Privacy Policy
Last updated: April 8, 2026
1. Information We Collect
We collect information you provide directly, including your email address, display name, and monthly income. We also collect financial data through your connected bank accounts, including transaction history, account balances, and institution names. This data is necessary to provide our budgeting and AI coaching features.
2. How We Use Your Information
We use your information to provide the Budgetlator service, including syncing transactions, generating AI insights and recommendations, sending budget alerts, and creating monthly financial reports. We use AI models to analyze your spending patterns and generate personalized advice. Your data is never used to train external AI models.
3. Data Shared with Third Parties
We work with the following third-party services to deliver Budgetlator: • Plaid Technologies, Inc. — used to connect your bank accounts and sync transactions. Plaid handles your banking credentials directly and we never receive or store them. See Plaid’s privacy policy at plaid.com/legal. • Supabase — our database and authentication provider. Your data is stored in a PostgreSQL database hosted by Supabase in the US East region. See supabase.com/privacy. • Google AdMob (iOS app only) — used to serve ads in the free version of the iOS app. AdMob may collect device identifiers for ad personalization. See Google’s privacy policy. • xAI (AI Provider) — your financial context is sent to Grok AI models to generate insights and responses. Context is limited to aggregate financial data and is not associated with your identity.
4. User Consent
AI features require explicit consent. You can enable or disable AI data sharing at any time in Settings. Disabling AI sharing will turn off spending alerts, insights, cash flow forecasting, and the AI Coach. Your transaction data will still be synced and budgets will still function.
5. Data Storage and Location
All user data is stored in a Supabase PostgreSQL database located in the US East (Ohio) region. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Row-level security policies ensure that each user can only access their own data.
6. Data Security
We implement industry-standard security measures including encrypted storage, secure HTTPS connections, JWT-based authentication with automatic token refresh, and strict row-level security on all database tables. Bank credentials are never stored — only Plaid access tokens that allow read-only transaction access.
7. Data Retention
We retain your data for as long as your account is active. You can delete your account at any time from Settings > Delete Account. Account deletion permanently removes all associated data including transactions, budgets, chat history, and linked accounts within 24 hours.
8. Your Rights
You have the right to access, correct, or delete your personal data at any time. You can export your transaction data as CSV from the Transactions screen. To request a full data export or deletion, contact us at support@aspen-bytes.com.
9. Children's Privacy
Budgetlator is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the app. Your continued use of Budgetlator after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
For privacy questions or requests, contact us at: Aspen Bytes Email: support@aspen-bytes.com Website: budgetlator.com