Privacy Policy

BudgetBuddy is built with privacy as a core principle, not an afterthought. Your financial data is some of the most sensitive information in your life, and we treat it that way.

BudgetBuddy is designed to avoid third-party tracking. We do not use:

• Tracking cookies - including advertising or cross-site tracking cookies
• Analytics scripts - including Google Analytics, Mixpanel, or similar services
• Advertising trackers - including ad networks, retargeting pixels, or conversion pixels
• Fingerprinting - including browser, device, or canvas fingerprinting

You can review network activity in your browser's developer tools to confirm that BudgetBuddy does not send requests to tracking or advertising services.

BudgetBuddy uses signed-in Buddy Cloud protection for real budgets. The no-account demo and any continued browser-only use rely on browser storage.

• Signed in: Buddy Cloud is the default protection path. Your budget is encrypted on your device before upload, then stored as an encrypted vault.
• No-account demo: Demo mode uses sample data only for a temporary 5-minute session.
• Browser-only local use: If you keep using a browser budget without signing in, budget data stays only in that browser's localStorage.
• No servers store readable financial information, transactions, balances, budgets, categories, descriptions, notes, or amounts.

Note on browser-only budgets: Clearing browser data, site data, storage, or using privacy-cleanup tools can remove a browser-only budget. BudgetBuddy cannot recover browser-only budgets after browser/device storage is lost. Signing in uses Buddy Cloud as the default encrypted backup path.

Buddy Cloud is the default protection path for signed-in BudgetBuddy accounts. Free Tier includes two active Buddy Cloud sync slots for browser sync. Premium adds Multi-Device Sync Plus for unlimited active browser sync.

• Enabled by signing in: Signing in means BudgetBuddy will use Buddy Cloud to protect your budget by default. The public no-account path is a 5-minute sample demo. If you continue using an existing browser-only budget, it has no recovery support if local storage is lost.
• Encrypted before upload: Your budget is encrypted on your device before it leaves. The server stores encrypted blobs, not readable transactions, balances, budgets, categories, descriptions, notes, or amounts.
• Encrypted version history: If you use Cloud Version History, BudgetBuddy stores encrypted vault snapshots so you can restore a previous budget version. Free accounts keep the newest encrypted safety snapshot. Premium accounts keep the newest 10 encrypted snapshots. Snapshot contents are encrypted client-side before storage. Associated metadata may include snapshot timestamps, schema/encryption version, checksum, and restore/sync status text.
• Recovery key required: Your Buddy Cloud recovery key decrypts your cloud budget on another device. Store it somewhere safe. If you lose this key and no signed-in device still has access, we cannot recover or decrypt your synced budget for you.
• Minimal sync metadata: To enforce the Free Tier sync slot limit, we store opaque hashes of locally generated sync slot tokens and sync slot timestamps. We do not store device names, user agents, IP-derived locations, or readable budget data for this feature.
• Device management metadata: If you use Account > Devices, BudgetBuddy keeps privacy-minimal browser access records so you can revoke known browsers and release unmatched Free Tier sync slots. Old unmatched sync slots may be released automatically after 2 hours. These records contain opaque browser hashes, timestamps, and an optional link to an existing opaque Buddy Cloud sync slot hash. The sync slot link duplicates the same privacy-minimal sync slot hash already used for Free Tier slot accounting; it is not a new device identifier. These records do not contain device names, browser user agents, IP-derived locations, transaction data, balances, budgets, categories, descriptions, notes, amounts, or recovery keys.
• You control it: You can try the 5-minute demo, export your data, sign out and clear this browser, keep using an existing browser-only budget without recovery support, or reset Buddy Cloud for your account.

BudgetBuddy uses minimal third-party services. Here is the complete list:

• Authentication and account services (Supabase Auth, Google OAuth, and email magic links) - These services verify your identity and support signed-in sessions. Apple sign-in is visible as paused until demand justifies enabling it.
• Hosting and cloud infrastructure (Cloudflare and Supabase) - These providers host the app and store encrypted Buddy Cloud data on our behalf. They cannot read your budget because it is encrypted before it reaches their servers.
• Payments (Stripe) - Payments are processed by Stripe. BudgetBuddy does not receive or store full card numbers. Stripe receives payment, device, fraud-prevention, and checkout data under Stripe's privacy and legal terms.

Our infrastructure and payment providers may be subject to U.S. federal, state, local, or other lawful requests, including legal process such as subpoenas or court orders. If legally required, the information available to provide would be limited to account, billing, operational metadata, encrypted vault data, and encrypted version-history snapshots if present. BudgetBuddy does not hold your Buddy Cloud recovery key and cannot decrypt your synced budget contents.

We will never:

• Sell your data to anyone, for any reason
• Share your data with advertisers or data brokers
• Allow third parties to access your decrypted information
• Use your data to train AI models or machine learning systems

You have the right to:

• Access - View all data stored in the app at any time (it's your data)
• Export - Download transaction data with CSV export
• Delete - Clear your data locally or reset your encrypted Buddy Cloud vault
• Try before signing in - Use the 5-minute sample demo, or keep using an existing browser-only budget with no recovery support if local browser storage is lost
• Leave - Stop using BudgetBuddy, clear this browser, reset Buddy Cloud, or contact support for account/data questions

We don't make any of this difficult. No phone trees, no "please allow 30 days," no retention periods. Your data, your decision.

We take security seriously, even though we hold minimal data:

• All data in transit is protected with TLS/HTTPS encryption
• Cloud-synced data is encrypted end-to-end before leaving your device
• Authentication credentials are never stored in plain text
• We follow industry-standard security practices

That said, no system is perfectly secure. We encourage you to:

• Use a strong, unique password for your account
• Keep your device locked with a PIN, password, or biometric
• Clear browser data on shared or public devices
• Export regular backups of your financial data

BudgetBuddy is not intended for children under 13. We do not knowingly collect data from minors. If we learn that a child under 13 has created an account, we will delete it promptly.

BudgetBuddy is designed around user control, exportability, deletion, and minimal data collection. Privacy laws vary by location, so this policy describes the rights and controls BudgetBuddy makes available to all users rather than promising legal compliance in every jurisdiction without review.

We may update this policy as the app evolves, especially while Buddy Cloud, billing, and beta support paths are being tested. When we do:

• We will notify you clearly within the app
• We will update the "Last updated" date at the top of this page
• Material changes will require your explicit consent before taking effect
• We will never quietly weaken your privacy protections

Privacy shouldn't be confusing. If anything in this policy is unclear, or if you have concerns about how your data is handled, please reach out: