Skip to content

Privacy

Privacy Notice

Last updated: 4 March 2026

This page explains what data Budgetter processes, why we process it, and the rights you have over your information.

1. Who We Are

  • Budgetter (“we”, “us”) operates the personal finance application at budgetter.app. This notice explains what personal data we collect, how we use it, and your rights under the UK GDPR and the Data Protection Act 2018.

2. Data We Collect

  • Account data: Email address (used for authentication and transactional emails).
  • Financial data you enter: budget amounts and income figures; expense transactions (amount, category, date, payee, description); debt records (balance, interest rate, minimum payment); subscription records (service name, cost, billing cycle, renewal date); savings goals (name, target amount, progress); and scheduled or recurring transactions.
  • App preferences (stored locally in your browser only): currency preference, notification settings, privacy lock timeout, payee-to-category autocomplete mappings, and sort preferences.
  • If you enable Privacy Lock, your 4-digit PIN is stored only on your device in a salted, hashed form (not plaintext). Budgetter does not receive your PIN.
  • Technical data: authentication tokens managed by Supabase, and standard server logs such as IP address and browser type retained by our infrastructure providers.
  • Certain static application resources such as scripts, icons, and interface files may be stored locally on your device by your browser to improve application performance.
  • Financial records and account data are never stored locally by Budgetter and are always retrieved securely from our servers when required.

3. How We Use Your Data

  • Providing the application and storing financial records (contract performance).
  • Sending account emails (verification, password reset) (contract performance).
  • Generating AI financial insights (legitimate interest).
  • Maintaining and improving the service (legitimate interest).
  • Complying with legal obligations (legal obligation).

4. AI Features

  • When using AI features such as AI Coach or Next Move, relevant financial data may be sent to the Google Gemini API to generate personalised insights.
  • We do not use your data to train AI models.
  • Data sent for AI processing is used only to generate responses and is not retained by Budgetter beyond the request.

5. Push Notifications

  • If you opt in to browser push notifications, your browser creates a push subscription containing an endpoint and cryptographic public keys. This subscription is stored so Budgetter can deliver notifications to your device.
  • Push notifications are sent using Web Push with VAPID authentication and encrypted payload delivery.
  • You can disable push notifications at any time in your browser and in Budgetter settings.

6. Data Storage and Security

  • Your financial data is protected using modern security practices.
  • All financial data is stored in a Supabase-hosted PostgreSQL database with Row Level Security (RLS), ensuring users can only access their own records.
  • Data is encrypted in transit using TLS.
  • Data is encrypted at rest within our database infrastructure.
  • Authentication is handled through Supabase Auth.
  • Transactional emails are delivered via Resend.
  • Budgetter uses service workers and progressive web application technologies to cache selected static resources such as icons, images, fonts, and interface assets in order to improve performance and reliability.
  • These cached files do not contain personal financial information.
  • Financial data, transaction records, balances, and account information are never cached locally and are always retrieved securely from our servers.

7. Data Retention

  • We retain your personal and financial data for as long as your account remains active.
  • If you delete your account, your personal and financial data will be permanently deleted within 30 days, except where we are legally required to retain certain information.

8. Third-Party Processors

  • Supabase: database and authentication (EU / US).
  • Google (Gemini API): AI insights processing (US).
  • Resend: transactional email delivery (US).
  • Upstash Redis (if enabled): API rate-limiting counters for abuse prevention.
  • Where data is transferred outside the UK or EU, appropriate safeguards such as Standard Contractual Clauses are used. Budgetter does not sell user data.

9. Your Rights

  • Under UK GDPR you have the right to access your personal data, correct inaccurate information, request deletion of your data, restrict or object to certain processing, receive a copy of your data (data portability), and withdraw consent where processing relies on consent.
  • To exercise these rights, contact hello@budgetter.app.

10. Cookies

  • Budgetter does not use tracking or advertising cookies. Authentication session cookies are used solely to keep users logged into their accounts.

11. Children

  • Budgetter is not intended for individuals under the age of 18, and we do not knowingly collect personal data from minors.

12. Changes to This Notice

  • We may update this Privacy Notice from time to time. Where significant changes occur, we may notify users via email or in-app notice.

13. Complaints

  • If you have concerns about how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters: ico.org.uk.

14. Contact

  • Email: hello@budgetter.app · Website: budgetter.app.

Questions? Reach us at hello@budgetter.app.

Security page Terms & Conditions