Budget-Flow-Privacy

Privacy Policy for Budget Flow

Effective Date: December 1, 2024
Last Updated: December 1, 2024

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Budget Flow (“we,” “our,” “us,” or “the Company”) collects, uses, processes, stores, and protects your information when you use our mobile application “Budget Flow” (the “App” or “Service”).

1.1 About Budget Flow

Budget Flow is a personal finance management application designed to help users track expenses, manage budgets, and gain insights into their financial habits. Our commitment to privacy is fundamental to our service design.

1.2 Applicability

This Policy applies to:

• All users of the Budget Flow mobile application
• All features and functionality within the app
• Any data processing activities related to the app
• Both online and offline usage of the application

1.3 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy in the app
• Providing in-app notifications about policy changes
• Updating the “Last Updated” date at the top of this policy

Your continued use of the app after any changes constitutes acceptance of the updated policy.

2. Information We Do NOT Collect

2.1 No Personal Identifiable Information (PII)

We want to be clear about what we do NOT collect:

• No names, addresses, or contact information
• No email addresses or phone numbers
• No government-issued identification numbers
• No biometric data
• No location data (unless explicitly enabled by you)
• No device identifiers for tracking purposes
• No browsing history or search queries
• No social media account information

2.2 No External Data Collection

We do not:

• Collect data from third-party sources
• Purchase or acquire user data from data brokers
• Use tracking technologies or cookies
• Implement analytics or crash reporting services
• Monitor your usage patterns for marketing purposes

3. Information We Process Locally

3.1 Financial Data

The app processes the following financial information locally on your device:

• Transaction amounts and descriptions
• Category classifications for expenses and income
• Budget limits and spending targets
• Financial goals and savings targets
• Custom categories and tags you create
• Receipt images (stored locally only)

3.2 App Usage Data

Locally stored usage information includes:

• App preferences and settings
• Notification preferences
• Backup frequency and settings
• Currency preferences
• Theme and display preferences
• AI learning patterns for categorization

3.3 Technical Data

Device-specific technical information processed locally:

• App performance metrics
• Error logs (stored locally only)
• Feature usage statistics (local only)
• Backup file metadata

4. How We Use Your Information

4.1 Primary Uses

We use your locally stored information to:

• Provide core app functionality (expense tracking, budgeting, reporting)
• Generate financial insights and analytics
• Improve AI categorization accuracy
• Create personalized spending recommendations
• Generate local notifications and alerts
• Enable data backup and restoration

4.2 AI and Machine Learning

Our on-device AI features:

• Learn from your spending patterns to improve categorization
• Generate smart suggestions for future transactions
• Analyze spending trends to provide insights
• Process receipt images for automatic data extraction
• All processing occurs locally on your device

4.3 Data Processing Principles

We follow these principles:

• Minimal processing: Only process data necessary for app functionality
• Local-first: All processing happens on your device
• Purpose limitation: Data is only used for intended app features
• No external sharing: Data never leaves your device without your explicit consent

5. Data Storage and Security

5.1 Local Storage

All your data is stored locally on your device using:

• Secure local database with encryption at rest
• Isolated storage containers to prevent unauthorized access
• Device-specific encryption keys generated locally
• No cloud synchronization unless explicitly enabled by you

5.2 Encryption Standards

We implement industry-standard security measures:

• AES-256 encryption for sensitive data
• Secure key generation using device-specific entropy
• Encrypted backups when cloud storage is used
• No plaintext storage of sensitive information

5.3 Security Measures

Our security approach includes:

• No network transmission of sensitive data
• Local-only processing to minimize attack vectors
• Regular security audits of our codebase
• Secure coding practices and vulnerability assessments

6. Backup and Data Portability

6.1 Local Backups

You can create encrypted backups that:

• Store data locally on your device
• Use strong encryption (AES-256)
• Include all app data and settings
• Can be restored on the same or different devices

6.2 Cloud Backup Options

When you choose to use cloud backup:

• Google Drive integration (optional feature)
• Direct upload to your Google Drive account
• No intermediate servers or data processing
• Subject to Google’s Privacy Policy and Terms of Service
• We have no access to your Google Drive data

6.3 Data Export

You can export your data in:

• CSV format for spreadsheet applications
• JSON format for data portability
• Standard formats for easy migration
• Complete data sets including all transactions and settings

7. Third-Party Services and Integrations

7.1 Google Drive Integration

When you enable Google Drive backup:

• Direct integration with your Google account
• OAuth 2.0 authentication for secure access
• Limited permissions (only for backup files)
• No data access beyond backup operations
• Google’s privacy policy applies to your Google Drive data

7.2 No Other Third-Party Services

We do not integrate with:

• Banking or financial institutions
• Payment processors or credit card companies
• Social media platforms
• Advertising networks
• Analytics or tracking services
• Data brokers or marketing companies

7.3 Third-Party Dependencies

The app may use:

• Open-source libraries for core functionality
• Operating system APIs for device features
• Standard development frameworks (Flutter, etc.)
• No third-party services that access your data

8. Notifications and Alerts

8.1 Local Notifications

All notifications are:

• Generated locally on your device
• Based on your financial data and preferences
• Scheduled by your device’s operating system
• Never transmitted to external servers

8.2 Notification Types

The app may send notifications for:

• Budget alerts when spending approaches limits
• Expense reminders based on your schedule
• Achievement notifications for financial milestones
• Backup reminders for data protection
• Weekly/monthly reports of your financial activity

8.3 Notification Control

You have complete control over:

• Which notifications you receive
• When notifications are sent
• Notification content and frequency
• Complete disabling of all notifications

9. Your Rights and Choices

9.1 Data Access Rights

You have the right to:

• Access all your data through the app’s export features
• View and modify any transaction or category
• Download your data in standard formats
• Review all stored information within the app

9.2 Data Control Rights

You can:

• Add, edit, or delete any transaction
• Modify categories and preferences
• Reset the app to factory settings
• Delete all data permanently
• Control backup settings and frequency

9.3 Privacy Choices

You have the choice to:

• Use the app anonymously without providing personal information
• Disable features that process your data
• Opt-out of any future data collection
• Stop using the app at any time

10. GDPR and CCPA Compliance

10.1 GDPR Rights (European Users)

Under GDPR, you have the right to:

• Right of Access: Access all your personal data
• Right of Rectification: Correct inaccurate data
• Right of Erasure: Delete all your data (“right to be forgotten”)
• Right to Data Portability: Export your data in a portable format
• Right to Restrict Processing: Limit how your data is processed
• Right to Object: Object to data processing
• Right to Withdraw Consent: Remove consent for data processing

10.2 CCPA Rights (California Users)

Under CCPA, you have the right to:

• Right to Know: Know what personal information is collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Not be discriminated against for exercising rights

10.3 Exercising Your Rights

To exercise your rights:

• Use in-app features to access, modify, or delete data
• Contact us at privacy@budgetflow.app
• No verification required for most requests
• Response within 30 days for formal requests

11. Data Retention and Deletion

11.1 Data Retention Policy

We retain your data:

• Only on your device while you use the app
• No server-side retention (we have no servers)
• Until you delete it or uninstall the app
• In backups until you delete them

11.2 Data Deletion

Data is deleted when:

• You delete individual transactions or categories
• You reset the app to factory settings
• You uninstall the app from your device
• You delete backup files from cloud storage

11.3 Permanent Deletion

Once deleted:

• Data cannot be recovered by us
• No backup copies are retained
• No server-side copies exist
• Deletion is immediate and permanent

12. Children’s Privacy (COPPA)

12.1 Age Restrictions

Our app:

• Is not intended for children under 13
• Does not knowingly collect data from children under 13
• Requires no age verification or personal information
• Is designed for adult financial management

12.2 Parental Controls

Parents should:

• Supervise children’s use of financial apps
• Monitor app usage and data entry
• Contact us immediately if a child has provided information
• Use device-level parental controls if needed

12.3 COPPA Compliance

We comply with COPPA by:

• Not collecting personal information from children under 13
• Not targeting children in our app design or marketing
• Providing parental contact information for concerns
• Immediately deleting any child data if discovered

13. International Data Transfers

13.1 No International Transfers

We do not:

• Transfer data internationally
• Store data on foreign servers
• Process data outside your device
• Use cloud services that transfer data across borders

13.2 Local Processing Only

All data processing:

• Occurs on your device
• Stays within your jurisdiction
• Complies with local laws
• Requires no international transfers

14. Security and Data Protection

14.1 Security Measures

We implement:

• Local encryption for all sensitive data
• Secure coding practices and regular audits
• No network transmission of sensitive information
• Device-level security integration

14.2 Data Protection

We protect your data by:

• Minimizing data collection to essential information only
• Using local processing to reduce exposure
• Implementing strong encryption standards
• Following security best practices

14.3 Incident Response

In the unlikely event of a security incident:

• We will notify you through the app
• Provide guidance on protective measures
• Assist with data recovery if possible
• Review and improve security measures

15. Legal Basis for Processing (GDPR)

15.1 Legal Basis

We process your data based on:

• Legitimate Interest: To provide app functionality and features
• Contract Performance: To fulfill our service obligations
• User Consent: For optional features like cloud backup

15.2 No Special Categories

We do not process:

• Special categories of personal data (health, biometric, etc.)
• Criminal conviction data
• Sensitive personal information

15.3 Automated Decision Making

We do not:

• Make automated decisions that affect your rights
• Use profiling that impacts your legal status
• Implement AI systems that make significant decisions

16. Contact Information and Support

16.1 Privacy Contact

For privacy-related inquiries:

• Email: privacy@budgetflow.app
• Response Time: Within 48 hours during business days
• Anonymous Contact: No personal information required
• GDPR/CCPA Requests: Same contact channels

16.2 General Support

For general app support:

• In-app support: Available through app settings
• Email Support: support@budgetflow.app
• No personal data required for support requests

16.3 Data Protection Officer

For formal privacy requests:

• Contact: privacy@budgetflow.app
• Subject Line: “Privacy Request - [Your Request Type]”
• Response: Within 30 days for formal requests

17. Changes to This Privacy Policy

17.1 Policy Updates

We may update this policy to:

• Reflect new features or functionality
• Comply with new regulations
• Improve clarity and transparency
• Address user feedback

17.2 Notification of Changes

We will notify you of changes by:

• In-app notifications for significant changes
• Updated policy available in app settings
• Version history available upon request
• Clear communication of material changes

17.3 Acceptance of Changes

Your continued use of the app after changes:

• Constitutes acceptance of the updated policy
• Applies to all future app usage
• Replaces previous policy versions

18. Governing Law and Jurisdiction

18.1 Applicable Law

This Privacy Policy is governed by:

• Local privacy laws in your jurisdiction
• GDPR for European users
• CCPA for California users
• Other applicable privacy regulations

18.2 Dispute Resolution

Any disputes regarding this policy:

• Will be resolved through direct communication
• May be subject to local privacy authorities
• Should be addressed to our privacy contact first

19. Definitions

19.1 Key Terms

• Personal Data: Any information relating to an identified or identifiable person
• Processing: Any operation performed on personal data
• Controller: The entity determining the purposes and means of processing
• Local Storage: Data stored on your device only
• Cloud Backup: Optional backup to cloud storage services you control

19.2 Technical Terms

• AES-256: Advanced Encryption Standard with 256-bit keys
• OAuth 2.0: Open standard for authorization
• GDPR: General Data Protection Regulation (EU)
• CCPA: California Consumer Privacy Act
• COPPA: Children’s Online Privacy Protection Act

20. Conclusion

20.1 Our Commitment

We are committed to:

• Protecting your privacy and data security
• Transparency in our data practices
• Minimal data collection and processing
• User control over personal information

20.2 Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@budgetflow.app

Effective Date: December 1, 2024
Last Updated: December 1, 2024

---

This Privacy Policy is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted in the app and on this page.