Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

• Account information: Name, email address, and profile image from your OAuth provider (Google or Facebook).
• Financial data: Household budgets, accounts, envelopes, transactions, income streams, assets, and imported bank statement data that you enter or upload.
• Usage data: Login timestamps and session information.
• Location data: Approximate geolocation if you grant browser permission (used to tag transactions with location context).

2. How We Use Your Information

Your information is used solely to provide and improve the Service:

• Authenticate your identity via third-party OAuth providers.
• Store and display your budgeting data.
• Generate financial reports and analytics within the Service.
• Match imported bank transactions with your records.

3. Data Sharing

We do not sell, rent, or share your personal or financial data with third parties except:

• Payment processing through PayPal (receives only billing information, not your financial data).
• Error monitoring through Bugsnag (receives technical error information only, no financial data).
• When required by law or to protect our legal rights.

4. Data Storage and Security

Your data is stored in encrypted databases hosted on Heroku (powered by Amazon Web Services). We use HTTPS for all data in transit, CSRF protection, and industry-standard security practices.

5. Data Retention

We retain your data for as long as your account is active. You may delete your account and all associated data at any time through your profile settings.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Right to access: Request a copy of the data we hold about you.
• Right to deletion: Request permanent deletion of your account and all data. Our account deletion feature (purge) removes all households, accounts, envelopes, transactions, assets, institutions, and tags.
• Right to portability: Export your data through the AI prompt export feature or by contacting us.
• Right to rectification: Correct your data directly through the Service interface.

These rights apply under GDPR (EU), POPIA (South Africa), and similar data protection regulations.

7. Cookies and Sessions

We use session cookies to maintain your login state. We do not use tracking cookies or third-party advertising cookies.

8. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related questions or to exercise your data rights, contact us at [email protected].