HSA Buddy

Privacy Policy

Effective April 2026

Who we are

HSA Buddy is an iOS app published by Alpine Software. You can reach us at alpinesoftwareco@gmail.com.

Google user data we access

When you sign in with Google, HSA Buddy requests the following OAuth scopes so it can create and maintain a single spreadsheet and a single receipts folder in your Google account:

  • openid, profile, and email — to sign you in and display your Google name, email, and avatar inside the app.
  • https://www.googleapis.com/auth/spreadsheets — to create the HSA Buddy spreadsheet and write the receipts and reimbursements you log in the app.
  • https://www.googleapis.com/auth/drive — used solely to locate the HSA Buddy spreadsheet and receipts folder (including across reinstalls or when they are shared with you) and to upload receipt images to that folder. HSA Buddy does not browse, read, index, download, move, delete, or modify any other files in your Drive.

HSA Buddy's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we use Google user data

We use the data obtained through Google APIs only to provide and improve the user-facing features of HSA Buddy described above. Specifically, we do not:

  • Sell, rent, or share your Google user data or your receipts and reimbursement data with any third party.
  • Transfer your Google user data to third parties, except as necessary to provide or improve user-facing features, for security, or to comply with applicable law.
  • Use your Google user data, receipts, or reimbursement data to train, fine-tune, or evaluate any artificial intelligence or machine learning model, generalized or personalized.
  • Allow humans to read your Google user data, except with your explicit consent for a specific support request, to comply with applicable law, or for security purposes (for example, investigating abuse).

Storage, retention, and deletion

Receipt images and reimbursement records are written directly to the spreadsheet and receipts folder in your Google account. We do not keep a copy on our servers. Revoking HSA Buddy's access from your Google account permissions page immediately stops the app from reading or writing further. You control the spreadsheet and folder themselves and can delete them at any time from Drive.

To make any other data-related request, email us at alpinesoftwareco@gmail.com.

Security

All communication between HSA Buddy and Google is over HTTPS. OAuth access and refresh tokens are stored on your device in iOS secure storage (Keychain). No production database or backend stores your receipts, reimbursements, or Google tokens.

Third parties

HSA Buddy uses Google (for sign-in, Sheets, and Drive) and Google AdMob to serve ads that help keep the app free. AdMob may collect limited device information to deliver and measure ads in accordance with Google's AdMob privacy guidance. We request non-personalized ads only and do not share your receipts or reimbursement data with advertisers or any other third party.

Your rights

Because your receipts and reimbursements live in your Google account rather than on our servers, you can access, correct, export, or delete them at any time directly from Google Sheets and Google Drive. Depending on where you live (including, for U.S. residents, states such as California and Washington), you may have additional rights under laws like the CCPA/CPRA or the Washington My Health My Data Act. To exercise any such right, email alpinesoftwareco@gmail.com.

Children

HSA Buddy is not directed to children under 13 and we do not knowingly collect data from them.

International users

HSA Buddy is operated from the United States. If you use the app from outside the U.S., you understand that your interactions with HSA Buddy may be processed in the U.S., and that your receipts and reimbursements are stored in whichever region Google hosts your Google account.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by updating the “Effective” date above and, where appropriate, in the app.

Contact

Questions about this policy? Email alpinesoftwareco@gmail.com.