Last updated: June 2026
SpenGo is a personal expense tracker that stores all your financial data directly in your own Google Spreadsheet. We do not operate any servers, databases, or backend infrastructure that stores, processes, or transmits your personal or financial information.
This policy explains what Google user data SpenGo accesses, why, how it is used, and how you can delete it.
When you sign in with Google, SpenGo requests the following permissions:
| Scope | Data accessed | Why it is needed |
|---|---|---|
drive.file |
Only the Google Spreadsheet created by SpenGo — not your entire Drive | To create, read, write, and delete expense records in the SpenGo spreadsheet. Access is limited exclusively to files created by this application. |
spreadsheets |
The content (rows and cells) of the SpenGo spreadsheet, including shared spreadsheets you have been invited to | To read and write expense records. Also used when you access a spreadsheet shared with you via an access link — drive.file covers only files this app created, while spreadsheets allows reading and writing a spreadsheet owned by another account. |
userinfo.profile |
Your display name and profile photo | To show your name and avatar inside the app |
userinfo.email |
Your Google account email address | To pre-select the correct account on subsequent sign-ins, avoiding the account picker popup |
SpenGo requests only the minimum scopes necessary to provide its functionality. The spreadsheets scope is classified as a sensitive scope by Google — it is not a restricted scope, and does not grant access to any Google service beyond Sheets data. We do not request access to Gmail, Calendar, Contacts, or any other Google service.
Data obtained via Google APIs is used solely to provide SpenGo's expense tracking functionality:
Your email address is stored locally in your browser solely to avoid the Google account-picker popup when you reload the app. It is not transmitted to any server, used for communication, or shared with any third party.
SpenGo does not use Google user data to train AI or machine learning models, for advertising, or for any purpose beyond what is described in this policy. This complies with the Google API Services User Data Policy Limited Use requirements.
SpenGo allows the owner of a SpenGo spreadsheet to share it with one other Google account. This is an optional feature and is never enabled by default.
When you use the Share feature:
| Action | What happens |
|---|---|
| You share with another person | SpenGo calls the Google Drive Permissions API to grant the specified Google account writer access to your SpenGo spreadsheet. Google sends a notification email to that person on your behalf. |
| The other person opens the access link and signs into SpenGo | SpenGo reads the spreadsheet ID from the access link and verifies access using the spreadsheets scope. No Drive search is performed. They can read and edit all expense records in that file. |
| You revoke access | SpenGo calls the Drive Permissions API to remove the permission. The other person immediately loses access to the spreadsheet. |
Sharing is strictly between Google accounts. SpenGo does not store the shared person's email on any server — it is only persisted in your browser's localStorage as a display cache and is cleared on sign-out.
SpenGo does not share your Google user data with any third parties. There are no analytics services, advertising networks, data brokers, or external APIs involved in processing your data.
All communication happens directly between your browser and Google's APIs (Sheets API, Drive API, People API, Google Identity Services). No intermediate server or proxy is involved.
Google Drive: Your expense records are stored exclusively in a Google Spreadsheet in your personal Google Drive account. This file is protected by Google's own security infrastructure and your Google account credentials.
Browser localStorage: SpenGo caches the following data locally in your browser to enable offline viewing and faster load times:
| Key | Contents | Purpose |
|---|---|---|
spengo_sheet_id |
Your spreadsheet ID | Restore session without searching Drive on every load |
spengo_expenses |
A copy of your recent expenses | Show cached data instantly while fresh data loads |
google_login_hint |
Your Google account email | Skip the account picker on silent token refresh |
spengo_numeric_sheet_id |
Internal Google sheet identifier | Optimise delete operations (avoids an extra API call) |
spengo_shared_users |
Email, display name, and Drive permission ID of the person you have shared with (if any) | Display the shared-user list instantly without an extra Drive API call on every modal open. Cleared on sign-out. |
spengo_sheet_owner |
Email address of the spreadsheet owner | Allows the app to show the correct owner/guest state in the profile screen without an extra API call. Cleared on sign-out. |
spengo-theme |
"dark" or "light" |
Persists your chosen colour theme across sessions. Cleared when you clear browser site data. |
spengo_anon_id |
A randomly generated UUID (e.g. 7576dd17-…) |
Anonymous identifier used solely to enforce a rate limit on the in-app feedback form. Never linked to your identity or transmitted to any server — evaluated client-side only. |
Browser sessionStorage: Your OAuth access token and its expiry timestamp are stored in sessionStorage for the duration of your browser session. This data is automatically cleared when the tab or browser is closed.
None of this data ever leaves your device. SpenGo has no backend server that receives, stores, or can access it.
Your expense data is retained in your Google Drive for as long as the spreadsheet exists. SpenGo never automatically deletes your data.
To delete all your data, you have two options:
Your spreadsheet can be found in Google Drive under the name SpenGo. Deleting it there permanently removes all your expense records. Browser-cached data can be cleared separately via your browser's site data settings.
To revoke SpenGo's access to your Google account, visit myaccount.google.com/permissions and remove SpenGo. This immediately prevents the app from reading or modifying any files. Your existing spreadsheet remains in your Drive unless you delete it manually.
Browser localStorage is cleared automatically when you sign out of SpenGo. You can also clear it at any time via your browser's site data settings.
Sign-in is handled entirely by Google OAuth 2.0 via the Google Identity Services (GIS) library. SpenGo never sees, requests, stores, or transmits your Google password.
OAuth access tokens are managed by the browser session. They expire automatically (typically after 1 hour) and are refreshed silently using the GIS library when you are still signed into Google.
SpenGo's use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Data obtained through Google APIs is used only to provide and improve the expense tracking features described in this policy. It is not transferred to other parties except as necessary to provide those features (i.e., direct API calls to Google's own services).
If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of SpenGo after changes are posted constitutes your acceptance of the revised policy.
If you have questions about this Privacy Policy or wish to request deletion of your data, please reach out via the project repository or open an issue on GitHub.