We believe privacy is a right, not a feature. Here is exactly what data we collect, how we use it, and how we protect it.
Last updated: March 15, 2026
No data selling
We never sell or share your data with advertisers or third parties.
Encrypted at rest
All your data is encrypted using AES-256 and TLS in transit.
Delete anytime
Request full account and data deletion at any time, no questions asked.
Table of Contents
Account Information
When you create an account, we collect your email address and a securely hashed password. We do not collect your full name, phone number, or any government-issued ID unless you voluntarily provide it.
Financial Data You Enter
All financial data — transactions, accounts, categories, budgets, and workspaces — is entered by you. We store this data solely to provide the service to you. We do not access, read, or analyse your financial data for any commercial purpose.
Usage Data
We may collect anonymous usage data such as pages visited, features used, and error logs. This data is used only to improve the application and is never linked to your identity.
Device & Technical Information
We collect standard technical information such as browser type, operating system, and IP address for security monitoring and abuse prevention.
Note: We will never use your data for advertising, sell it to third parties, or share it with partners for marketing purposes.
Where your data is stored
Your data is stored in Supabase (PostgreSQL), hosted on AWS in the eu-west-1 (Ireland) region. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
Authentication
Authentication is handled by Supabase Auth using industry-standard JWT tokens. Passwords are never stored in plain text — they are hashed using bcrypt.
Access controls
Your workspaces and financial data are protected by Row-Level Security (RLS) policies at the database level. No other user can access your data.
We do not sell your data
We do not sell, rent, or trade your personal information to any third party, ever.
Service providers
We use the following sub-processors solely to operate the service: Supabase (database & auth), Railway (API hosting). These providers are contractually bound to protect your data and may not use it for their own purposes.
Legal requirements
We may disclose your information if required to do so by law or in response to valid requests from public authorities (e.g. a court order).
Note: To exercise any of these rights, contact us at privacy@budgetmanager.app. We will respond within 30 days.
We retain your data for as long as your account is active. If you delete your account, all personal data and financial records are permanently deleted within 30 days. Anonymised, aggregated statistics may be retained indefinitely.
Budget Manager is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, if the changes are significant, notify you by email. Continued use of the service after any change constitutes acceptance of the new policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please contact us:
Our support team is happy to help with any privacy-related concerns.