Privacy Policy

1. Introduction

Budgly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using the Service:

• Account Information: Email address, name (optional), and authentication credentials when you create an account
• Financial Data: Budget categories, income amounts, expense entries, bill amounts, savings goals, debt information, and subscription details you enter into the Service
• Payment Information: When you subscribe to our paid plans, payment is processed by Stripe. We do not store your credit card numbers or banking details
• Communications: Information you provide when contacting our support team or responding to surveys
• Preferences: Currency settings, notification preferences, and other customization options

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device Information: Device type, operating system, browser type, and version
• Usage Data: Features used, pages visited, actions taken within the app, and timestamps
• Log Data: IP address, access times, and referring URLs
• Cookies and Similar Technologies: Essential cookies for authentication and session management

2.3 Information from Third Parties

If you sign in using Google authentication, we receive your email address and basic profile information from Google. We do not receive or store your Google password.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: To operate, maintain, and deliver the budgeting features you use
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Sync and Backup: To synchronize your data across devices and maintain backups
• Process Payments: To process subscription payments and manage billing
• Improvements: To analyze usage patterns and improve the Service (using anonymized, aggregated data)
• Communications: To send essential service notifications, security alerts, and support responses
• Marketing: To send promotional communications (only with your consent, and you can opt out anytime)
• Legal Compliance: To comply with legal obligations and protect our rights

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

• Firebase (Google Cloud): For authentication, database storage, and hosting. Data is stored in secure Google Cloud data centers.
• Stripe: For payment processing. Stripe handles all payment data according to PCI-DSS standards.

4.2 Shared Budgets

If you invite others to collaborate on a shared budget, they will be able to view and edit the budget data you share with them. You control who has access to your shared budgets.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent fraud or illegal activities
• Protect the safety of users or the public

4.4 Business Transfers

If Budgly is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your data.

5. Data Storage and Security

5.1 Storage Location

Your data is stored on Firebase (Google Cloud) servers. Data may be processed in various locations where Google operates data centers, including the United States and European Union.

5.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit using TLS/SSL
• Encryption at rest in our database
• Secure authentication via Firebase Auth
• Regular security audits and monitoring
• Access controls limiting employee data access

5.3 Data Breach Response

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable law.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

• Active Accounts: Data is retained indefinitely while your account is active
• Deleted Accounts: After you delete your account, we retain your data for 30 days to allow for recovery, then permanently delete it
• Backups: Data may persist in encrypted backups for up to 90 days after deletion
• Legal Requirements: Some data may be retained longer if required by law (e.g., payment records for tax purposes)

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

7.1 Access and Portability

You can access and export your budget data at any time using the export features in Settings. We support CSV and JSON formats. You can also request a complete copy of your personal data by contacting support.

7.2 Correction

You can update your account information and budget data directly within the app. For other corrections, contact support.

7.3 Deletion

You can delete your account at any time through Settings. This will initiate deletion of all your personal data. For immediate deletion (bypassing the 30-day retention), contact support.

7.4 Marketing Opt-Out

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by updating your preferences in Settings. Note that you will still receive essential service communications.

7.5 GDPR Rights (EEA Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

7.6 California Privacy Rights (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication and session management
• Preference Cookies: Remember your settings and preferences
• Analytics: Help us understand how users interact with the Service (anonymized)

We do not use third-party advertising cookies. You can configure your browser to block cookies, but this may affect your ability to use certain features of the Service.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission for transfers from the EEA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also send you an email notification. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

For EEA residents, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.