Back to home

Privacy Policy — SpoonFeed by NeuralNachos

Effective date: 13 May 2026

Who we are

Account data: phone number (for OTP login), display name.
Documents: photos of letters, bills, and paperwork you choose to capture.
Email data: email headers, message content, and attachments from connected Gmail accounts (with your explicit consent via OAuth).
WhatsApp messages: message text and any images/documents you send to Spoon.
Chat history: conversations with the Spoon AI assistant.
Memory entries: key facts extracted from your documents and conversations (e.g. "energy provider: British Gas").
Financial data: outgoings, income, debts, and budgets you provide or that are extracted from documents.
Routine data: daily routines and calendar events.

AI analysis: your documents, emails, and messages are processed by AI models (Google Gemini Flash for routine tasks, Anthropic Claude Sonnet for complex reasoning) to extract actionable information, create prioritised task cards, and provide guidance.
Email processing: we use Gmail API scopes to read your emails (gmail.readonly), send emails you've drafted and approved (gmail.send), and mark processed emails as read (gmail.modify). We only access email data after you explicitly connect your Gmail account.
WhatsApp: if you opt in, Spoon sends reminders and responds to your messages via WhatsApp Business API (Meta Cloud API). WhatsApp messages pass through Meta's servers — see our WhatsApp consent section below.
Task prioritisation and deadline tracking.
Financial guidance and debt management support.

The first time you discuss money or finances over WhatsApp, Spoon will explain that WhatsApp messages pass through Meta's servers.
You can choose to continue discussing finances on WhatsApp or switch to the in-app chat.
Your choice is stored and can be changed at any time.
Regardless of your choice, we never share your financial data with Meta or any third party.
Sensitive data (bank balances, debt amounts, creditor references) is never sent over WhatsApp unless you have explicitly consented.

All data is stored in encrypted PostgreSQL databases hosted on Supabase (EU region).
Email OAuth refresh tokens are encrypted using Fernet (AES-128-CBC) before storage.
API keys and credentials are stored in encrypted device storage (EncryptedSharedPreferences on Android, Keychain on iOS).
Your Gmail refresh token is never stored on your device — it is held only on our backend server.
Database access requires authenticated API calls with per-user session tokens.

SpoonFeed's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements (https://developers.google.com/terms/api-services-user-data-policy).
We only request the minimum Gmail scopes necessary for the app's functionality.
We do not use Google user data for advertising.
We do not allow humans to read your email content unless you explicitly request support and provide consent.

We do NOT sell, rent, or share your personal data with any third party.
Your data is processed by AI providers (Google and Anthropic) as part of providing the service — this is limited to the minimum context needed for each request.
We do not use your data to train AI models.
We may disclose data if required by UK law.

Your data is retained for as long as your account is active.
You can delete individual cases, memories, and chat history from within the app.
You can request complete account deletion by contacting eamonn@neuralnachos.com.
Upon deletion, all personal data is permanently removed within 30 days.