privacy policy
Budget Bestie Privacy Policy
Last updated: June 22, 2026
Budget Bestie Corp ("Budget Bestie", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Budget Bestie mobile application (the "App") or visit our website.
Budget Bestie is a manual budgeting app. We do not connect to your bank accounts and we do not ask for bank login credentials. You choose what budgeting, income, expense, goal, subscription, and profile information to enter.
What Data We Collect
Depending on how you use Budget Bestie, we may collect:
- Account and contact information, such as name, email address, user ID, and authentication provider identifiers.
- Budgeting and financial information you manually enter, such as income, expenses, transaction dates, envelope names, savings goals, budget periods, reminders, and subscription state.
- App usage and product interaction data, such as feature usage, screen views, experiment exposure, and actions taken in the App.
- Device, app, and diagnostics data, such as device model, iOS version, app version, crash reports, performance data, request IDs, IP address, and server/network metadata used for security, rate limiting, debugging, and reliability.
- Purchase and subscription information, such as RevenueCat customer identifiers, Apple receipt/subscription metadata, plan type, renewal, refund, cancellation, and billing-state events.
- Website usage data, such as pages viewed, referral information, browser and device information, and analytics events from our website.
- Marketing and attribution data, such as campaign or install attribution identifiers, when those tools are enabled and permitted.
How We Collect Data
You directly provide most App data when you:
- Create or sign in to an account.
- Manually enter budgets, envelopes, income, expenses, and goals.
- Configure reminders, notification preferences, or app settings.
- Purchase, restore, cancel, or change a subscription.
- Contact us, complete a survey, or provide feedback.
We also collect some data automatically when you use the App, access our backend API, or visit our website. This includes diagnostics, usage, security, and server metadata needed to provide and protect the service.
How We Use Data
We use your data to:
- Provide, maintain, and secure the App and backend service.
- Authenticate users and keep accounts, sessions, and API access safe.
- Store and sync your budgeting data, generate budget views, and support migration from our older Firebase/Firestore storage model.
- Send reminders and service-related notifications you request.
- Process subscriptions, purchases, renewals, refunds, and restores.
- Debug issues, monitor reliability, prevent abuse, and rate-limit traffic.
- Analyze usage patterns, run experiments, improve features, and measure product performance.
- Send marketing communications only where you have consented or where permitted by law.
How We Store Data
Budget Bestie now uses a TypeScript backend API with PostgreSQL as the primary app database. We use:
- Neon PostgreSQL, operated by Neon/Databricks, to store primary app account and budgeting data.
- Railway to host the backend API and related infrastructure, including Redis for rate limiting, idempotency, and reliability features.
- Firebase and Google services for authentication, Crashlytics, legacy Firestore migration data, and Firebase Cloud Functions used for RevenueCat webhook handling.
- Cloudflare for DNS, proxying, security, performance, and protection of API and website traffic.
- Axiom and Sentry for backend logs, crash reporting, error monitoring, and operational observability.
We use encryption in transit, provider access controls, and operational safeguards appropriate to the type of data being processed. No internet service can guarantee absolute security, but we work to protect your information from unauthorized access, use, or disclosure.
Third-Party Services and Data Sharing
We use service providers to operate, secure, monitor, and improve Budget Bestie. They process data on our behalf or according to their own terms where applicable:
- Apple: App Store, in-app purchases, subscriptions, and Sign in with Apple.
- Firebase / Google: authentication, Crashlytics, legacy Firestore migration, Cloud Functions, and Google sign-in support.
- Neon / Databricks: PostgreSQL database hosting.
- Railway: backend hosting, Redis, deployment, and infrastructure operations.
- Cloudflare: DNS, proxy, security, performance, and network protection.
- Axiom: backend log storage, search, and observability.
- Sentry: crash, error, diagnostic, and performance monitoring.
- Statsig: product analytics, feature flags, and A/B testing.
- RevenueCat: subscription management, purchase state, and webhook events.
- PostHog: historical analytics and session replay data from prior use.
- Google Tag Manager / Google Analytics: website analytics and page-view measurement for our marketing website.
- Branch: app install attribution and campaign measurement, if enabled.
- TikTok: ad measurement and attribution, if enabled for a campaign or SDK integration.
- Customer.io: marketing email or messaging, if enabled and based on your consent or communication preferences.
Analytics and Experimentation
We use Statsig for product analytics, A/B testing, feature flags, and experimentation. Statsig may process user identifiers, device/app information, feature usage, experiment assignments, and custom events related to app functionality. This helps us understand product behavior, diagnose issues, and improve the App.
Our website may use Google Tag Manager / Google Analytics to understand website traffic and marketing-page performance. Website analytics are separate from the financial data you enter in the App.
Marketing Communications
We may use your personal data to send you marketing communications about our products and services. You will only receive marketing emails if you consent or where otherwise permitted by law. You can unsubscribe at any time by using the opt-out link in those emails or by contacting us at [email protected].
Customer.io is not currently active in the App codebase, but we may use Customer.io or a similar provider for consent-based marketing email or messaging in the future.
Attribution and Advertising Measurement
We may use attribution or advertising measurement tools, including Branch or TikTok, to understand app installs and campaign performance. These tools may process campaign identifiers, device identifiers, product interaction data, or attribution events when enabled and where permitted by your device settings, consent choices, and applicable law.
PostHog Historical Data Retention
Prior to February 2025, we used PostHog for product analytics and session replay. We have transitioned away from PostHog for new app analytics, but historical data collected through PostHog may remain on their platform according to their data retention policies. This may include historical usage analytics, event data, feature flag exposure data, and historical session replay recordings.
Users who want historical PostHog data deleted can contact us at [email protected], and we will coordinate deletion where available.
Data Retention and Deletion
We retain personal data only as long as necessary to provide our services, maintain security and reliability, comply with legal requirements, resolve disputes, and enforce our agreements.
- Active accounts: App data is retained while your account is active.
- Inactive accounts: If your account remains inactive for 24 months, we may notify you by email. If we receive no response within 30 days, your account data may be deleted.
- Deletion requests: You may request data deletion by contacting us at [email protected]. Users can also delete their data by selecting the "Delete all data and account" option in the App's settings.
Some backup, log, security, analytics, purchase, or legal records may be retained for a limited period where needed for security, fraud prevention, compliance, accounting, dispute resolution, or service reliability.
International Data Transfers
Your data may be processed in the United States, Canada, and other countries where we or our service providers operate.
Your Data Protection Rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to certain processing of your personal data. You may also request a portable copy of your data where required by applicable law.
Changes to This Privacy Policy
We may update this policy periodically. Significant changes may be communicated through the App, our website, or by email where appropriate.
Contact Us
If you have questions or privacy requests, contact us at:
Email: [email protected]