Privacy Policy

At BudgetBadger, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance management service. Please read this policy carefully to understand our practices regarding your data.

1. Information We Collect

We collect information that you provide directly to us and information that we obtain through your use of the Service:

1.1 Account Information

• Email address: Required to create and manage your account
• Password: Securely encrypted using bcrypt before storage

1.2 Financial Data

When you connect your financial accounts through Plaid, we collect:

• Account information: Account names, types, and account masks (last 4 digits of account numbers)
• Transaction data: Transaction amounts, dates, merchants, and categories
• Account metadata: Institution names and account identifiers

Note: We use Plaid's Transactions product only. We do not collect or store account balances. The account mask (last 4 digits) is used for display purposes to help you identify your accounts.

1.3 User-Generated Content

• Categories: Custom categories you create and assign to transactions
• Budgets: Budget amounts and goals you set for categories

1.4 Usage and Technical Data

• Device information and browser type
• IP address and location data
• Usage patterns and feature interactions
• Error logs and performance data

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process transactions, generate budgets, create reports, and deliver financial insights
• Improve the Service: Analyze usage patterns, fix bugs, and develop new features
• Ensure Security: Authenticate users, prevent fraud, and protect against unauthorized access
• Communicate with You: Send service-related notifications, respond to inquiries, and provide customer support
• Comply with Legal Obligations: Meet legal requirements, respond to legal requests, and enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your information for advertising purposes or share it with advertisers.

3. Plaid Integration and Data Sharing

BudgetBadger uses Plaid Inc. ("Plaid") to securely connect your financial accounts. When you use Plaid to connect your accounts, the following applies:

3.1 What Data Plaid Collects and Processes

BudgetBadger uses Plaid's Transactions product. Plaid collects and processes the following information from your financial accounts:

• Transaction history (amounts, dates, merchants, categories)
• Account details (account names, types, account masks - last 4 digits)
• Institution information (bank names, account identifiers)
• Identity information (name, address, phone number) from your financial institution, as required for account authentication

Note: Plaid may collect additional information in accordance with their privacy policy, but we only receive and store the data listed above.

3.2 How Plaid Uses Your Data

Plaid uses your data to:

• Authenticate your identity with your financial institution
• Retrieve account and transaction information
• Provide account aggregation services to BudgetBadger
• Maintain the security and integrity of their services

For more information about how Plaid uses your data, please review Plaid's End User Privacy Policy.

3.3 Data Sharing Between BudgetBadger and Plaid

When you connect your accounts through Plaid:

• Plaid shares your account and transaction data with BudgetBadger to provide the Service
• BudgetBadger stores this data securely in our systems
• Plaid maintains its own copy of your data in accordance with their privacy policy
• You can disconnect your accounts from Plaid at any time through your account settings

Plaid operates independently from BudgetBadger and has its own privacy practices. We encourage you to review Plaid's privacy policy to understand how they handle your information.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain your data while your account is active and for a reasonable period thereafter
• Account Deletion: When you delete your account, we will delete or anonymize your personal information, subject to legal retention requirements
• Legal Requirements: We may retain certain information for longer periods as required by law, regulation, or legal process
• Backup Systems: Deleted information may persist in backup systems for a limited time before being permanently deleted

If you request deletion of your data, we will process your request in accordance with applicable law and our data retention policies.

5. Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission is encrypted using HTTPS/TLS. Sensitive data is encrypted at rest in our databases
• Password Security: Passwords are hashed using bcrypt before storage
• Authentication: We use secure token-based authentication (JWT) to protect account access
• Access Controls: Access to your data is restricted to authorized personnel only, and we implement role-based access controls
• Regular Security Audits: We conduct regular security assessments and updates
• Data Isolation: User data is isolated to prevent unauthorized access between accounts
• Admin Access Restrictions: Administrative access to user financial data is restricted in production. Administrators can only access telemetry data (merchant names, categories, patterns) without viewing transaction amounts, exact dates, or user identifiers.

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

6. Your Privacy Rights (CCPA/CPRA)

If you are a California resident or subject to similar privacy laws, you have the following rights regarding your personal information:

6.1 Right to Access

You have the right to request access to the personal information we hold about you. You can request:

• A summary of the categories of personal information we collect
• The specific pieces of personal information we have about you
• Information about how we use and share your data

You can exercise this right by contacting us through our contact page or by using the data export feature in your account settings.

6.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions:

• Information we need to complete a transaction or provide a service you requested
• Information required for legal compliance or to detect security incidents
• Information stored in backup systems (will be deleted when backups are updated)

You can request deletion by contacting us or by using the account deletion feature in your account settings. We will process your request within 30 days, subject to legal requirements.

6.3 Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format. This includes:

• Your account information
• Transaction data
• Category and budget information
• Other data associated with your account

You can request your data export through your account settings or by contacting us. We will provide your data in JSON or CSV format within 30 days of your request.

6.4 How to Exercise Your Rights

To exercise any of these rights, you can:

• Use the privacy controls in your account settings (available in Phase 5 implementation)
• Contact us through our contact page
• Send an email to our support team

We will verify your identity before processing your request to ensure the security of your information. We will respond to your request within 30 days, or as required by applicable law.

We will not discriminate against you for exercising your privacy rights.

7. Third-Party Services

In addition to Plaid, we may use other third-party services to provide and improve the Service:

• Hosting and Infrastructure: We use cloud service providers to host our Service and store your data
• Analytics: We may use analytics services to understand how the Service is used and improve it
• Email Services: We use email service providers to send service-related communications

These third-party services have their own privacy policies. We encourage you to review their policies to understand how they handle your information.

8. Children's Privacy

BudgetBadger is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete that information.

9. International Users

BudgetBadger is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email or through the Service
• Require your acceptance of the updated policy (in accordance with our Terms of Service)

Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us through our contact page.