spreadsheet ID | Restore session without searching Drive on every load |
spengo_expenses |
A copy of your recent expenses | Show cached data instantly while fresh data loads |
google_login_hint |
Your Google account email | Skip the account picker on silent token refresh |
spengo_numeric_sheet_id |
Internal Google sheet identifier | Optimise delete operations (avoids an extra API call) |
Browser sessionStorage: Your OAuth access token and its expiry timestamp are stored in sessionStorage for the duration of your browser session. This data is automatically cleared when the tab or browser is closed.
None of this data ever leaves your device. SpenGo has no backend server that receives, stores, or can access it.
Your expense data is retained in your Google Drive for as long as the spreadsheet exists. SpenGo never automatically deletes your data.
To delete all your data, you have two options:
Your spreadsheet can be found in Google Drive under the name SpenGo. Deleting it there permanently removes all your expense records. Browser-cached data can be cleared separately via your browser's site data settings.
To revoke SpenGo's access to your Google account, visit myaccount.google.com/permissions and remove SpenGo. This immediately prevents the app from reading or modifying any files. Your existing spreadsheet remains in your Drive unless you delete it manually.
Browser localStorage is cleared automatically when you sign out of SpenGo. You can also clear it at any time via your browser's site data settings.
Sign-in is handled entirely by Google OAuth 2.0 via the Google Identity Services (GIS) library. SpenGo never sees, requests, stores, or transmits your Google password.
OAuth access tokens are managed by the browser session. They expire automatically (typically after 1 hour) and are refreshed silently using the GIS library when you are still signed into Google.
SpenGo's use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Data obtained through Google APIs is used only to provide and improve the expense tracking features described in this policy. It is not transferred to other parties except as necessary to provide those features (i.e., direct API calls to Google's own services).
If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of SpenGo after changes are posted constitutes your acceptance of the revised policy.
If you have questions about this Privacy Policy or wish to request deletion of your data, please reach out via the project repository or open an issue on GitHub.