Privacy

Overspender is a personal, non-commercial net-worth and spending tracker built and run by a private individual for himself and a small circle of friends. It is not a product, it is not for sale, and it carries no advertising. Your data is never sold or shared for marketing.

Only what you enter and what is needed to sign you in: the financial figures you add (accounts, positions, transactions, budgets, allocation targets), the email address you authenticate with, and an optional display name. Every row is scoped to your account at the database level — other users cannot read it.

The tool relies on a few service providers, each handling only what its job needs:

• Supabase (EU region) — authentication and the database that stores your figures.
• Vercel — hosting and request logs.
• Resend — transactional email (drift alerts, account notices).
• Kubera — market price and FX data (no personal data is sent).
• Anthropic — only if you run the optional AI “analyst council”, the portfolio figures you submit to it are processed for that request.

Where the EU GDPR applies you may request access to, rectification of, erasure of, restriction of, or a portable export of your data, and you may object to processing. To exercise any of these, email hj5@stern.ch. Because the tool is single-user-scoped, most of these you can also do yourself by editing or deleting your entries.

The data controller is the individual operator, reachable at hj5@stern.ch. Processing is also subject to the revised Swiss Federal Act on Data Protection (FADP), which grants you broadly equivalent access, correction, and deletion rights.

Overspender is provided as-is, for personal, non-commercial use, with no warranty of any kind. To the maximum extent permitted by law, the operator accepts no liability for indirect or consequential damages, or for decisions made on the basis of figures shown here.

This exclusion is limited by law and does not apply where it cannot: under Swiss law (CO art. 100) liability for unlawful intent or gross negligence cannot be excluded in advance, and liability for data-protection breaches under the GDPR (art. 82) cannot be contractually waived.