I think it's similar to [Security Through Obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity), since Google may not be interested in one single person. But still, it only means Google doesn't want to, It doesn't mean they are not able to. Plus, using Google Sheets as backend means you have to choose "publish to the web". While the data was set to public, you've dropped the [expectation of privacy](https://en.wikipedia.org/wiki/Expectation_of_privacy). And I'm sure Google is still going to analyze your usage of their product no matter what.
Yeah, the wording is probably not quite correct, but I think the point they are trying to make is that if you are already trusting Google, you are not adding and additional party who's server has access to your data.
The tracker is heavily inspired by Mitul's work – also I contributed a bit to his project. But I wanted to customise it slightly to my needs and use React along the way (to have a nice showcase for it).
And yes, you are right – Google is 3rd party and the wording is slightly unfortunate, but what I meant is that the security will be totally different level if I'd implement the backend myself and there won't be anyone machine learning on your expense records (apart from google looking at a generic spreadsheet).
> there won't be anyone machine learning on your expense records (apart from google looking at a generic spreadsheet).
… how is this not “anyone machine learning on your expense records” again? Does Google specifically forbid themselves that, and I didn't notice? Piercing the veil of “generic” is one of the main things classification ML does, yes?