Privacy Policy

Contact Information

1. Introduction

Welcome to BudgetOnTime. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our budget management application and services.

By using BudgetOnTime, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the application.

2. Information We Collect

2.1 Personal Information You Provide

• • Account Information: Name, email address, password (encrypted)
• • Profile Information: Display name, avatar, bio, timezone preferences
• • Financial Information: Budget amounts, expense categories, transaction descriptions
• • Workspace Information: Workspace names, member relationships, shared budgets

2.2 Bank and Financial Data (via Plaid)

When you choose to connect your bank accounts, we collect the following through our secure integration with Plaid:

• • Account Information: Account names, types, and masked account numbers
• • Balance Information: Current and available balances
• • Transaction Data: Transaction amounts, dates, descriptions, categories, and merchant information
• • Institution Information: Financial institution name and identifiers

2.3 Information Automatically Collected

• • Usage Data: Features used, frequency of use, interaction patterns
• • Device Information: Browser type, operating system, device identifiers
• • Log Data: IP address, access times, pages viewed, click patterns
• • Cookies: Session management, user preferences, authentication tokens

2.3 Financial Data

• • We do NOT store credit card or banking credentials
• • Payment processing is handled by Stripe (PCI-compliant)
• • Transaction amounts and categories are stored for budgeting purposes only

3. How We Use Your Information

We use your information to:

• • Provide Services: Manage your budget, track expenses, generate insights
• • Improve Features: Analyze usage patterns, enhance user experience
• • Communication: Send important updates, security alerts, feature announcements
• • Customer Support: Respond to inquiries, troubleshoot issues
• • Legal Compliance: Comply with applicable laws and regulations
• • Security: Detect and prevent fraud, unauthorized access

4. Data Sharing and Disclosure

Limited Sharing

We may share your information only in these circumstances:

• • With Your Consent: When you explicitly authorize sharing
• • Workspace Members: Budget data shared within your workspace teams
• • Service Providers: Trusted partners who assist our operations (Supabase, Vercel, Stripe)
• • Legal Requirements: When required by law or to protect rights
• • Business Transfers: In case of merger, acquisition, or asset sale

5. Financial Data Security

We take extra precautions to protect your financial information:

• • Bank-Level Encryption: AES-256-GCM encryption for all financial data
• • Token Security: Plaid access tokens encrypted with PBKDF2 key derivation
• • No Credential Storage: We never store your bank login credentials
• • Secure Partners: Plaid is certified for SOC 2 Type 2 and uses TLS 1.2+ encryption
• • Access Controls: Row-level security ensures you only see your own data
• • Rate Limiting: Protection against API abuse and excessive syncing
• • Regular Audits: Continuous monitoring and security assessments

6. Data Retention and Deletion

Retention Periods

• • Active Accounts: Data retained while account is active
• • Transaction History: Up to 24 months of transaction data
• • Deleted Accounts: 30-day grace period, then permanent deletion
• • Bank Connections: 90 days after disconnection (unless deletion requested)
• • System Logs: 30 days for debugging and security
• • Backups: 90 days in encrypted backup storage

Data Deletion

You can request complete data deletion by:

• • Emailing admin@budgetontime.com from your registered email
• • Using the "Delete Account" option in Settings
• • Requesting specific data removal (e.g., bank connections only)

Note: Some information may be retained for legal compliance, fraud prevention, or to resolve disputes.

7. Your Rights and Choices

Access and Control

You have the right to:

• • Access: Request a copy of your personal data
• • Correct: Update or correct inaccurate information
• • Delete: Request deletion of your account and data
• • Export: Download your data in a portable format
• • Restrict: Limit how we process your information
• • Object: Opt-out of certain data processing

8. California Privacy Rights (CCPA)

California residents have additional rights:

• • Right to know what personal information is collected
• • Right to know if information is sold or disclosed
• • Right to say no to the sale of personal information
• • Right to equal service and price

To exercise these rights, contact us at admin@budgetontime.com

9. Third-Party Services

We integrate with trusted third-party services to provide our features:

10. Contact Us