When you authorize an app to connect to FamSpend (e.g. the FamSpend.io Helper Custom GPT on ChatGPT), the app receives an OAuth token with specific permissions on your workspace. That token can be revoked in one click anytime.
Where to revoke
Settings → Connected apps.
You see a list of authorized apps with:
- App name (e.g. FamSpend.io Helper)
- Workspace it has access to
- Granted permissions (read workspace, read expenses, etc.)
- Connected on [date]
- Last access [date and time of the last API call]
- Disconnect button
What happens on "Disconnect" click
- The app's OAuth token is invalidated
- All future API calls from the app to your workspace fail with
401 Unauthorized - The refresh token is revoked — the app can't get a new token without you authorizing again
The effect is immediate. If at that moment the AI Helper is in the middle of a call, it fails. If you're chatting with the Helper in ChatGPT, the next operational message gets a "Looks like your authorization expired. Want to re-authorize?" error and the Helper restarts with the consent flow.
What does NOT happen
- Data created by the app isn't deleted — if the Helper had created 12 expenses in your workspace, they stay. They're your data, and revoking access doesn't touch them.
- Past conversations in ChatGPT stay on ChatGPT (OpenAI server), managed per OpenAI's policies. To delete them go to ChatGPT settings.
When to re-authorize
Reopening the AI Helper in ChatGPT, on the first operational message you'll see the consent screen:
FamSpend.io Helper wants to access your workspace. Requested permissions: Read workspace, Read Cost Centers, Read expenses. [Authorize] [Deny]
Click Authorize and the app resumes with a new token. Nothing about what was created/edited in the past changes.
Difference between revoke and account deletion
| Action | Effect |
|---|---|
| Revoke app | The app loses access, but your FamSpend account and data stay |
| Delete account | Your data is deleted, and as a consequence the app loses access (because there's nothing left to access) |
For full deletion see Where your data lives.
List of apps that can be connected today
At the moment, one official OAuth integration:
- FamSpend.io Helper (Custom GPT on ChatGPT) — see The FamSpend AI Helper in ChatGPT
In the future we'll have:
- Calendar integrations (Google Calendar, Apple Calendar) to export due dates
- Personal cloud backup integrations (e.g. Dropbox)
- Public API for developers building custom integrations
All will have the same pattern: scoped permissions, revocable token, visible in Settings → Connected apps.
What is NOT a connected app
These are your devices (browser, phone) — they aren't "connected apps". Active session management across devices is on the roadmap; for now to close a session on a device just sign out from there.
Internal audit
FamSpend keeps a server-side audit log of every OAuth call made by
connected apps. A self-service view in settings is on the roadmap;
for now if you suspect unusual access contact security@famspend.io
and we'll help you check.
Suspected unauthorized access
If you suspect a connected app is doing things you don't recognize:
- Immediately revoke the app from Settings → Connected apps
- Change password of your FamSpend account
- Write to
security@famspend.iowith details
A person answers, not a bot, within 24 hours.