1. Data Controller
Budgium is operated by an individual developer based in the European Union. For purposes of data protection law, I am the data controller responsible for your personal data.
Contact: privacy@budgium.app
As an individual operator processing data on a small scale, I am not required to appoint a Data Protection Officer under GDPR Article 37. However, you may contact me directly with any privacy concerns.
2. Information We Collect
2.1 Account Information
When you create an account via Auth0, we receive:
- •Email address
- •Name (if provided)
- •Profile picture (if using social login)
- •Auth0 user identifier
2.2 Financial Data
Data you enter into the application:
- •Transaction records (amounts, dates, descriptions, merchants)
- •Categories and tags you create or assign
- •Wallet and account names and balances
- •Budget configurations and goals
- •Imported bank statement data (PDF, images, spreadsheets)
- •Currency preferences
2.3 AI Conversations
When using the chat assistant:
- •Messages you send to the AI assistant
- •AI responses generated for you
- •Conversation history (stored for continuity)
2.4 API Keys (Optional - BYOK Feature)
If you choose to provide your own API keys:
- •OpenAI API key
- •Anthropic API key
- •Scaleway API key
- •Ollama API key
Security Note: Your API keys are encrypted at rest using AES encryption (Fernet) before storage. They are only decrypted in memory when making API calls on your behalf. However, we still recommend creating tokens with appropriate restrictions and usage limits! We are not responsible for token leaks or excessive usage.
2.5 Technical Data
- •IP address (for rate limiting and security)
- •Browser type and version
- •Device information
- •Access timestamps
3. Legal Basis for Processing
Under GDPR Article 6, we process your data on the following legal bases:
| Data Type | Legal Basis |
|---|---|
| Account information | Contract performance (Art. 6(1)(b)) - required to provide your account |
| Financial data | Contract performance (Art. 6(1)(b)) - core service functionality |
| AI conversations & document uploads | Consent (Art. 6(1)(a)) - optional feature you choose to use |
| API keys (BYOK) | Consent (Art. 6(1)(a)) - you explicitly provide and can withdraw anytime |
| Technical/security data | Legitimate interest (Art. 6(1)(f)) - to protect against fraud, abuse, and security threats |
Our contract with you is defined in our Terms of Service.
4. How We Use Your Information
- •Service Delivery: Provide budget tracking, analytics, and AI assistant features
- •Transaction Processing: Categorize, store, and display your financial data
- •AI Features: Generate insights, process chat messages, auto-categorize transactions
- •Import Processing: Extract transaction data from uploaded documents
- •Security: Detect and prevent fraud, abuse, and unauthorized access
- •Service Improvement: Fix bugs, improve performance (using aggregated, anonymized data only)
- •Communications: Send service-related notifications (password resets, security alerts)
We do not: Sell your data, use it for advertising, model training or share it with data brokers.
5. Data Sharing and Third Parties
We share data only with the following service providers, who are bound by data processing agreements:
Auth0 (Okta, Inc.)
Purpose: Authentication and identity management
Data Shared: Email, name, login events
Location: United States (EU-US Data Privacy Framework certified)
Hetzner Online GmbH
Purpose: Server hosting and infrastructure
Data Shared: All application data (stored on their servers)
Location: Finland (European Union)
Cloudflare, Inc.
Purpose: CDN, DDoS protection, SSL termination
Data Shared: IP addresses, request metadata (in transit)
Location: Global network (EU-US Data Privacy Framework certified)
OpenAI / Anthropic / Scaleway / Ollama (BYOK Feature Only)
Purpose: AI processing when you provide your own API key
Data Shared: Chat messages, transaction context for AI processing
Location: United States / Europe / Your server (Ollama)
Note: Only activated when you explicitly provide and enable your own API key. Review their privacy policies for data handling practices.
We may also disclose data if required by law, court order, or to protect our legal rights.
6. Data Storage and Location
Primary Data Location: European Union (Finland)
Your financial data and account information are stored on servers located in Hetzner data centers in Finland, within the European Union.
International Transfers
Some data is processed by services in the United States:
- •Auth0: Authentication data - protected under EU-US Data Privacy Framework
- •Cloudflare: Request routing - protected under EU-US Data Privacy Framework
- •OpenAI/Anthropic/Scaleway/Ollama (BYOK): AI queries only if you enable this feature
7. Security Measures
We implement the following security measures to protect your data:
Encryption
- •In Transit: All connections use TLS 1.2+ (HTTPS enforced via Cloudflare)
- •At Rest: Sensitive data (API keys, refresh tokens) encrypted using AES (Fernet symmetric encryption)
- •Hashing: Tokens in blacklist stored as SHA-256 hashes (one-way transformation)
Authentication & Sessions
- •OAuth 2.0 via Auth0 with RS256 JWT validation
- •Backend-for-Frontend pattern: refresh tokens never reach your browser
- •HTTP-only, Secure, SameSite cookies for session management
- •Automatic session expiration after 30 days of inactivity
- •Token blacklisting for immediate session revocation on logout
Infrastructure Security
- •DDoS protection via Cloudflare
- •Rate limiting (per-user and per-IP)
- •CSRF protection using double-submit cookie pattern with HMAC
- •Database not exposed to public internet (internal Docker network)
- •SSH key authentication only (no password access to servers)
- •Regular security updates and monitoring
Access Controls
- •Principle of least privilege for all system access
- •Database authentication with strong passwords
- •Separate Redis databases for sessions, blacklist, and rate limiting
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & financial data | Until account deletion |
| AI conversation history | Until account deletion (or manual deletion) |
| Session data | 30 days (auto-expires) |
| Rate limiting data | 1 minute (auto-expires) |
| Server logs | 90 days |
| Database backups | 7 days (rolling) |
Upon account deletion request, your personally identifiable data is deleted within 30 days. Removal from backups occurs within 7 days as backups rotate.
9. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights:
Right of Access (Art. 15)
Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16)
Request correction of inaccurate personal data.
Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format (JSON/CSV export).
Right to Object (Art. 21)
Object to processing based on legitimate interests.
Right to Withdraw Consent (Art. 7)
Withdraw consent at any time (e.g., remove your BYOK API keys).
How to Exercise Your Rights
Contact us at privacy@budgium.app. We will respond within 30 days as required by GDPR.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence or where the alleged infringement occurred.
11. Automated Decision-Making
Budgium uses AI/ML for the following automated processing:
- •Transaction Categorization: AI suggests categories based on transaction descriptions
- •Document Processing: Extracting transaction data from uploaded bank statements
- •Chat Assistant: AI-generated responses to your financial questions
Important: None of this automated processing produces legal effects or similarly significantly affects you. All AI suggestions can be reviewed and modified by you. The system does not make autonomous financial decisions on your behalf.
12. Children's Privacy
Budgium is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please contact us at privacy@budgium.app and we will delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes:
- •We will update the "Last Updated" date at the top of this page
- •For material changes, we will notify you via email or in-app notification
- •Your continued use of Budgium after changes constitutes acceptance
14. Contact Information
For any questions about this Privacy Policy or to exercise your data protection rights: