You're Scrolling Reddit, Minding Your Own Business...
You're doomscrolling on a Sunday evening when a promoted post catches your eye. It's in Norwegian, which means the targeting is working. "Bruker du for mye på mat?" — Are you spending too much on food? The ad is for Spenderlog, a free spending tracker. The screenshots look polished. The bullet points hit all the right notes: all your grocery spending in one place, safe and simple, 100% free.
100% free. That's the claim. And for an app in the "Økonomi" (Finance) category on Google Play with a 1.5 star rating from 107 reviews and 10k+ downloads, that last bullet point should be setting off alarms.
Because there's a question that any developer should instinctively ask when they see a polished, actively-advertised finance app that costs nothing and has no premium tier: What's the actual business model?
The answer is hiding in plain sight. Right there on the Google Play listing, directly below the app name: DVJ Insights IP B.V.
The Red Flag Most People Miss
When you download a spending tracker, you expect the developer to be a fintech company. You know — Mint, YNAB, Toshl, Spendee. Companies whose entire business is helping you manage your money. Their revenue model is straightforward: freemium subscriptions, premium features, maybe some anonymized benchmark data.
"DVJ Insights IP B.V." is not that. That's not a personal finance startup. That's not a fintech company. That name has "Insights" in it — the universal euphemism for "we sell data about people." And "B.V." tells you it's a Dutch company (a besloten vennootschap, the Netherlands equivalent of a private limited company).
So who is DVJ Insights, and why are they making a free spending tracker for Norwegian consumers?
Who is DVJ Insights?
DVJ Insights is a market research and analytics agency headquartered in Utrecht, the Netherlands. Founded in 1996, they specialize in brand tracking, advertising effectiveness research, and — this is the key part — shopper behavior data.
They didn't build Spenderlog from scratch. They acquired it from a Danish fintech startup and repackaged it as part of their "next generation shopper data platform" targeting the Nordic markets. In April 2025, they opened a dedicated Norwegian office, and their Greenbook listing describes them as "a full-service global marketing research and analytics agency" operating across 17 countries with offices in Utrecht, London, and Hamburg.
Their CEO, Lucas Hulsebos, said the quiet part out loud in a press release about the Nordic launch:
"For the first time, we can truly connect what people say with what they do. This closes the loop between attitudes and behaviour, giving brands a powerful new tool for growth."
That's not the language of a personal finance company. That's the language of a market research firm explaining how they bridge survey responses (what consumers claim to buy) with actual transaction data (what they really buy). Spenderlog is the mechanism for collecting that second part.
The partnerships tell the story:
- Norstat — one of Europe's largest panel recruitment companies. They recruit consumers into research panels. Together with DVJ, they built "a scientifically sampled panel of 4,000–5,000 households per country, using quotas for demographics such as age, gender, income, household composition, region, and retail preferences." Spenderlog gives those panel members a tool to submit their purchase data.
- CatMan Solution (acquired by Redslim in September 2025) — provides Power BI category management dashboards for retailers and FMCG companies. Their specialty: "deep retailer data harmonization and visualization" that gives clients access to shopper data in "a clear, structured and decision-oriented way." Nearly 20 years of experience turning purchase data into actionable dashboards for brands.
The value chain is clear: Norstat recruits the panelists, Spenderlog captures the receipt data, DVJ aggregates and analyzes it, and CatMan/Redslim serves it up in pretty dashboards for brand managers.
As MrWeb reported: DVJ acquired Spenderlog from a Danish fintech startup, and the tool "passively captures real-time digital receipt data directly from consumers." Hulsebos called the Norstat partnership "a game-changer," crediting "their local expertise and rigorous panel recruitment."
This isn't speculation. It's their stated business model. They sell consumer purchase data to brands. Spenderlog is how they collect it.
What the Privacy Policy Actually Says
To their credit, they don't technically hide what they're doing. The privacy policy lays it out — if you actually read it. Most people don't. Let's fix that.
First, a detail the Google Play listing obscures: the legal entity operating Spenderlog isn't DVJ Insights B.V. (the Dutch parent). It's DVJ Insights ApS (CVR 38453041), a Danish subsidiary registered at Ørestads Blvd. 73, 2300 Copenhagen. That's the entity listed as the data controller in the privacy policy. The Danish company structure makes sense — Spenderlog was acquired from a Danish fintech startup.
Here's what the privacy policy reveals they collect:
Personal profile data — not just your name and email. They collect your housing type, family type, income range, region, education level, employment type, year of birth, and gender. That's not what a spending tracker needs. That's a demographic survey — the kind market research companies use to build representative consumer panels.
Receipt and consumption data — "financial consumption in the form of receipt data that you provide to third parties and consumption data that you add to your account yourself." Product-level purchase data, tied to your full demographic profile.
Usage and device data — "data on the use of the service, including via cookies and logging of metadata (device, geographical location, etc.)."
And here's the kicker — the clause that explains the entire business model:
The data is also collected for the purpose of processing and disclosing the data to third parties in anonymised or aggregated form, where you can never be identified.
"Anonymised or aggregated" is doing a lot of heavy lifting in that sentence. Who are these third parties? The policy doesn't name them. But we know from DVJ's own press materials that those third parties are FMCG brands, retailers, and advertisers who pay for shopper behavior insights.
The GDPR lawful basis? Consent. "The basis for our collection and processing of personal data is that you have given your consent to the collection and processing." Consent given when you tap through the terms during onboarding — terms that most people never read.
DVJ Insights staff have access to your personal data at the user level "if necessary to develop, improve or correct services or to respond to user requests." Your data is stored "until you withdraw your consent."
And on their marketing site? "With Spenderlog you are the owner of your own data. We will never sell your personal data." Technically true in the narrowest possible sense — they sell aggregated data derived from your personal data. Your individual receipts aren't sold to Unilever with your name on them. They're mixed into a dataset of 4,000–5,000 Norwegian households and sold as "shopper panel insights." The distinction is real but the framing is disingenuous.
The terms and conditions add a few more interesting details:
- DVJ Insights "is entitled to close any Spenderlog user account without consent and without notice." That's an unusual amount of control for a spending tracker — but it makes sense for a consumer panel, where they might want to remove participants who aren't providing useful data.
- "In its current version, all services are free. In the future, some services may require payment." Translation: the app doesn't need to charge you because you are the revenue source.
- DVJ "holds the copyright to all Spenderlog's services" — you "only obtain the right to use" them.
And the FAQ on their website? One of the questions is literally "Do you sell my personal data?" — the kind of question that only needs to be in an FAQ if enough people are asking it.
The gap between what the app markets itself as ("a free spending tracker") and what the privacy policy reveals it to be ("a consumer panel data collection tool") is where the story lives.
Under the Hood: Decompiling the APK
Reading privacy policies is one thing. Let's see what the app actually does. I downloaded the APK (v2.3.3, 36.3 MB), decompiled it with jadx and apktool, and went through the source code.
Architecture: It's a React Native App
Spenderlog is built with React Native using
Wix React Native Navigation — a third-party navigation library that
replaces React Native's default JavaScript-based navigator with fully native navigation controllers. The MainApplication
class extends Wix's NavigationApplication and uses their NavigationReactNativeHost, confirming this isn't the
standard React Navigation setup.
Two things stand out in the React Native configuration. The app explicitly sets isHermesEnabled() to false —
Hermes is Meta's JavaScript engine that compiles JS to optimized bytecode, and has been
the default for new React Native projects since 2022. Without it, the app ships a raw 7.2 MB JavaScript bundle
(assets/index.android.bundle) — plain, readable JavaScript rather than compiled bytecode. It also sets
isNewArchEnabled() to false, opting out of React Native's
New Architecture (Fabric renderer and TurboModules),
which was introduced to improve performance through synchronous native calls and concurrent rendering. Both of these
are explicitly disabled in the decompiled source, meaning the app runs on the older "bridge" architecture — which,
for our purposes, makes analysis easier.
The native Android side is a thin shell: a MainActivity with a splash screen (compass logo on green background) and
a MainApplication that initializes the Facebook SDK and loads React Native packages.
The real business logic lives in that 7.2 MB JavaScript bundle at assets/index.android.bundle. Because Hermes is
disabled, this is plain JavaScript rather than compiled bytecode — meaning you can read the API calls, data models,
and receipt processing logic directly.
The Backend: api.data4insight.com
Here's where it gets interesting. The app communicates with a backend at https://api.data4insight.com. Not
api.spenderlog.com. Not api.dvj-insights.com. data4insight.com — the original name of the Danish startup before
DVJ acquired it. The Firebase project is also named d4i-app.
Extracting URLs from the JavaScript bundle reveals the full API surface:
User management:
POST /v1/users/register
DELETE /v1/users/delete
GET /v1/users/last-e-receipts-update
GET /v1/profiles
GET /v1/settings
Receipt data collection:
GET /v1/receipts
POST /v1/receipts/manual
GET /v1/receipts/line
GET /v1/receipts/lines/
POST /v1/receipts/line/category
GET /v1/receipts/categories
GET /v1/receipts/categories_lines
POST /v1/scan/
And here's the real payload — 20+ retailer integration endpoints that fetch your e-receipts directly from Nordic grocery chains:
/v1/fetch_coop (Denmark)
/v1/fetch_coop_no (Norway)
/v1/fetch_coop_se (Sweden)
/v1/fetch_rema1000 (Norway/Denmark)
/v1/fetch_meny (Norway)
/v1/fetch_spar (Norway)
/v1/fetch_reitan_no (Norway - Rema 1000 parent)
/v1/fetch_trumf_no (Norway - NorgesGruppen loyalty)
/v1/fetch_bilka (Denmark - Salling Group)
/v1/fetch_fotex (Denmark - Salling Group)
/v1/fetch_netto (Denmark - Salling Group)
/v1/fetch_nemlig (Denmark)
/v1/fetch_lidl
/v1/fetch_willys_se (Sweden)
/v1/fetch_hemkop_se (Sweden)
/v1/fetch_citygross_se (Sweden)
/v1/fetch_horkram (Sweden)
/v1/fetch_kivra_se (Sweden - digital mailbox)
/v1/fetch_storebox (Denmark - digital receipts)
/v1/fetch_ereceipts (generic)
When you connect your loyalty accounts, Spenderlog logs into your Trumf, Coop, Rema 1000, and other accounts on your
behalf and pulls every receipt — every item, price, store, and date — all fed into api.data4insight.com.
There are also endpoints for Storebox credentials including OTP verification — meaning the app stores your login
credentials for these third-party services on their backend. The /v1/storebox_credentials and
/v1/storebox_credentials/otp endpoints handle this.
How Receipt Collection Actually Works
The app has two methods for capturing receipt data:
1. OCR scanning — A custom native camera module (com.d4iapp.camera.CameraModule) uses Google Mobile Vision
TextRecognizer and OpenCV to process photos of paper receipts. The code reconstructs text lines from bounding
boxes — standard OCR pipeline for extracting store names, items, prices, and totals from printed receipts. This is the
less interesting method.
2. E-receipt fetching — This is the main event, and how the "passive" collection works. When you connect a store in the app, a modal pops up with the helpful text:
"Please provide your store credentials in order to fetch receipts"
Each retailer has its own credential modal. Here's what the app asks for, extracted directly from the JS bundle:
| Store | Credentials collected | UI prompts |
|---|---|---|
| Coop Norway | Email + password | "Insert your Coop login email here", "Insert your Coop password here" |
| Trumf (Norgesgruppen) | Phone number + password | "+47 XXXXXXXX", "Insert your Trumf password here" |
| Rema1000 (Reitan) | Phone number → OTP | "+47 XXXXXXXX" — triggers server-side OTP |
| Meny / Spar | Credentials + password | Password field |
| Swedish Coop / Kivra | BankID | QR code or app redirect |
| Storebox (DK) | Email + password + reCAPTCHA | Then OTP verification |
You enter these credentials directly into Spenderlog. The app sends them to DVJ's backend:
POST https://api.data4insight.com/v1/storebox_credentials
{
credentialsId: ...,
token: <firebase_auth_token>,
os: "Android 14",
email: <your_email>,
memberNumber: <loyalty_member_number>,
phone_number: <your_phone>,
password: <your_store_password>
}
Your store credentials are stored server-side on DVJ's infrastructure. Their backend then logs into the retailer on your behalf and pulls receipts. This is the same credential-forwarding approach that companies like Plaid and Tink have used for years to aggregate financial data — it's an established pattern when retailers don't offer proper APIs, which most Nordic grocery chains don't. Nothing unusual about the technique itself.
For stores that require two-factor authentication (like Rema1000 via phone verification), the app handles this with an OTP relay. DVJ's backend attempts the login, the store sends a code to your phone, and the app shows a "Two-Factor Authentication" screen where you enter it:
POST https://api.data4insight.com/v1/storebox_credentials/otp
{
otp: <the_code_from_your_phone>,
credentials_id: ...,
token: <firebase_auth_token>,
...
}
The backend responds with an otp_required flag to trigger this flow dynamically. Again, standard for this kind of
integration — Tink does the same thing for bank logins.
For Swedish Coop and Kivra, the app uses BankID (QR code or app redirect) instead of passwords, which is the standard authentication method in Sweden.
The technical implementation is reasonable. What matters is where the data goes after collection — and we've already established that it goes to DVJ Insights' shopper data platform for resale to FMCG brands. The credential-forwarding is the plumbing. The business model is the story.
Permissions: 22 and Counting
The Exodus Privacy report from 2019 found 10 permissions. The current version (v2.3.3) requests 22. Here's what was added:
| Permission | Why it's notable |
|---|---|
AD_ID | Collects your Google Advertising ID — a unique identifier used for cross-app ad tracking |
ACCESS_ADSERVICES_ATTRIBUTION | Android 13+ advertising attribution API |
ACCESS_ADSERVICES_AD_ID | Another ad services permission for ad ID access |
POST_NOTIFICATIONS | Push notifications (for nudging you to scan more receipts?) |
USE_BIOMETRIC / USE_FINGERPRINT | Biometric authentication — likely for BankID integration |
ACCESS_WIFI_STATE | Wi-Fi network information |
CHECK_LICENSE | Google Play license verification |
READ_GSERVICES | Access Google Play Services data |
The AD_ID and ACCESS_ADSERVICES_* permissions are the most telling additions. These are specifically for
advertising identification — tracking you across apps and correlating your Spenderlog activity with ad exposure.
This is exactly what a market research firm needs to "connect what people say with what they do."
The original suspicious permissions remain: ACCESS_FINE_LOCATION (precise GPS — for matching purchases to specific
store locations) and SYSTEM_ALERT_WINDOW (a React Native dev overlay permission that arguably shouldn't be in a
production build).
Tracking SDKs: The Full Picture
The Exodus Privacy report (v1.141) detected 10 trackers. Decompiling the current version reveals the full picture:
| SDK | Type | Details |
|---|---|---|
| Firebase Analytics | Analytics | Collection enabled, screen reporting enabled, ad storage and personalization all enabled |
| Firebase Auth | Authentication | Includes reCAPTCHA and Google Sign-In |
| Firebase Cloud Messaging | Push notifications | 3 services registered in manifest |
| Facebook SDK | Analytics + Identity | App ID 152426608843564, initialized in Application.onCreate(), AppEventsLogger.activateApp() called on every launch |
| Sentry | Error tracking | DSN points to sentry.io/1852506, auto-init disabled (initialized from JS for more control) |
| Bugsnag | Error tracking | API key embedded in the APK |
| Microsoft AppCenter / CodePush | Analytics + OTA updates | App secret embedded, CodePush server at codepush.appcenter.ms — allows pushing code updates without going through the app store |
| Google AdMob | Advertising | Uses the Google test ad unit ID — may be a placeholder or used solely for device fingerprinting |
| Google Play Services | Device identity | ADID collection enabled, SSAID collection enabled |
The Facebook SDK deserves special attention. It's initialized in MainApplication.onCreate() — meaning it starts
collecting data the moment the app launches, before you've even interacted with it:
public void onCreate() {
super.onCreate();
SoLoader.init((Context) this, false);
FacebookSdk.sdkInitialize(this);
AppEventsLogger.activateApp(this);
}
AppEventsLogger.activateApp() sends an "app activated" event to Facebook's servers with device information,
app version, and any available identifiers. This happens every single time you open the app, regardless of whether
you use Facebook Login.
No Certificate Pinning
There is no certificate pinning configured. No network_security_config.xml, no CertificatePinner setup in
OkHttp. This is common for React Native apps and means anyone with a proxy (like Proxyman, mitmproxy, or Charles) can intercept
and inspect all traffic between the app and api.data4insight.com — making dynamic analysis straightforward.
Configuration Keys
The decompiled APK contains the usual collection of client-side keys:
- Firebase API key and project configuration (
d4i-app) - Facebook App ID (
152426608843564) and Client Token - Bugsnag API key
- Sentry DSN (
sentry.io/1852506) - AppCenter secret
These are all client-side keys that are expected to be in the APK — Firebase and Facebook require them. The Firebase
project name d4i-app further confirms the Data4Insight origin of the codebase.
The Business Model: How Shopper Data Brokerage Works
To understand why a Dutch market research agency would build a free spending tracker for Norwegian consumers, you need to understand the shopper panel industry.
The basic mechanics: FMCG (fast-moving consumer goods) brands — your Unilevers, Nestlés, P&Gs — are obsessed with understanding exactly what people buy, where they buy it, how much they pay, and what they bought instead of the competitor's product. This data is worth an enormous amount of money.
Traditionally, this data came from three sources:
- Retailer data — Point-of-sale data sold by supermarket chains. Dunnhumby (the data science company behind Tesco Clubcard) pioneered this model. In Norway, this means data from Norgesgruppen (Kiwi, Meny, Spar), Coop, and Rema 1000 — though Norwegian retailers have historically been more protective of their data than UK counterparts.
- Consumer panels — Households recruited to scan every purchase. The traditional gold standard. NielsenIQ (which merged with GfK in 2023) operates Homescan, tracking purchases across more than 250,000 households in 25 countries. Circana (formerly IRI + NPD) is the other major player. Annual subscriptions for panel data typically run in the tens of thousands of dollars, depending on categories, markets, and granularity.
- Receipt scanning apps — The newer, cheaper model. Instead of mailing households barcode scanners, you give them an app. The data is more granular (full receipt-level) and the collection is passive. This is where DVJ Insights fits in.
DVJ Insights' approach is the third model, turbocharged by their research agency expertise. Their materials describe building "a scientifically sampled panel of 4,000–5,000 households per country" — small compared to NielsenIQ's 250,000+ but targeted and cost-effective for the Nordics. And where NielsenIQ charges brands tens of thousands per year for panel data, DVJ can offer similar insights at a fraction of the cost because their collection tool (Spenderlog) is free to operate — the users are the infrastructure.
The value chain is simple:
Consumer (uses "free" app) → Spenderlog (collects receipt data) → DVJ Insights (aggregates, analyzes, enriches with survey data) → CatMan/Redslim (serves dashboards) → Brand clients (pay for insights)
You are the product. Your grocery receipts are the raw material. DVJ Insights is the refinery. And brands like Unilever, Nestlé, and Procter & Gamble are the customers.
Where Does Your Data End Up?
DVJ Insights is active on the market research conference circuit — the places where data vendors meet data buyers:
- ESOMAR 2024 (Athens) — DVJ had a booth (stand #40) and hosted an interactive lunch session. Their team included their Global Head of Brand & Shopper, Global Head of Brand & Communication, and Global Head of Brand & Innovation. They've been nominated for ESOMAR awards.
- IIeX Europe 2025 (Amsterdam) — DVJ is presenting in partnership with Philips on how AI combined with consumer research can optimize Point of Sale Materials. That's a named FMCG client, presenting alongside DVJ about using consumer data for retail optimization.
The Philips partnership at IIeX is revealing. It tells you exactly who buys this data and what they use it for: FMCG brands optimizing their in-store presence based on actual shopper behavior data.
On the downstream side, CatMan Solution (now Redslim) provides the delivery mechanism. Their Power BI dashboards give FMCG companies "intuitive and reliable reports and tools to make faster and better decisions" around category management, sales performance, and store-level execution. When Redslim (backed by private equity firm Astorg) acquired CatMan in September 2025, they described creating "a global data powerhouse" in retail measurement and retailer direct data.
The Pattern: Other Apps Doing the Same Thing
Spenderlog isn't unique. It's an instance of a well-established pattern in the market research industry: offer consumers a "free" tool that solves a real problem, and collect their data in return.
Some examples across the transparency spectrum:
- NielsenIQ Homescan / GfK ConsumerScan — The traditional model. They recruit you into a panel, give you a barcode scanner (or an app), and you scan every purchase. They're upfront: this is market research, and panelists often receive small incentives. No pretense of being a personal finance tool.
- Trumf (Norway) — Norgesgruppen's loyalty program (used at Kiwi, Meny, Spar, Joker). They collect your purchase data, but at least you get tangible cashback (1% on groceries). And the data stays within Norgesgruppen's ecosystem.
- Coop (Norway) — Coop's member app and loyalty program collects detailed purchase data across their stores (Extra, Obs, Prix, Marked). You get personalized digital coupons and member prices, and Coop works with dunnhumby to analyze the data. Again — at least the value exchange is clear and the data stays within the cooperative.
- Rema 1000 Æ (Norway) — Rema's app gives you automatic bonus (10–25% on fruit and vegetables) and personalized price cuts. They collect your purchase data, but you get meaningful discounts in return, and it's tied to a retailer you're already shopping at.
- PAYBACK (Germany) — Germany's dominant multi-partner loyalty program, used at Rewe, dm, Aral, and dozens of other retailers. You collect points across partners and redeem them for vouchers or cash. The data aggregation across partners is significant, but the program is transparent about being a rewards-for-data exchange.
- Amazon Shopper Panel (US/UK/EU) — Amazon pays up to $10/month for participants to upload receipts from purchases made outside Amazon. The deal is explicit: they want to see what you buy from competitors. Available in the US, UK, Germany, France, and Spain.
- Shopmium / CheckoutSmart — Cashback apps where brands subsidize specific products. The data collection is implicit but the value exchange is clear: try this product, get money back, we know you bought it.
The difference between these and Spenderlog is transparency. NielsenIQ tells you upfront: "this is market research." Trumf gives you cashback. Coop gives you coupons. PAYBACK gives you points. Spenderlog gives you... a spending chart. And sends your receipt data to a Dutch market research agency that packages it for FMCG brands.
The information asymmetry is the issue. Not that data is collected — but that the collection is dressed up as a personal finance utility.
What You Can Do About It
This isn't a call to delete all your apps and go live in a cave. It's a call to read the fine print — or at least Google the developer name before handing over your financial data.
Before installing any "free" finance app:
- Check the developer. Search the company name. If it's a market research agency, an advertising company, or a data broker — that's the business model. You are the product.
- Read the privacy policy. Specifically look for: who data is shared with, whether data is sold or licensed to third parties, and what "anonymized" or "aggregated" actually means in their definition.
- Check the permissions. Does a spending tracker really need access to your contacts, location, or camera beyond receipt scanning?
- Look for the revenue model. If there's no subscription, no ads, and no premium tier — the revenue is coming from somewhere. That somewhere is usually your data.
Privacy-respecting alternatives for spending tracking:
- YNAB — $14.99/month. Expensive, but their business model is selling you a subscription, not selling your data to Unilever. They make money when you keep paying, not when you keep scanning receipts.
- Toshl Finance — Freemium with a paid tier. Independent company, straightforward revenue model.
- A spreadsheet — Seriously. If you just want to track grocery spending, a shared Google Sheet or Excel file does the job with zero data sharing. It's less pretty, but your purchase history stays on your own device.
- Your bank's built-in tools — Most Norwegian banks (DNB, Nordea, SpareBank 1) now offer spending categorization in their own apps. The data stays within your existing banking relationship.
Conclusion
I want to be clear about what this post is and isn't. This isn't a conspiracy theory. DVJ Insights isn't doing anything illegal (as far as I can tell). They have a privacy policy. They (presumably) obtain consent under GDPR. The data sharing is disclosed, if you know where to look.
But look at what we found by just pulling the APK apart: a React Native app that takes your Trumf, Coop, and Rema 1000 passwords, stores them on DVJ's servers, and logs in as you to scrape every receipt. 22 permissions including advertising ID tracking. Facebook SDK sending events on every launch. Sentry, Bugsnag, AppCenter, Firebase Analytics all integrated. No certificate pinning. Your demographic profile — income, education, housing, family — collected alongside your purchase history and shipped to a market research agency that sells it to FMCG brands through Power BI dashboards.
And the irony: the app asks for your Trumf credentials (Norgesgruppen's loyalty program). If you use Spenderlog, your
Norgesgruppen purchase data doesn't just stay with Norgesgruppen anymore. It flows through DVJ Insights' backend at
api.data4insight.com and into the hands of whoever pays for their shopper panel data. Norgesgruppen gives you 1%
cashback through Trumf for the privilege of collecting your purchase data. DVJ Insights takes that same data — for
free — and sells it to Norgesgruppen's competitors.
The issue is the framing. When you sign up for a Nielsen panel, you know you're participating in market research. When you install Spenderlog, you think you're getting a spending tracker. Both collect your purchase data for commercial use. Only one is honest about it.
The Reddit ad doesn't say "Join our consumer research panel and submit your grocery receipts so we can sell aggregated purchase data to FMCG brands." It says "Bruker du for mye på mat?" and shows a clean, green UI with a big "100% kostnadsfritt" label.
100% free. As long as you don't count your data.
Have you encountered other apps where the real business model is hidden behind a utility facade? I'd be interested to hear about them — reach out on Twitter/X or drop me an email.
