Privacy Policy

We collect information in three ways: information you give us, information collected automatically, and information obtained from third parties.

a. Information you provide

• Account information: name, email address, phone number, date of birth, password (stored as a salted hash), and profile photo.
• Identity verification: information needed to verify your identity (KYC) where required by law or our financial partners, such as government ID details and address.
• Financial information: budgets, goals, categories, transactions, recurring bills, and any notes or labels you add inside the app.
• Linked-account information: when you connect a bank or financial account through our aggregator (Mono), we receive account metadata (institution name, account type, masked account number), balances, and transaction history. We do not see or store your online banking credentials.
• Content and uploads: photos, receipts, attachments, and other content you upload in the app (for example, a profile picture or a transaction receipt).
• Communications: messages, support tickets, waitlist submissions, and any information you include when you contact us.

b. Information collected automatically

• Device information: device model, operating system and version, language, timezone, unique device identifiers, app version, install ID, and crash logs.
• Usage information: pages and screens viewed, features used, button taps, session duration, referrer, and approximate location derived from your IP address.
• Cookies and similar technologies on the website (for session management, preferences, and analytics) and mobile SDK identifiers inside the app (for analytics, crash reporting, and push notifications).
• Authentication and security signals such as login timestamps, IP address, device fingerprint, and biometric verification result (the underlying biometric data never leaves your device — see Section 6).

c. Information from third parties

• Single sign-on (SSO) providers such as Google and Apple, when you choose to sign in with them. We receive a unique ID, your name, email, and (if available) profile photo.
• Financial aggregators such as Mono, which return data you authorise us to access about your connected accounts.
• Service providers that help us run authentication, push notifications, analytics, and customer support.

We use information to:

• Provide and operate the Services — for example, create and secure your account, sync your budgets and transactions across your devices, and surface your financial insights.
• Connect and refresh your linked bank and financial accounts so that balances, categories, and transactions stay up to date.
• Personalise your experience, including budget suggestions, spending insights, and notifications you choose to enable.
• Provide customer support and respond to your messages, waitlist submissions, and feedback.
• Send transactional messages (for example, OTP codes, security alerts, password resets, account changes, and receipts) and, where you have opted in, product updates, launch announcements, and marketing.
• Improve and develop the Services using analytics and crash reports, primarily in aggregated or de-identified form.
• Detect, prevent, and investigate fraud, abuse, unauthorised access, and other security incidents.
• Comply with legal, regulatory, tax, and accounting obligations, and enforce our Terms of Service.

We do not sell your personal information, and we do not use your financial transaction data to deliver advertising.

Some features in the app use artificial intelligence and large language models (for example, to summarise spending, categorise transactions, or answer in-app questions). When you use these features, the request and the relevant context (such as transaction details you choose to share) may be processed by our AI provider on our behalf.

We take steps to limit what is shared and instruct our AI provider not to use your data to train their general models. AI outputs may be imprecise or incomplete; you should not rely on them as financial, legal, or tax advice.

We do not sell your personal information. We share it only as described below:

• Service providers that process data on our behalf, including:
  • Google / Firebase — authentication, push notifications, crash reporting, and storage.
  • Apple — Sign in with Apple and push notification delivery on iOS.
  • Mono — secure bank account linking and financial data aggregation.
  • Cloud hosting and infrastructure providers that host our APIs and databases.
  • Email and messaging providers used to send transactional and product emails.
  • Analytics tools used to understand performance, stability, and feature usage.
• With your direction — when you ask us to share information (for example, when you connect a third-party service to your Budtra account).
• Legal and safety — when we believe it is reasonably necessary to comply with law, legal process, or a valid government request, or to protect the rights, property, or safety of Budtra, our users, or others.
• Business transfers — if Budtra is involved in a merger, acquisition, reorganisation, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
• Aggregated data — we may share aggregated or de-identified information that cannot reasonably be used to identify you.

On our website, we use cookies and similar technologies for essential functionality (such as remembering your theme preference and login state) and for analytics. You can control cookies through your browser settings; if you disable them, parts of the site may not work as expected.

In our mobile app, we use SDK-level identifiers (such as a Firebase install ID, app instance ID, and a push notification token) to provide core functionality, push notifications, crash reporting, and analytics. You can manage push notifications and certain tracking permissions in your device's system settings.

Some browsers offer a "Do Not Track" signal. There is no uniform standard for interpreting these signals, so we do not respond to them in a specific way.

The Budtra mobile app requests certain device permissions to deliver specific features. Permissions are only used for the purposes you authorise:

• Camera — to take photos in-app (for example, your profile photo or a receipt).
• Photo library — to pick photos or videos you choose to upload, and to save files (such as exported receipts) you choose to download.
• Biometrics (Face ID / Touch ID / fingerprint) — to unlock the app and authorise sensitive actions. Biometric data is processed by your device's secure enclave and never leaves your device; we only receive a yes/no result.
• Push notifications — to send alerts you opt into (for example, budget reminders or security alerts).
• Network and device info — to securely communicate with our servers, prevent fraud, and improve reliability.

You can withdraw any of these permissions at any time in your device settings. Some features may not work without their required permissions.

We retain personal information for as long as needed to provide the Services, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data:

• Active account data is retained while your account is open.
• Financial records (such as transactions imported from linked accounts) may be retained for the period required by applicable financial and tax laws, typically up to 7 years after account closure.
• Waitlist emails are retained until you unsubscribe or request deletion.
• Logs, crash reports, and security records are typically retained for up to 24 months.

When you delete your account, we delete or de-identify your personal information within a reasonable period, except where we are required or permitted to retain it by law.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal information, subject to legal exceptions.
• Object to, or restrict, certain processing of your personal information.
• Request a portable copy of certain data.
• Withdraw consent at any time where we rely on consent.

You can manage many choices directly in the app: update your profile, disconnect linked bank accounts, control push notifications, and delete your account. To exercise any other rights, contact us via the Contact page. We may need to verify your identity before responding.

Marketing emails include an unsubscribe link. You can also request removal from the waitlist at any time.