Privacy Policy

2. What data we collect

We only collect what we need to run the service:

• Account data — your name, email address, hashed password, timezone, and preferred currency.
• Sign-in data from Google or GitHub, if you choose to use them — your provider user ID, name, email, and avatar URL. We do not store passwords from those providers and we do not request more than basic profile scopes.
• Your budget content — buckets, transactions, recurring transactions, import rules, and CSV imports you upload. This is the product; without it the service cannot function.
• Subscription metadata — your Stripe customer ID, subscription status, and renewal dates. We never see or store your card number, CVV, or bank account details.
• Billing address — when you start a subscription, Stripe collects your billing address (country, city, postal code, street) to determine the correct currency, satisfy payment-card requirements, and meet invoice and tax record-keeping obligations. The address is stored on Stripe's systems; we can retrieve it on demand but do not copy it into our own database.
• Notification preferences — which transactional emails you have opted into.
• Security and audit data — an audit log of significant actions (transaction edits, bucket changes, imports) that records the action, a timestamp, and the IP address you acted from. This is used to investigate abuse and to help you recover from mistakes.
• Diagnostic data — when an error occurs we send the stack trace and the user ID involved to Sentry (see "Subprocessors" below). We do not send the contents of your transactions or buckets in this telemetry.

We do not connect to your bank, see your bank credentials, account numbers, or card numbers. We do not use your data to train AI models, ours or anyone else's. We do not sell your data.

3. Why we process it (legal basis)

Under the EU/UK General Data Protection Regulation (GDPR), our legal bases are:

• Performance of a contract (Art. 6(1)(b)) for the data needed to create your account, store your budgets, send service emails (e.g. email verification, password resets), and process your subscription.
• Legitimate interests (Art. 6(1)(f)) for the audit log, abuse-prevention rate limiting, and error diagnostics — our interest is keeping the service secure and working, balanced against your reasonable expectations. You can object at any time using the contact above.
• Consent (Art. 6(1)(a)) only for optional product notifications you toggle on in Settings. You can withdraw consent at any time from the same screen.
• Legal obligation (Art. 6(1)(c)) for keeping invoice and tax records related to your subscription, where required by applicable accounting law.

4. Subprocessors

We rely on the following third parties to deliver the service. Each is bound by a data processing agreement and processes data only on our instructions.

5. International transfers

Our primary infrastructure is hosted in the European Union. Some optional subprocessors (Stripe Inc., Google, GitHub) are located in the United States. Where personal data leaves the EEA we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism, supplemented by encryption in transit and at rest.

6. How long we keep your data

• Account, buckets, transactions, rules, recurring transactions — for as long as your account exists. When you delete your account they are removed immediately from the live database (backups follow the rotation below).
• Backups — your data may persist in encrypted backups for up to 30 days after deletion, after which it is overwritten in the normal backup rotation.
• Audit log entries — retained for 180 days, then automatically pruned.
• Error diagnostics in Sentry — retained for 90 days, then automatically purged by Sentry.
• Subscription and invoice records — retained for the period required by applicable tax and accounting law (typically up to 7 years) even after account deletion.

7. Your rights

Under GDPR you have the right to:

• Access — request a copy of the personal data we hold about you by emailing the privacy contact below. You can also export your transactions from the app at any time.
• Rectification — correct inaccurate data. Most fields are editable directly in Settings.
• Erasure — delete your account from Settings → Delete account. This is immediate and irreversible (subject to the retention windows above).
• Restriction — ask us to pause processing while a dispute is being resolved.
• Portability — receive your data in a structured, machine-readable format (such as CSV); email the privacy contact below to request it. Your billing address held by Stripe is available on request the same way.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for anything we process on the basis of consent, at any time.
• Lodge a complaint — with your local data protection supervisory authority. A list is available at edpb.europa.eu.

We will respond to verified requests within one month, as required by Art. 12(3) GDPR.

8. Cookies and local storage

We use a single session cookie to keep you signed in and a CSRF token cookie for security. We use localStorage in your browser for interface preferences such as theme, sidebar state, and dismissed notices. We do not use advertising cookies, third-party analytics, fingerprinting, or cross-site trackers. Because all cookies and storage we set are strictly necessary, no cookie-consent gate is shown — only an informational banner.

9. Security

Passwords are stored using strong, industry-standard one-way hashing. Connections to the service are encrypted with TLS. Authentication is protected by rate limiting on login, registration, and password reset. Stripe handles all card data under PCI DSS. We restrict access to production systems to the people who need it.

10. Children

Buckt is not directed at children. You must be at least 18 years old to create an account. If we learn that we have collected data from someone under that age we will delete it.

11. Changes to this policy

We may update this policy from time to time. If we make a material change we will notify active accounts by email and update the "last updated" date above. The current version is always available at this URL.