Security & Privacy Policy

Last Updated: January 18, 2026

1. Our Core Promise

At Budget iT, we believe your financial data belongs to you alone. We operate on a "Minimum Knowledge" principle. We built this platform because we were tired of "free" budgeting apps selling our data to credit card companies.

We strictly do NOT sell, rent, or trade your personal or financial data to advertisers, banks, or data brokers. The core Budget iT platform is free to use. While we plan to introduce optional paid tiers for convenience in the future, our priority is serving you—not advertising algorithms.

2. Bank-Grade Security ("The Vault")

We provide top-notch privacy and treat your data with the highest level of encryption available:

  • Fully Encrypted Communications: All data transmitted between your device and our secure cloud is protected using 256-bit SSL/TLS encryption.
  • Encryption at Rest: Your sensitive financial data is stored in our highly secure, fully encrypted databases. Even if physical hardware were compromised, your data remains cryptographically unreadable.
  • Zero-Access to Banking Credentials: We do not store your online banking usernames or passwords. We do not have the technical ability to withdraw funds from your accounts.

3. Information We Collect

We collect only what is strictly necessary to calculate your budget:

  • Identity Data: Your email address, solely for login and account recovery.
  • Financial Inputs: The income, expense categories, and transaction amounts you manually enter to power the dashboard charts.
  • Tax Parameters: Your selected province and hourly wage, used by our "Canadian Tax Engine" to estimate CPP/EI deductions.

4. Data Sovereignty & Isolation

Your financial ledger is isolated. We utilize Row Level Security (RLS) at the database kernel level. This means it is mathematically impossible for another user to query your transaction rows, even if they attempted to bypass the application interface.

5. Data Retention & Deletion

You own your data. You may export your complete transaction history to CSV at any time.

"Right to be Forgotten": If you delete your account, your data is nuked. We do not keep "shadow copies." All personal identifiable information is permanently purged from our active systems immediately.

6. Secure Infrastructure

We are a lean, privacy-focused team. We rely on top-tier, enterprise-grade reliable infrastructure to keep the lights on:

  • Enterprise Database Hosting: Our databases are hosted securely with SOC2 compliant providers (Supabase), ensuring maximum data integrity and uptime.
  • Secure Application Cloud: Our application runs on a globally distributed, secure cloud network with built-in DDoS protection.

7. Cookies & Local Storage

We believe in keeping your digital footprint light. We use only essential local storage and session cookies strictly for:

  • Keeping you logged in securely (Authentication tokens).
  • Remembering your improved theme preference (Dark/Light mode).

We do not use third-party tracking cookies, spy pixels, or cross-site tracking tools.

8. Third-Party Services

We minimize reliance on external processors. However, to provide our service, we use the following trusted subprocessors:

  • Supabase: For secure database hosting and user authentication management (SOC2 Compliant).
  • Coolify/Vercel: For application hosting and deployment.

9. Your Rights

As a user, you hold specific rights regarding your data:

  • Right to Access: You can view all your stored data directly via the dashboard at any time.
  • Right to Correction: You can modify any transaction or budget entry instantly within the app.
  • Right to Deletion: You can delete your account and all associated data permanently via the Settings page.
  • Right to Export: You can download your data in a portable format (CSV/PDF).

10. Data Breach Notification

In the unlikely event of a security breach that compromises your personal data, we are committed to notifying you via email within 72 hours of discovery, outlining the nature of the breach and the steps we are taking to protect you.

11. Changes to This Policy

We may update this policy as our platform evolves. Significant changes will be communicated to you directly via email or a prominent notification within the app. Using Budget iT after such changes constitutes acceptance of the new policy.

12. Contact Support

Support channel is now fully online and working. Whether you have a security concern or a feature request, real humans are monitoring this inbox.

Email: support@budgetit.ca