BudgetAppLog In

Privacy Policy

Last updated: March 28, 2026

1. Data Controller

The data controller responsible for your personal data is [Your Company Name], reachable at [contact@example.com]. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

2. Data We Collect

We collect the following categories of personal data: (a) Account data — your email address and account creation date, provided directly by you during registration; (b) Financial data — budgets, expenses, subscriptions, and categories that you voluntarily enter into the Service; (c) Usage data — log data such as IP address, browser type, and pages visited, collected automatically; (d) Payment data — billing information processed by our payment processor, Paddle; we do not store full card details on our servers.

3. How We Use Your Data

We use your personal data to: (a) provide and maintain the Service; (b) manage your account and authenticate your identity; (c) process payments and manage subscriptions; (d) send transactional communications (account verification, password reset, billing receipts); (e) improve the Service through aggregated, anonymised analytics; (f) comply with legal obligations.

4. Legal Basis for Processing

We process your personal data under the following legal bases: (a) Performance of a contract (Art. 6(1)(b) GDPR) — processing necessary to provide the Service you have subscribed to; (b) Legitimate interest (Art. 6(1)(f) GDPR) — improving the Service, ensuring security, and preventing fraud; (c) Legal obligation (Art. 6(1)(c) GDPR) — compliance with applicable laws; (d) Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent, which you may withdraw at any time.

5. Data Sharing

We do not sell your personal data. We share data only with: (a) Paddle — our payment processor, for billing and subscription management (Paddle acts as merchant of record); (b) Hosting infrastructure providers — for operating and maintaining the Service; (c) Legal authorities — if required by law or court order. All third-party processors are contractually bound to protect your data in accordance with GDPR.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g., billing records retained for 5 years for tax compliance purposes).

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data: (a) Right of access — request a copy of the data we hold about you; (b) Right to rectification — request correction of inaccurate data; (c) Right to erasure — request deletion of your data ("right to be forgotten"); (d) Right to data portability — receive your data in a structured, machine-readable format; (e) Right to restriction — request that we limit how we use your data; (f) Right to object — object to processing based on legitimate interest; (g) Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing. To exercise any of these rights, contact us at [contact@example.com].

8. Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw. In other EU member states, contact the relevant national authority.

9. Cookies and Local Storage

The Service uses authentication cookies strictly necessary for logging you in and maintaining your session. We do not use third-party advertising cookies. We may use local storage for user interface preferences (e.g., selected currency). No consent is required for strictly necessary cookies; other storage is disclosed here as required by the ePrivacy Directive.

10. International Data Transfers

Your data may be processed by our hosting and payment providers in data centres outside the European Economic Area (EEA). Where such transfers occur, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at: [Your Company Name], [contact@example.com].