Privacy Policy

BudgetThrow is built with privacy as a core principle. We believe you should be able to manage your budget without sharing your bank credentials or personal financial data with third parties.

We do not require bank login credentials. All financial data you enter is yours, stored securely, and never sold to third parties.

Account Information:

• Email address (for account creation and recovery)
• Display name (optional, for personalization)

Financial Data You Enter:

• Account balances you manually enter
• Bills and expenses you create
• Income amounts and pay schedules
• Savings goals you set

App Usage Data:

• Pseudonymized analytics (app opens, feature usage)
• Crash reports to improve app stability
• Device type and operating system version

Your financial data is encrypted at rest using AES-256-GCM with Argon2id key derivation. This means:

• Your email, bill names, bill amounts, budget names, and savings goal names + target amounts + contribution amounts are encrypted before storage
• Some operational data is intentionally stored unencrypted to enable functionality: due dates, payment status (paid/pending), and group membership / role (Owner / Admin / Viewer)
• Data is encrypted in transit using TLS/SSL
• Authentication tokens are stored in your device's secure storage (iOS Keychain or Android EncryptedSharedPreferences)
• App Check verifies that requests to our backend come from a genuine copy of the app
• We use secure cloud infrastructure (Firebase/Google Cloud)

This is field-level encryption at rest. It protects against an unauthenticated database breach. If you share a budget with someone, they can see the data in that shared budget — that's the intended behavior of sharing.

If you enable App Lock, the app uses Face ID, Touch ID, or your device passcode to gate entry. Biometric templates never leave your device.

• We never require your bank login credentials
• We never sell your personal data to third parties
• We never share your financial information with advertisers
• We never access your actual bank accounts

We use the following third-party services:

• Firebase (Google): Authentication, encrypted data storage, App Check (device-integrity attestation on requests to our backend), crash reporting (Crashlytics), and pseudonymized usage analytics (Firebase Analytics; IDFA disabled)
• RevenueCat: Subscription management (no financial data shared)
• Sentry: Crash reports and diagnostic breadcrumbs to improve app stability. We scrub potentially identifying data (emails, free-text input, financial values) before reports are sent.
• Apple App Store: Payment processing for subscriptions, push notifications, and DeviceCheck attestation

These services have their own privacy policies. We only share the minimum data necessary for these services to function.

Your data is retained as long as you have an active account. If you delete your account:

• All your personal data is permanently deleted from our systems
• Shared budgets you created are deleted for all members
• You are removed from shared budgets you didn't create
• Anonymized analytics data may be retained
• This process is irreversible

Crash reports are retained for 90 days. Push notification tokens are retained until you disable notifications or delete your account.

You have the right to:

• Access your data at any time through the app
• Export your data in a readable format
• Delete your account and all associated data
• Opt out of analytics collection (contact us)

BudgetThrow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

We may update this privacy policy from time to time. We will notify you of any significant changes through the app or via email.

If you have any questions about this Privacy Policy or how we handle your data, please contact us: