HSA Buddy

Privacy Policy

Effective May 13, 2026

Who we are

HSA Buddy is an iOS app published by Alpine Software. You can reach us at alpinesoftwareco@gmail.com.

Google user data we access

When you sign in with Google, HSA Buddy requests the following OAuth scopes so it can create and maintain a single spreadsheet and a single receipts folder in your Google account:

  • openid, profile, and email — to sign you in and display your Google name, email, and avatar inside the app.
  • https://www.googleapis.com/auth/drive.file — to create the HSA Buddy spreadsheet and Receipts folder, write the receipts and reimbursements you log, and upload receipt images. HSA Buddy can only read or update the spreadsheet and files it created on your behalf, and cannot see, browse, index, download, move, delete, or modify any other files in your Drive.

HSA Buddy's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we use Google user data

We use the data obtained through Google APIs only to provide and improve the user-facing features of HSA Buddy described above. Specifically, we do not:

  • Sell, rent, or share your Google user data or your receipts and reimbursement data with any third party.
  • Transfer your Google user data to third parties, except as necessary to provide or improve user-facing features, for security, or to comply with applicable law.
  • Use your Google user data, receipts, or reimbursement data to train, fine-tune, or evaluate any artificial intelligence or machine learning model, generalized or personalized.
  • Allow humans to read your Google user data, except with your explicit consent for a specific support request, to comply with applicable law, or for security purposes (for example, investigating abuse).

Storage, retention, and deletion

Receipt images and reimbursement records are written directly to the spreadsheet and receipts folder in your Google account. We do not keep a copy on our servers. Revoking HSA Buddy's access from your Google account permissions page immediately stops the app from reading or writing further. You control the spreadsheet and folder themselves and can delete them at any time from Drive.

To make any other data-related request, email us at alpinesoftwareco@gmail.com.

Account deletion

You can delete your HSA Buddy account at any time from inside the app:

  1. Open HSA Buddy.
  2. Tap the gear icon in the top-left of the home screen.
  3. Tap “Delete Account” and confirm.

When you confirm, HSA Buddy revokes its access to your Google account and removes all locally-stored data on this device (authentication tokens, your profile, and the workspace pointers used to find your spreadsheet).

Your HSA Buddy spreadsheet and the “HSA Buddy Receipts” folder remain in your own Google Drive as an audit trail. You can delete them directly at drive.google.com whenever you choose. HSA Buddy does not operate any server or store user data outside your device and your own Google Drive, so there is no additional backend data to delete.

If you have questions about account deletion or want help removing your records, email us at alpinesoftwareco@gmail.com.

Security

All communication between HSA Buddy and Google is over HTTPS. OAuth access and refresh tokens are stored on your device in iOS secure storage (Keychain). No production database or backend stores your receipts, reimbursements, or Google tokens.

Third parties

HSA Buddy uses Google (for sign-in, Sheets, and Drive) and Google AdMob to serve ads that help keep the app free. AdMob may collect limited device information to deliver and measure ads in accordance with Google's AdMob privacy guidance. We request non-personalized ads only and do not share your receipts or reimbursement data with advertisers or any other third party.

Your rights

Because your receipts and reimbursements live in your Google account rather than on our servers, you can access, correct, export, or delete them at any time directly from Google Sheets and Google Drive. Depending on where you live (including, for U.S. residents, states such as California and Washington), you may have additional rights under laws like the CCPA/CPRA or the Washington My Health My Data Act. To exercise any such right, email alpinesoftwareco@gmail.com.

Children

HSA Buddy is not directed to children under 13 and we do not knowingly collect data from them.

International users

HSA Buddy is operated from the United States. If you use the app from outside the U.S., you understand that your interactions with HSA Buddy may be processed in the U.S., and that your receipts and reimbursements are stored in whichever region Google hosts your Google account.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by updating the “Effective” date above and, where appropriate, in the app.

Contact

Questions about this policy? Email alpinesoftwareco@gmail.com.