Privacy Policy

Last updated: February 10, 2026

Your privacy matters. My.Budget ("we," "us," or "our") is operated by 7ST. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the My.Budget mobile application and related services (collectively, the "Service"). This policy is designed to comply with applicable data protection laws in the United States, the European Union (GDPR), the United Kingdom (UK GDPR), and Switzerland (nFADP/DSG).

1. Data Controller

The data controller responsible for your personal data is:

7ST
Email: privacy@budgetcoach.app

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your data as the data controller under the GDPR, UK GDPR, and the Swiss Federal Act on Data Protection (nFADP/DSG), respectively.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, and password when you create an account.
Financial Data: Income and expense transactions, savings goals, bill details, and currency preferences that you manually enter into the app.
AI Coach Conversations: Messages you send to the AI Financial Coach feature to receive personalized financial advice.
Payment Information: When you subscribe to My.Budget Full Access, payment processing is handled by Stripe. We do not store your credit card numbers or bank account details on our servers.
Communications: Any information you provide when contacting us for support.

2.2 Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers, and mobile network information.
Usage Data: Features used, pages visited, time spent in the app, crash reports, and performance data.
Analytics Data: We use Google Analytics to collect aggregated, anonymized usage statistics on our website.
Log Data: IP address, browser type, access times, and referring URLs when you visit our website.

2.3 Information We Do Not Collect

We do not connect to your bank accounts or financial institutions.
We do not access your contacts, camera, microphone, or location.
We do not collect biometric data.
We do not track you across other apps or websites for advertising purposes.

3. Legal Basis for Processing (EEA, UK, and Switzerland)

Under the GDPR, UK GDPR, and the Swiss nFADP, we process your personal data based on the following legal grounds:

Purpose	Legal Basis
Providing and operating the Service	Performance of a contract (Art. 6(1)(b) GDPR)
Processing payments	Performance of a contract (Art. 6(1)(b) GDPR)
AI-powered financial coaching	Performance of a contract (Art. 6(1)(b) GDPR)
Analytics and service improvement	Legitimate interests (Art. 6(1)(f) GDPR)
Security and fraud prevention	Legitimate interests (Art. 6(1)(f) GDPR)
Legal compliance	Legal obligation (Art. 6(1)(c) GDPR)
Marketing communications (if opted in)	Consent (Art. 6(1)(a) GDPR)

4. How We Use Your Information

Service Delivery: To provide, maintain, and improve the My.Budget application, including dashboard analytics, transaction tracking, savings goals, and bill management.
AI Financial Coaching: To power the AI Coach feature, your financial data and conversation history are processed by OpenAI's API, a third-party service provider. Before using this feature, you are asked to review and explicitly consent to this data sharing. You may withdraw your consent at any time from the app's Settings under Privacy. The AI uses summarized financial context to provide personalized advice. We retain AI interaction summaries to improve advice quality over time.
Payment Processing: To manage subscriptions, process payments, and provide invoice history through our payment processor, Stripe.
Security: To detect, prevent, and address technical issues, fraud, and unauthorized access.
Communication: To respond to your inquiries and send service-related notices (e.g., subscription confirmations, security alerts).
Improvement: To analyze usage patterns (in aggregate) to improve our features and user experience.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only with:

Recipient	Purpose	Data Shared
Stripe, Inc.	Payment processing and subscription management	Email, subscription status, payment tokens
OpenAI	AI-powered financial coaching	Anonymized financial summaries, chat messages
Google Analytics	Website analytics	Anonymized usage data, cookies
Replit (hosting)	Application hosting and infrastructure	Data stored on servers as part of service operation

We may also disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of our users or the public.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer personal data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We rely on European Commission-approved Standard Contractual Clauses for transfers to third-party service providers.
UK International Data Transfer Agreement (IDTA): For transfers from the UK, we use the UK Addendum to the EU SCCs or the UK IDTA as appropriate.
Swiss-U.S. Data Privacy Framework: For transfers from Switzerland, we rely on the Swiss-U.S. Data Privacy Framework or other recognized transfer mechanisms under Swiss law.
EU-U.S. Data Privacy Framework: Where applicable, we rely on certifications under the EU-U.S. Data Privacy Framework.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy:

Account Data: Retained for as long as your account is active. Upon account deletion, personal data is deleted within 30 days, except where retention is required by law.
Financial Data: Transactions, goals, and bills are retained for as long as your account is active and deleted upon account deletion.
AI Coach Data: Conversation summaries used for improving advice quality are retained for as long as your account is active and anonymized or deleted upon account deletion.
Payment Records: Retained for up to 7 years as required by tax and financial regulations.
Analytics Data: Aggregated analytics data is retained indefinitely as it cannot be linked to individual users.

8. Your Rights

8.1 Rights Under GDPR, UK GDPR, and Swiss nFADP

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
Right to Restriction: Request that we limit processing of your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests, including profiling.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You may file a complaint with your local data protection authority (e.g., the FDPIC in Switzerland, the ICO in the UK, or your national DPA in the EU).

8.2 Rights Under U.S. State Privacy Laws

Depending on your state of residence (including but not limited to California, Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws), you may have additional rights:

Right to Know: What personal information we collect, use, disclose, and sell (we do not sell personal information).
Right to Delete: Request deletion of your personal information.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out: Opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising).
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

California Residents (CCPA/CPRA): We do not sell personal information as defined by the California Consumer Privacy Act. We do not use or disclose sensitive personal information for purposes other than providing the Service. In the preceding 12 months, we have collected the categories of personal information described in Section 2 above.

8.3 How to Exercise Your Rights

To exercise any of your rights, please contact us at privacy@budgetcoach.app. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). You may also delete your account and associated data directly through the app's Settings.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encrypted data transmission using TLS/SSL (HTTPS).
Secure password hashing using industry-standard algorithms.
Session-based authentication with secure, HTTP-only cookies.
Regular security reviews and updates.
Access controls limiting data access to authorized personnel only.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password for your account.

10. Children's Privacy

My.Budget is not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@budgetcoach.app and we will promptly delete the information.

11. Cookies and Tracking Technologies

Our website uses the following technologies:

Essential Cookies: Session cookies required for authentication and security.
Analytics: Google Analytics (with IP anonymization enabled) to understand website traffic. You may opt out by using the Google Analytics Opt-out Browser Add-on.

The My.Budget mobile app does not use advertising cookies or tracking pixels.

12. Third-Party Links

The Service may contain links to third-party websites or services (e.g., App Store, Google Play). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Automated Decision-Making

The AI Coach feature provides automated financial suggestions based on your data. These suggestions are informational only and do not constitute financial advice. No automated decisions with legal or similarly significant effects are made about you. You are always free to disregard AI suggestions and make your own financial decisions.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Data Protection Officer

For questions or concerns about this Privacy Policy or our data practices, or to exercise your data protection rights, please contact us:

Data Protection Contact
Email: privacy@budgetcoach.app

If you are located in the EU, UK, or Switzerland and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
European Union: Your national Data Protection Authority — Find your DPA

16. Apple App Store Privacy Details (Privacy Nutrition Label)

In accordance with Apple's App Store requirements, the following disclosures describe the data My.Budget collects, how it is used, whether it is linked to your identity, and whether it is used for tracking. This information corresponds to the Privacy Nutrition Label displayed on our App Store listing.

16.1 Data We Collect

Category	Data Type	Collected	Details
Contact Info	Name	Yes	Display name provided during account registration
Contact Info	Email Address	Yes	Used for account creation, authentication, and service communications
Financial Info	Other Financial Info	Yes	User-entered income, expenses, savings goals, bill amounts, and currency preferences
Financial Info	Payment Info	No	Payment is handled entirely by Stripe; we never access or store card numbers or bank details
Identifiers	User ID	Yes	Internal account identifier used to associate data with your account
Identifiers	Device ID	No	We do not collect device advertising identifiers or other device-level IDs
Usage Data	Product Interaction	Yes	Feature usage patterns used by the AI Coach to improve financial advice
Purchases	Purchase History	Yes	Subscription status (free or Pro) managed through Stripe
User Content	Customer Support	Yes	Data provided in optional support requests via email
User Content	Other User Content	Yes	AI Coach chat messages and financial notes entered by the user
Diagnostics	Crash Data	Yes	Crash logs to identify and fix app issues
Diagnostics	Performance Data	Yes	App launch time, response times, and resource usage

16.2 Data We Do NOT Collect

The following Apple privacy categories are not collected by My.Budget:

Health & Fitness: No health or fitness data
Location: No precise or coarse location data
Sensitive Info: No racial, ethnic, sexual orientation, disability, religious, political, genetic, or biometric data
Contacts: No access to your phone contacts or address book
Photos or Videos: No access to your camera or photo library
Audio Data: No voice or sound recordings
Emails or Text Messages: No access to your email or SMS
Browsing History: No tracking of websites visited outside the app
Search History: No search data is collected or stored
Surroundings / Body: No environment scanning, hand, or head tracking
Advertising Data: No advertisement-related data

16.3 How Collected Data Is Used

Data Type	App Functionality	Product Personalization	Analytics	Advertising	Tracking
Name	Yes	No	No	No	No
Email Address	Yes	No	No	No	No
Other Financial Info	Yes	Yes	No	No	No
User ID	Yes	No	No	No	No
Product Interaction	Yes	Yes	Yes	No	No
Purchase History	Yes	No	No	No	No
Chat Messages	Yes	Yes	No	No	No
Crash Data	Yes	No	Yes	No	No
Performance Data	Yes	No	Yes	No	No

16.4 Data Linked to Your Identity

The following data types are linked to your identity (your account):

Contact Info: Name and email address (linked to your account for authentication and service delivery)
Financial Info: Income, expenses, goals, and bills (linked to your account for data persistence and personalization)
Identifiers: User ID (inherently linked to your identity)
Purchases: Subscription status (linked to your account for feature access)
User Content: AI Coach messages (linked to your account for personalized advice)

16.5 Data NOT Linked to Your Identity

Diagnostics: Crash data and performance data are collected in aggregate and not linked to individual user identities
Usage Data: Aggregated product interaction analytics (on the website via Google Analytics with IP anonymization) are not linked to individual identities

16.6 Tracking

My.Budget does not track users. We do not link data collected from this app with third-party data for targeted advertising or advertising measurement purposes. We do not share data with data brokers. We do not use device advertising identifiers. We do not engage in cross-app or cross-site tracking.

16.7 Third-Party SDKs

My.Budget uses the following third-party SDKs, each with their own privacy practices:

SDK	Purpose	Data Accessed	Tracks Users
Stripe SDK	Payment processing and subscription management	Payment tokens, email, subscription status	No
OpenAI API	AI-powered financial coaching	Anonymized financial summaries, chat messages	No
Expo SDK	App framework and runtime	Device type, OS version (for compatibility)	No

None of our third-party SDKs are used for advertising or user tracking purposes. We maintain a privacy manifest as required by Apple for third-party SDK transparency.

16.8 Summary for App Store Connect

Quick reference for App Store privacy responses:

Data Used to Track You: None
Data Linked to You: Contact Info (Name, Email), Financial Info, User ID, Purchases, User Content (AI Coach messages)
Data Not Linked to You: Diagnostics (Crash Data, Performance Data), Usage Data (aggregated)

17. Jurisdiction-Specific Provisions

17.1 Swiss Federal Act on Data Protection (nFADP/DSG)

For Swiss residents, this policy also serves as the required data protection information under Articles 19-21 of the Swiss Federal Act on Data Protection (nFADP). We process your data in accordance with the principles of lawfulness, good faith, proportionality, and purpose limitation as set out in the nFADP.

17.2 UK Data Protection

For UK residents, references to the GDPR in this policy include the UK GDPR (the retained EU law version of the GDPR as incorporated into UK law by the Data Protection Act 2018). Your rights and our obligations are governed by the UK GDPR and the Data Protection Act 2018.

17.3 U.S. Federal and State Laws

We comply with applicable U.S. federal and state data protection laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other applicable state privacy laws.