Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how Budgetmonger ("Budgetmonger," "we," "our," or "us") collects, uses, and protects your information when you use the Budgetmonger iPhone app and related services (the "Service"). Budgetmonger is currently developed for personal use and is not generally available to the public.

1. Information we collect

Information you provide

• Account information: email address and password (stored as a salted hash by our authentication provider, Firebase Authentication).
• Two-factor verification: short-lived hashed codes used to verify sign-ins, and a trusted-device token stored in your device's Keychain for up to 30 days.
• Contact form submissions: name, email, and message contents you send us through the contact form on this website.

Information from your financial institutions, via Plaid

To connect your accounts, the Service uses Plaid Inc. ("Plaid"). When you link an account, Plaid handles authentication directly with your bank. We receive read-only access from Plaid to:

• account metadata (institution name, account name, type, mask, currency)
• balances
• transactions (date, amount, merchant, category)

We do not receive or store your bank login credentials. Plaid's handling of your credentials and other information is governed by Plaid's End User Privacy Policy.

Information collected automatically

• Device and diagnostic data: minimal logging from Firebase Authentication and Cloud Functions (e.g., request timestamps, IP address) used to operate and secure the Service.
• This website: Firebase Hosting access logs and Cloudflare Turnstile (used as a captcha on the contact form). Turnstile is designed to avoid tracking users across sites.

2. How we use information

• to provide, maintain, and improve the Service;
• to authenticate you and prevent unauthorized access;
• to display your accounts, balances, transactions, and budgets to you;
• to send transactional emails (verification codes, security notices);
• to respond to contact-form messages or support requests;
• to comply with legal obligations.

We do not sell, rent, or share your financial data with advertisers. We do not use your financial data to train machine-learning models for third parties.

3. Service providers (sub-processors)

The following providers process data on our behalf:

• Google Firebase (Authentication, Firestore, Cloud Functions, Hosting) — application backend and storage.
• Plaid Inc. — financial-account connectivity.
• Resend — transactional email delivery (verification codes, contact-form replies).
• Cloudflare — Turnstile captcha on the contact form.

4. Data storage and security

Application data is stored in Google Firebase (United States), encrypted at rest. Access is restricted by Firestore security rules so that data is only readable by the authenticated owner. All network traffic is encrypted in transit using TLS. Trusted-device tokens are stored in the iPhone's hardware-backed Keychain. Plaid access tokens are stored in Firebase and never embedded in the iOS app.

5. Data retention

We retain your account and financial data for as long as your account is active. You may delete your account at any time from within the app or by emailing ; when you do, we delete your application data, revoke Plaid access tokens, and instruct sub-processors to delete copies they hold for us. Some logs may persist for a limited period for security and audit purposes.

6. Your rights

Subject to applicable law, you may have the right to:

• access the personal information we hold about you;
• correct inaccurate information;
• delete your account and associated data;
• export a copy of your data in a portable format;
• withdraw consent (e.g., disconnect a linked institution).

To exercise these rights, email .

7. Children

The Service is not directed to, and we do not knowingly collect data from, children under 13. If you believe a child has provided us information, contact us and we will delete it.

8. International users

The Service is operated from the United States. By using it, you consent to the transfer and processing of your information in the United States, which may have data-protection laws different from those in your country.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date and, where appropriate, communicated to you by email or in-app notice.

10. Contact

Questions about this Privacy Policy or our data practices? Email .