BudgenuityBUDGENUITYSign in

Privacy Policy

Effective: April 1, 2026

Budgenuity("we," "us," or "our") is a household budget tracking application operated by Make It Radder LLC. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our service at budgenuity.com.

1. Information We Collect

1.1 Account Information

When you sign in with Google or via email magic link, we receive your name, email address, and profile picture (for Google). We use this to create and identify your account. We do not receive or store your Google password.

1.2 Financial Data

If you connect a bank account through Plaid, we receive transaction history, account balances, account names, and institution information. This data is used to power budgeting features like cashflow timelines, spending categories, and projections.

We also store data you enter manually, including: manual transactions, budget buckets, scheduled projections, financial goals, and categorization rules.

1.3 Technical Data

We collect standard technical data to operate the service: IP address, browser type, device type, and error/crash reports (via Sentry). We do not use this data for advertising or tracking.

2. How We Use Your Information

  • Provide the service: display your transactions, calculate budgets, generate insights, and sync with your bank.
  • Household features: share financial data with members you invite to your household.
  • Error monitoring: diagnose and fix bugs using anonymized crash reports.
  • Security: detect unauthorized access, enforce rate limits, and maintain audit logs.

We never sell your personal information. We do not use your financial data for advertising, marketing, or profiling.

3. Third-Party Services

We share data with the following third-party services solely to operate Budgenuity:

  • Plaid— bank account connection and transaction sync. Plaid's use of your data is governed by the Plaid End User Privacy Policy.
  • Google — OAuth authentication only. We receive your name, email, and avatar.
  • Neon— PostgreSQL database hosting. Your data is stored encrypted at rest on Neon's infrastructure.
  • Vercel — application hosting and edge delivery.
  • Sentry — error monitoring. Crash reports may include request metadata but not financial data.
  • Resend— transactional email (household invitations). We share only the recipient's email address.
  • Upstash — rate limiting via Redis. Only IP-based identifiers are stored temporarily.

4. Data Security

We protect your data with multiple layers of security:

  • All connections use HTTPS/TLS encryption in transit.
  • Sensitive tokens (Plaid access tokens, OAuth tokens) are encrypted at rest using AES-256-GCM before being stored in the database.
  • Database access is scoped per household — you can only access data belonging to your household.
  • All API endpoints require authentication. Admin-only actions (member management, audit logs) require the ADMIN role.
  • Rate limiting protects against brute-force and abuse.
  • Security headers (CSP, HSTS, X-Frame-Options) are enforced on all responses.

5. Data Retention

We retain your financial data for as long as your account is active. Transaction history is kept to provide accurate budgeting, reporting, and tax-related insights. Audit logs are retained for security and compliance purposes.

When you delete your account, all personal and financial data associated with your account is permanently deleted from our database within 30 days. Plaid access tokens are revoked immediately upon deletion. Backups containing deleted data are purged on their normal rotation schedule.

6. Your Rights

Under the California Consumer Privacy Act (CCPA) and similar state privacy laws, you have the following rights:

  • Right to Know: You can request a copy of all personal data we hold about you. Use the Data Export feature in Settings, or contact us at the email below.
  • Right to Delete: You can delete your account and all associated data at any time from Settings. This action is permanent and cannot be undone.
  • Right to Opt-Out of Sale: We do not sell your personal information to any third party. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

6.1 Do Not Sell My Personal Information

Budgenuity does not sell, rent, or trade your personal information to any third party for monetary or other valuable consideration.

Under the California Consumer Privacy Act (CCPA §1798.120), you have the right to opt out of the sale of your personal information. Because we do not engage in the sale of personal information, there is no need to submit an opt-out request. If our practices ever change, we will update this policy and provide a mechanism to opt out.

If you have questions about this policy, contact us at privacy@budgenuity.com.

7. Cookies

We use only essential cookies required for the service to function:

  • Session cookie — authenticates your login session. HttpOnly, Secure, SameSite=Lax. Expires when your session ends or after the configured session lifetime.
  • CSRF token — protects against cross-site request forgery on authentication flows.

We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

8. Children's Privacy

Budgenuity is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the effective date at the top of this page. Your continued use of Budgenuity after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Make It Radder LLC
Email: privacy@budgenuity.com