BudgetVibeBudgetVibe← Back to Home

Privacy Policy

Last updated: February 16, 2026

1. Introduction

BudgetVibe ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use our personal finance management platform (the "Service").

By using BudgetVibe, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account via Google OAuth, we receive and store:

  • Your name and email address
  • Google profile picture URL
  • A unique identifier from your Google account

2.2 Financial Data

When you connect bank accounts through our banking providers (Teller and Plaid), we access and store:

  • Account names, types, and masked account numbers
  • Transaction history (descriptions, amounts, dates, categories)
  • Account balances
  • Investment holdings and security information

We never receive or store your bank login credentials. Authentication is handled entirely by Teller and Plaid through their secure connection flows.

2.3 User-Generated Data

Information you create within the Service, including:

  • Budgets, spending plans, and financial goals
  • Manual transactions and notes
  • Categorization rules and preferences
  • Asset and liability entries for net worth tracking
  • Uploaded receipts and documents

2.4 Usage and Device Data

  • Device type, browser, and operating system
  • IP address and approximate location (for session security)
  • Feature usage patterns (which pages and features you use)
  • Session timestamps and duration

3. How We Use Your Information

We use your information exclusively to:

  • Provide the Service: Sync bank transactions, display balances, and manage your financial data
  • AI-powered features: Categorize transactions, detect recurring patterns, generate cash flow forecasts, and provide smart alerts
  • Security: Detect unauthorized access, manage sessions, and protect your account
  • Communication: Send transaction alerts, budget notifications, and critical account security emails
  • Improvement: Analyze aggregated, anonymized usage patterns to improve the Service

4. Data Security

We employ multiple layers of security to protect your data:

  • Encryption at rest: All sensitive data is encrypted using Google Cloud KMS (Key Management Service) with envelope encryption. Each user has a unique Data Encryption Key (DEK) that is itself encrypted by a master key managed by Google Cloud KMS.
  • Row-Level Security (RLS): Database-level isolation ensures that queries can only access data belonging to the authenticated user. Even in the event of an application-level vulnerability, your data remains physically isolated.
  • Encryption in transit: All connections use TLS/SSL (256-bit encryption) to protect data between your device and our servers.
  • Bank token security: Access tokens for your bank connections are encrypted at rest and never exposed to client-side code.
  • Rate limiting: All sensitive API endpoints are rate-limited to prevent abuse and brute-force attacks.
  • Security event logging: All authentication events, permission changes, and sensitive operations are logged for audit purposes.

5. AI Processing & Privacy

BudgetVibe uses AI models for transaction categorization, recurring pattern detection, and cash flow forecasting. Here is how we protect your privacy during AI processing:

  • PII redaction: Before any data is sent to AI providers, all personally identifiable information (names, account numbers, email addresses) is automatically stripped from the request.
  • Minimal data sharing: Only the minimum data required for the AI task is sent (e.g., transaction descriptions and amounts for categorization).
  • Zero data retention: All AI models we use are accessed through OpenRouter with a zero data retention policy. Your data is not stored, logged, or used for training by the AI providers. Requests are processed in real time and immediately discarded — no prompts, responses, or financial data are retained by the model providers.
  • User control: You can disable individual AI features (auto-categorization, recurring detection, receipt scanning) at any time from your settings.

6. Third-Party Services

We use the following third-party services to operate BudgetVibe:

  • Teller & Plaid: Bank account connectivity and transaction syncing. These providers have their own privacy policies and are certified to handle financial data securely.
  • Google OAuth: Authentication and account creation. We only receive your name, email, and profile picture.
  • OpenRouter: AI model access for categorization and insights. All models are configured with a zero data retention policy — no prompts or responses are stored or used for training. No PII is sent to these models.
  • Stripe: Payment processing for subscriptions. We do not store your payment card details; Stripe handles all payment information directly.
  • Google Cloud Platform: Infrastructure hosting, encryption key management (KMS), and security logging.

7. What We Never Do

We commit to never:

  • Sell your personal or financial data to any third party
  • Share your data with advertisers or marketing companies
  • Display ads within the Service
  • Store unencrypted sensitive financial information
  • Send personally identifiable information to AI providers
  • Access your bank login credentials (we never have them)
  • Share your data with other BudgetVibe users without your explicit consent

8. Data Retention

  • Active accounts: Your data is retained for as long as your account is active and you maintain an active subscription.
  • Account deletion: When you delete your account, all personal data, financial data, and associated encryption keys are permanently purged within 30 days.
  • Bank disconnection: When you disconnect a bank account, the access token is immediately revoked with the banking provider and deleted from our systems.
  • Inactive accounts: Accounts that have been inactive for 12 months may be subject to data cleanup after prior notification.

9. Your Rights

You have the right to:

  • Access: View all data we hold about you at any time through the app
  • Export: Download your data in CSV, Excel, or PDF formats
  • Correction: Update or correct any inaccurate information
  • Deletion: Delete your account and all associated data
  • Revocation: Disconnect bank accounts and revoke data access at any time
  • AI opt-out: Disable individual AI features from your settings
  • Notification control: Manage email and in-app notification preferences

10. Children's Privacy

BudgetVibe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and display a notice within the app. Your continued use of BudgetVibe after such changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@budgetvibe.com