SpendboxSpendboxBeta
Blog
PrivacyNov 30, 20254 min read

Why we'll never ask for bank access

There's a better way to track money than handing over your credentials. Here's exactly how email forwarding works — and why it's more private than any bank connection model.

RSRavi Singh

The first question people ask about Spendbox is: "Do I need to connect my bank?" The answer is no — and we want to explain exactly why, and why that's a deliberate product decision rather than a missing feature.

Bank connections have become the default model for personal finance apps. Plaid, MX, Yodlee — these aggregators sit between your bank and the app, pulling your transaction history in bulk. It sounds convenient. But the privacy implications are significant and rarely discussed clearly.

What a bank connection actually exposes

When you connect a bank account to a finance app, you're not giving selective access. You're handing over your complete financial picture — every transaction, every balance, often going back years. The app sees your salary deposits, your rent payments, your pharmacy runs, your embarrassing late-night purchases.

Compare that to what email forwarding sees:

Data accessible to the app
!Your salary & incomeexposed
!ATM withdrawalsexposed
!All purchases (every store)exposed
!Account balancesexposed
!Transfer historyexposed
!Subscription receiptsexposed

With forwarding, we only ever see the emails you choose to send us. We have no visibility into anything else. If you forward your Netflix renewal, we learn: amount, merchant, date. That's it. We don't know your salary, we don't know your balance, and we couldn't find out even if we wanted to.

The privacy risk spectrum

Not all financial data access is equally risky. Here's how the major models compare on the dimension that matters most: how much of your financial life does the app see?

Privacy risk by tracking method
Bank scraping apps90%
OAuth bank connections55%
Card-linked offers40%
Email forwarding (Spendbox)8%

Risk score based on data breadth exposed, not likelihood of breach. Forwarding exposes only what you choose to send.

How forwarding actually works

We want to be completely transparent about the mechanics. Here's exactly what happens when you use Spendbox:

01
You get a receipt email
Netflix charges you. An email arrives in your inbox: "Your subscription has renewed."
02
You forward it once
You forward that single email to your @spendbox.co address. That's the only action required.
03
Spendbox parses it
We extract merchant, amount, currency, billing period, and next renewal date. No guessing.
04
Your dashboard updates
The subscription appears in your list, with renewal tracking and spend history. Done.

The tradeoffs are real

We're not pretending forwarding is perfect. Bank connections can capture everything automatically — subscriptions, one-off purchases, cash equivalents, the works. Forwarding requires you to remember to send the email.

But in practice, most people set up automatic forwarding filters in Gmail or Outlook in about 3 minutes. Once configured, every receipt email goes to Spendbox without any manual action. The automation is in your email client, which you own and control, not in a third-party aggregator with access to your full account.

We think that tradeoff is worth making. The constraint of "only what you choose to share" forces a cleaner, more intentional relationship with your financial data. And it means we can honestly say: we don't know anything about you that you haven't explicitly told us.

That's the kind of software we want to build. And we think it's the kind of software you deserve to use.

Privacy-first expense tracking

Your financial data stays yours

No bank connection. No credential sharing. Just forward the receipts you want tracked, and Spendbox does the rest.

Join the waitlist