Privacy Policy

Effective Date: April 1, 2026

1. What This Policy Covers

This Privacy Policy describes how Budgley Software LLC ("Budgley," "we," "our," or "us"), a company based in Minnesota, collects, uses, and protects information about you when you use the Budgley web application and website (collectively, the "Service").

By using the Service, you agree to the practices described in this policy. If you don't agree, please don't use the Service.

2. Information We Collect

We collect only what we need to operate and improve the Service:

• Account information: When you create an account, we collect your email address, your name (if provided), and a hashed password. If you sign in with Google, we receive your name and email from Google's authentication system.
• Budget and expense data: All budget categories, amounts, expense entries, and financial goals you create in the app are stored in your account. This is your data — you control it entirely.
• Usage and analytics data: We collect anonymized data about how you use the Service — which features you use, how often you log in, and general interaction patterns. This is collected via Google Analytics (GA4) and Firebase Analytics. This data helps us understand what's working and what to improve.

3. Information We Don't Collect

We want to be direct about what we don't do:

• No bank credentials, ever. Budgley never asks for, stores, or has access to your bank username, password, or login credentials of any kind.
• No retained bank statement data. When you use the weekly true-up feature to upload or paste a bank statement, that data is processed in your browser session to identify unlogged transactions. It is immediately discarded once processing is complete — it is never transmitted to our servers, never indexed, and never stored.

4. How Your Data Is Stored

Your account and budget data is stored in Google Firebase Firestore, a cloud database provided by Google LLC. Firebase uses industry-standard encryption both at rest (AES-256) and in transit (TLS). Firebase infrastructure complies with SOC 2, ISO 27001, and other security standards.

Our Firestore security rules ensure that each user can only access their own data, or data from accounts they've been explicitly granted access to via the shared budget invite system.

5. How We Use Your Data

We use the information we collect to:

• Operate and provide the Service — authenticate your account, store your budgets, and sync data across your devices.
• Improve the product — analyze usage patterns (in aggregate and anonymized form) to understand which features are valuable and where the app can be better.
• Send transactional emails — including trial reminder emails before your free trial ends and subscription billing notices. We don't send marketing emails unless you opt in.
• Provide customer support — if you contact us, we use your information to respond.

6. Data Sharing

We don't sell, rent, or trade your personal information. Period.

We share data only in these limited circumstances:

• Google Firebase: As our infrastructure provider. Google processes your data on our behalf under their data processing terms.
• Payment processor: We use a third-party payment processor (such as Stripe) to handle subscription billing. We share only what's necessary for billing — your name and payment details. We never store full payment card numbers ourselves.
• Legal obligations: If required by law, court order, or valid legal process, we may disclose information. We'll notify you when permitted by law.

7. Shared Budget Access

If you choose to share your budget with another person using our invite code feature, that person will be able to view and edit the same budget data you see. You control who you invite. You can revoke shared access at any time from your account settings. Budgley does not share your data with other users without your explicit action of generating and sharing an invite code.

8. Cookies

We use a minimal number of cookies:

• Authentication cookies: Required to keep you logged in. These are session cookies managed by Firebase Authentication.
• Analytics cookies: Used by Google Analytics to collect anonymous usage data. You can opt out by using browser settings or a GA opt-out extension.

We do not use advertising cookies, tracking pixels, or any third-party ad network cookies.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal information and all associated budget data within 30 days. Anonymized, aggregated analytics data may be retained indefinitely as it cannot be traced back to you.

10. Your Rights

You have control over your data. At any time, you can:

• Export your data from your account settings.
• Request deletion of your account and all associated data by emailing us at info@budgley.com or using the in-app account deletion feature.
• Close your account anytime from your account settings — no phone calls required.

If you are located in the EU, UK, or California, you may have additional rights under GDPR or CCPA. Contact us at info@budgley.com and we'll respond within 30 days.

11. Children

Budgley is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you by email (using the address on your account) at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

We'll always keep the previous version available if you want to compare.

13. Contact

Questions about this policy, your data, or a request for deletion? Reach us at info@budgley.com. We respond to all privacy inquiries within 5 business days.

14. Effective Date

This Privacy Policy is effective as of April 1, 2026.