Privacy Policy

Privacy at a Glance

• We do not sell your personal data.
• Your bank credentials never touch RealBudget. Secure linking is handled by Plaid.
• Analytics & crash reports are opt-in. You choose if you want to share this data.
• You control your data. You can request a copy or deletion of your data at any time.
• We only use your data to provide the app’s features.

Information We Collect

• Account information: Email address and name from Firebase Authentication (including Google or Apple sign‑in).
• App data: Budgets, envelopes, transactions, and related settings you create in RealBudget, stored securely in Firestore.
• Device and usage information: Technical details such as device type, operating system, and app version. Our service providers may also automatically log limited information such as IP addresses and diagnostic signals for security, fraud prevention, and to ensure reliable operation of the Service.
• Log data: Standard server and application logs, which may include timestamps, request/response metadata, limited device information, and error messages generated during use of the Service.
• Crash and performance data (opt-in): If you consent, Crashlytics may collect error reports, crash traces, and related technical details (such as device type, operating system version, and app version) to help us diagnose and improve performance issues.
• Analytics data (opt-in): If you explicitly opt in, Firebase Analytics may collect information such as language/region, feature usage, in-app events, and aggregated usage statistics to help us understand how the Service is used.
• Support correspondence: Information you provide when you contact us (message content, attachments, and metadata).
• Financial account data (if linked): If you connect a bank account via Plaid, we receive transaction and account details necessary to support bank sync. We do not receive or store your banking credentials.
• Subscription and purchase information: Purchase and entitlement metadata processed by RevenueCat and the app stores (Apple App Store / Google Play), such as product identifiers, purchase status, and expiration dates. We do not receive full payment card details.
• Notifications & device tokens: Push notification tokens and related identifiers (e.g., Firebase Cloud Messaging tokens) used to deliver opt‑in alerts and updates.
• Collaboration data: If you share a budget or invite others, we process sharing relationships, invitation status, and the display names/emails necessary to enable collaboration.
• Web browser data (web app only): Cookies, local storage, or similar technologies used by integrated services (e.g., Firebase Authentication) to maintain sessions, enhance security, and enable functionality.

How We Use Information

• To provide and operate the Service (budgets, envelopes, transactions).
• To authenticate you, maintain your account, and keep you signed in across devices.
• To enable collaboration with other users if you choose to share your budget or send invitations.
• To provide customer support and respond to inquiries or support requests.
• To process subscriptions and entitlements via RevenueCat, Google Play, and the Apple App Store.
• To connect accounts and transactions via Plaid, if you choose to link a bank.
• To deliver push notifications and alerts (with your consent), using Firebase Cloud Messaging on Android and Apple Push Notification Service (APNs) on iOS.
• To improve the Service, including fixing bugs, monitoring performance, and optimizing features.
• To analyze app usage through Analytics (only after explicit opt-in).
• To comply with legal obligations, including tax, accounting, and fraud prevention requirements.

We do not sell your personal data.

Legal Bases for Processing (GDPR)

• Consent: When you explicitly agree, for example by opting in to Analytics or Crashlytics.
• Performance of a contract: When processing is necessary to provide the Service you requested, such as authenticating your account or maintaining your budgets.
• Legal obligations: When we must comply with legal requirements (e.g., tax or accounting records for subscriptions).
• Legitimate interests: When processing is necessary for our legitimate business interests, provided these do not override your rights. Examples include improving our Service, preventing fraud, and maintaining app security.

You may withdraw your consent at any time through app settings or by contacting us. This will not affect the lawfulness of processing based on consent before its withdrawal.

International Data Transfers

Our service providers, including Firebase (Google LLC), Google Play, Apple Inc., Plaid Inc., and RevenueCat, may process your personal data outside of your home country, including in the United States and other jurisdictions.

When personal data is transferred from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that may not provide the same level of data protection, our providers rely on lawful transfer mechanisms. These include adequacy decisions issued by the European Commission where available, and the use of Standard Contractual Clauses (SCCs) or other safeguards approved by regulators.

In particular, Plaid relies on Standard Contractual Clauses (SCCs) for transfers of financial account data to the United States. Firebase (Google LLC), Google Play, Apple, and RevenueCat also rely on SCCs or equivalent safeguards for cross-border processing.

By using the Service, you acknowledge that your information may be transferred to and processed in countries outside your country of residence, subject to these safeguards.

Data Sharing

• Firebase (Google LLC): Provides Authentication, Firestore database, Cloud Functions, Cloud Storage, Analytics (with consent), Crashlytics (with consent), and Cloud Messaging for push notifications. Firebase may process device identifiers, app usage events, and notification tokens to operate these services. Privacy Policy
• Google Play Services: Supports Android app distribution, in-app updates, push notifications, and device integrity checks. Google may process device identifiers, crash logs, diagnostics, and purchase verification metadata to provide these services. Privacy Policy
• Apple Inc.: Provides authentication (Sign in with Apple), processes payments for subscriptions via the App Store, and enables push notifications on iOS. Apple may also process device identifiers and related information. Privacy Policy
• Plaid Inc.: Securely connects your bank account to RealBudget. We never see your banking credentials. Plaid may process transaction and account data to provide this service. Privacy Policy
• RevenueCat: Manages subscription status and entitlements across platforms. RevenueCat may process purchase metadata such as product identifiers, expiration dates, and platform transaction receipts, but does not process full payment card details. Privacy Policy

These third parties are contractually obligated to use your data only for the purposes of providing their services to us, and may process personal data outside your country of residence.

Data Retention

• We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
• Financial account data retrieved via Plaid (such as transactions and balances) is retained in your account for as long as the linked connection remains active. If you unlink a bank, the data already synced will remain available in RealBudget until you manually delete it or delete your account. If you delete your account, all Plaid-derived data will be deleted within 30 days.
• Subscription purchase records, payment receipts, and accounting information may be retained for longer periods where required by law, to comply with tax or regulatory obligations, or to resolve disputes. These records are managed by Apple, Google Play, and RevenueCat, which may retain such data in accordance with their own privacy policies.
• Support correspondence and log data may be kept for a reasonable period to help us respond to issues, improve the Service, and prevent fraud or abuse.
• You may request deletion of your data at any time. Requests will be completed within 30 days, subject to applicable legal or contractual requirements.
• If you delete your account, your personal data and budget data will be removed from our systems, except where retention is required for legal, regulatory, or legitimate business purposes (such as fraud prevention or security).
• Deleted data may continue to exist in encrypted backups for a limited period before being permanently removed.
• Subscription and purchase records managed by Apple, Google Play, and RevenueCat cannot be deleted by us, as they are required to validate purchases and entitlements. These providers may retain such data in accordance with their own privacy policies.

We apply strict access controls to retained data and ensure it is deleted or anonymized when no longer needed.

Your Rights

• General rights: You can request access to a copy of your data, request correction or updates, or request deletion of your data.
• GDPR (EU/EEA users): You have the right to data portability, the right to restrict or object to processing, and the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). You may also lodge a complaint with your local data protection authority.
• California (CCPA/CPRA users): You have the right to know what categories of data we collect, the right to request deletion, the right to opt out of the “sale” or “sharing” of personal data (RealBudget does not sell personal data), and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please see the Contact Us section below.

Cookies and Tracking

When you use the RealBudget mobile app, we do not use cookies. Instead, third-party services (such as Firebase Analytics) may use identifiers similar to cookies (such as device identifiers or installation IDs) to provide analytics and crash reporting, but only after you have explicitly opted in.

When you use the web version of RealBudget, cookies or similar technologies may be used by Firebase Authentication and other integrated services to maintain your session, improve security, and enable functionality. Plaid and other providers integrated into the Service may also set cookies as part of their secure login and transaction flow. You can manage cookies through your browser settings.

We only use cookies or similar technologies that are strictly necessary for the operation of the Service (such as authentication and secure login), unless you have explicitly opted in to additional analytics or crash reporting.

Security

We use commercially reasonable technical and organizational measures to protect your personal data, including encryption in transit, access controls, and limited retention of data.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. We also encourage you to take steps to protect your information, such as keeping your account credentials confidential and using secure devices and networks.

Children’s Privacy

The Service is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. If we learn we have collected data from a child, we will delete it promptly.

EEA/UK clarification: Under the GDPR, the default age of digital consent is 16. Member States may permit a lower age provided it is not below 13 and parental consent is obtained. Where required by local law, users in the EEA/UK must be at least 16 years old to use the Service, or have verifiable parental consent if a lower age applies in their country.

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted in the app or on our website, and the “Last modified” date will be updated. Continued use of the Service means you accept the updated policy.

Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or how your personal data is handled, please contact us through our support page:

https://realbudget.app

For privacy-specific inquiries, including requests related to your rights under the GDPR, UK GDPR, or other privacy laws, you may also contact us at:

realbudget-privacy@litapplications.com