Privacy Policy

Last Updated: 15 January 2026

1. Who We Are

This Privacy Policy explains how Within Budget (the "App") processes information when you use the App. For GDPR purposes, the "controller" is the developer/publisher of Within Budget. If you have questions or want to exercise your rights, contact us via Settings → Send Feedback, or visit withinbudget.app.

2. Scope

This policy applies to the App and related services we operate to provide features like sign-in, cloud sync, family sharing, subscriptions, analytics, and crash reporting. Third-party services may have their own privacy policies (see Section 6).

3. Information We Process

We process the following categories of information:

Data you enter in the App: accounts, transactions, categories, budgets, goals, income streams, tags, notes, and related preferences.
Account and authentication data (if you enable sign-in/sync): identifiers from our auth provider (Supabase) and, if you use Apple/Google Sign-In, the identifiers those providers share with us (subject to your settings).
Sync and family data (if you enable sync/family sharing): membership relationships, invitations, and shared budget data you choose to share with other family members.
Subscription and purchase data (if you subscribe): subscription status and purchase/receipt metadata processed via RevenueCat and the Apple App Store / Google Play.
Device and app data: device model, OS version, language/locale, app version, and diagnostic identifiers needed to run the service and troubleshoot issues.
Usage and product analytics (where enabled): interaction events such as which screens are viewed and which features are used; we design analytics to avoid collecting your financial amounts and detailed transaction content.
Crash, performance, and diagnostics: crash reports, performance metrics, and related context to help us identify and fix bugs.
Support communications: messages you send via in-app feedback and the context included with them (e.g., app version and platform).

We do not ask for or store your banking credentials. The App is designed for manual entry rather than direct bank connections.

4. Why We Process Information (Purposes & Legal Bases)

If you are in the EEA/UK (or where GDPR-style laws apply), we process personal data under the following legal bases:

Contract (Art. 6(1)(b)): to provide the App features you request, including storing and displaying your data, syncing across devices, and enabling family sharing when you choose it.
Legitimate interests (Art. 6(1)(f)): to maintain, secure, and improve the App (e.g., preventing abuse, diagnosing crashes, improving reliability). We balance these interests against your rights.
Consent (Art. 6(1)(a)): where required for certain analytics or similar technologies; you can withdraw consent at any time through your device settings or other available controls.
Legal obligation (Art. 6(1)(c)): to comply with applicable laws (e.g., tax/accounting obligations for our business, responding to lawful requests).

We do not use your data for targeted advertising, and we do not sell your personal data.

5. Where Your Data Is Stored

Within Budget is offline-first. Most functionality works on-device. If you enable sign-in and cloud sync, your data is stored and processed on third-party infrastructure to provide syncing, account management, and family sharing across devices.

6. Sharing & Third-Party Services

We share information only as needed to operate the App:

Supabase (authentication, database, and sync infrastructure).
PostHog (analytics and product improvement tooling).
Sentry (crash reporting, performance monitoring, and support/feedback tooling).
RevenueCat (subscription management) and the Apple App Store / Google Play for purchases and renewals.
Apple Sign-In and Google Sign-In (if you choose those sign-in methods).
Family members you invite or join (shared budgets and related data are visible to participants, depending on your family setup).
Authorities or other parties where required by law, or to protect rights, safety, and prevent fraud or abuse.

Third-party providers act as our processors/service providers where applicable. Their processing is subject to their own terms and privacy policies.

7. International Transfers

Some service providers may process data outside your country (including outside the EEA/UK). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

8. Retention

On-device data: remains on your device until you delete it (e.g., by using in-app deletion features, clearing app storage, or uninstalling the App).
Cloud/sync data: retained while your account remains active and deleted when you delete your account, subject to limited retention for legal, security, and backup purposes where permitted by law.
Diagnostics and support data: retained for as long as needed to address issues, comply with legal obligations, and maintain the service.

9. Your Rights (GDPR)

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, and to data portability. You can:

Export your data: Settings → Export Data (CSV export).
Delete your data: Settings → Delete Account (deletes your account and associated data, including synced data when applicable).
Request help: Settings → Send Feedback (privacy requests, questions, or issues).

If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement reasonable administrative and technical measures intended to protect information from loss, misuse, and unauthorized access. No system is completely secure, and you use the App at your own risk. You are responsible for keeping your device secure and controlling access to your account and family sharing features.

11. Children's Privacy

The App is not directed to children under 16 in the EEA/UK (or under 13 in other jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

12. Changes

We may update this Privacy Policy from time to time. The updated version will be made available in the App and/or at withinbudget.app/privacy.