Privacy Policy

Last updated: January 5, 2026

This Privacy Policy ("Policy") explains how Budget AI (referred to as "Service Provider", "Developer", "We", "Us") collects, uses, and protects the personal information of users ("User" or "you") of the Budget AI mobile application ("Application", "App"). This service is intended for use "AS IS".

Information Collection and Use

The Application collects information when you download and use it. This information may include:

• Your device's Internet Protocol address (e.g. IP address)
• The pages of the Application that you visit, the time and date of your visit, the time spent on those pages
• The time spent on the Application
• The operating system you use on your mobile device
• Device identifier (AppSet ID) for fraud prevention and premium subscription management
• Your email address (if you signed up)

The Application does not gather precise information about the location of your mobile device.

Types of Data Storage

The Application offers multiple data storage options, and the personal information collected depends on your chosen storage method:

Local Storage (Default)

By default, all your accounts/categories/transactions data is stored exclusively on your device and is not transmitted to any external servers or accessible by the Developer. When using local storage, all data remains on your device. Only voice input sent to AI services can be stored in app logs for fraud prevention purposes.

Cloud Sync (Optional)

When you create a Budget AI account and enable cloud sync, the following information is collected and stored:

• Account Information: Email address, authentication credentials
• Transaction Data: Date, description, amount, and category of your financial transactions
• App Data: Your accounts, categories, budgets, and settings
• Device Information: IP address, device type, and operating system for security and authentication purposes

Cloud data is stored using Appwrite's cloud infrastructure, which uses industry-standard encryption for data at rest and in transit.

User Identification

The Application uses AppSet ID to create an internal user identifier. This identifier is used for:

• Fraud prevention and security purposes
• Managing premium subscription status
• Syncing data across devices (when using cloud features)

This identifier does not collect personally identifiable information and is reset when you uninstall the Application.

Voice Input Processing

The Application uses voice input to create transactions. Voice processing works as follows:

• Local Transcription: The Application uses built-in speech recognition (Android Speech Recognition or Apple Speech SDK) to transcribe your voice into text. The transcription happens locally on your device in most cases but could, under some circumstances, be sent to Google's or Apple's servers for processing.
• AI Interpretation: The transcribed text is sent to AI services for interpretation and categorization of transactions. No voice recordings are sent to AI services - only the text transcription.
• No Voice Storage: Voice recordings are processed in real-time and are not stored by the Developer or on any external servers.

Third-Party Services and APIs

The Application utilizes the following third-party services:

Appwrite (for Cloud Sync users)

Appwrite is used as the backend infrastructure for cloud accounts. Key security features include:

• Data encryption at rest using AES encryption
• Data encryption in transit using TLS/SSL
• Secure authentication and session management

Appwrite's privacy policy can be reviewed at https://appwrite.io/privacy.

DigitalOcean (Cloud Infrastructure)

DigitalOcean provides the cloud infrastructure for hosting our backend services. Key security features include:

• SOC 2 Type II and SOC 3 Type II certified
• Data encryption at rest and in transit using TLS/SSL
• GDPR compliant with transparent data processing
• Cloud Security Alliance STAR Level 1 certification
• Virtual Private Cloud for network isolation

DigitalOcean's privacy policy and security information can be reviewed at Privacy Policy and Security.

OpenAI API (for AI transaction processing)

The transcribed text from voice input is sent to OpenAI API for interpretation and categorization. Important information about OpenAI data handling:

• OpenAI does not store API data for more than 30 days
• OpenAI will not use API data to train its models
• Data is processed in real-time and not retained permanently
• Only text transcriptions are sent, never voice recordings

You can read more about how OpenAI handles API data in their API data usage policies.

OpenRouter (AI model routing)

OpenRouter may be used as an alternative AI routing service. OpenRouter acts as a proxy to various AI models and follows similar data handling practices. Their privacy policy is available at https://openrouter.ai/privacy.

Sentry (Error tracking)

Sentry is used for error tracking and performance monitoring. It collects crash reports and performance data to help improve the Application. Privacy policy: https://sentry.io/privacy/.

Google AdMob (Advertising)

The free version of the Application displays advertisements provided by Google AdMob. AdMob may collect and use data for personalized advertising. You can opt out of personalized ads in your device settings. Privacy policy: https://policies.google.com/privacy.

Data Security

We implement multiple layers of security to protect your personal information:

• All communication between the App, backend services, and third-party APIs is encrypted using HTTPS/TLS/SSL
• For local storage users: Data is stored exclusively on your device using platform-specific secure storage mechanisms
• For cloud sync users: Data is encrypted at rest and in transit
• Authentication credentials are securely managed

Data Retention

Personal information is retained as follows:

• Local Storage: Data is retained until you manually delete it from the App, uninstall the App, or reset your device
• Cloud Sync: Data is retained until you request deletion or delete your account
• Voice transcriptions: No voice data is retained by the Developer; transcriptions are processed in real-time
• OpenAI processing: OpenAI may retain data for up to 30 days for abuse monitoring but does not use it for model training

If you'd like us to delete your data, please contact us at appsupp@yahoo.com and we will respond in a reasonable time.

Data Disclosure

The Service Provider may disclose User Provided and Automatically Collected Information:

• As required by law, such as to comply with a subpoena, or similar legal process
• When they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
• With their trusted service providers who work on their behalf, do not have an independent use of the information disclosed to them, and have agreed to adhere to the rules set forth in this privacy statement

Opt-Out Rights

You can stop all collection of information by the Application easily by uninstalling it. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace.

Children's Privacy

The App is not intended for use by children under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children.

Changes to This Policy

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at appsupp@yahoo.com.