Privacy Policy — BudgetExplora

1. Who We Are

BudgetExplora ("the App", "we", "us", "our") is a personal finance application developed and operated by BudgetExplora. BudgetExplora is available exclusively on the Apple App Store for iPhone devices running iOS 17 or later.

For the purposes of data protection law, BudgetExplora acts as the data controller for personal data collected through the BudgetExplora application and any associated websites (including budgetexplora.com).

Data Controller Contact

BudgetExplora
Email: support@budgetexplora.shop
Website: budgetexplora.com

2. Data We Collect and Why

We collect data in three categories: data you provide directly, data generated by your use of the app, and data collected automatically for service operation.

2.1 Data You Provide Directly

Data Type	What It Is	Why We Collect It
Name / Display Name	Your first name, used to personalize your experience ("Good morning, Alex")	Personalization throughout the app
Email Address	Email used to create or sign in to your account	Authentication, account recovery, important service communications
Password (hashed)	If using email/password sign-in. Never stored in plain text.	Account security
Budget Data	Budget names, periods (weekly/monthly etc.), income amounts, start/end dates, currency preferences	Core app functionality — providing your budgeting system
Transaction Data	Transaction amounts, dates, categories, notes, payees, tags, transaction types	Core app functionality — tracking your financial activity
Account Data	Account names, types (checking, savings, credit, etc.), account balances	Core app functionality — managing your financial accounts
Category and Group Data	Custom budget categories, groups, colors, icons you create	Personalizing your budget structure
Financial Goals / Targets	Savings targets, debt payoff goals, goal amounts and dates	Goal tracking and AI insights
Debt Information	Debt names, balances, interest rates, minimum payments	Debt payoff feature functionality
Onboarding Answers	Responses to onboarding questions (financial goals, life stage, challenges)	Personalizing your experience, generating your initial plan

2.2 Authentication Data

BudgetExplora supports three sign-in methods. Depending on your choice, different data is received:

Apple Sign In: We receive an Apple-generated anonymized user identifier and, if you choose to share it, your email address. Apple does not share your name unless you explicitly provide it.
Google Sign In: We receive your Google account's email address, display name, and profile picture URL from Google's authentication service.
Email and Password: We receive and store the email address you provide. Passwords are hashed by Firebase Authentication and never accessible to us in plain text.

2.3 Automatically Collected Technical Data

Data Type	What It Is	Purpose
Device Type	iPhone model category	App compatibility and performance optimization
iOS Version	Operating system version	App compatibility
App Version	Which version of BudgetExplora you have installed	Debugging, update management
FCM Token	Firebase Cloud Messaging device token	Sending push notifications for bill reminders, partner alerts, and trial reminders
Crash Logs	Technical data about app crashes, collected anonymously via Firebase Crashlytics	Identifying and fixing bugs
Usage Events	In-app events like screen views, feature usage, subscription events (via Firebase Analytics)	Understanding how features are used, improving the product
RevenueCat Customer ID	Anonymous identifier used to manage your subscription	Subscription management

2.4 Data We Do NOT Collect

BudgetExplora does NOT collect: bank account numbers, credit card numbers, government IDs, social security numbers, biometric data, location data, contacts, photos, or any data from other apps on your device. We do not connect to your bank directly — all financial data is entered manually by you.

3. How We Use Your Data

We use your data for the following purposes, each grounded in a legitimate legal basis:

Purpose	Legal Basis (GDPR)	Description
Providing the App	Contract performance	Storing and syncing your budgets, transactions, accounts, and goals to deliver the core app experience
Account Management	Contract performance	Creating and maintaining your user account, authentication, account recovery
AI-Powered Insights (Explora)	Contract performance	Sending your financial data to our AI engine (Claude 3.5 Sonnet via Anthropic API) to generate personalized financial insights and analysis. See Section 4 for full details.
Push Notifications	Consent	Sending bill due date reminders, partner workspace notifications, trial end reminders, and optional financial check-in prompts. Only sent with your explicit permission.
Subscription Management	Contract performance	Managing your subscription status, trial periods, and entitlements via RevenueCat
Customer Support	Legitimate interest	Responding to your support requests and resolving issues with your account
Security and Fraud Prevention	Legitimate interest	Detecting and preventing unauthorized access, fraud, or abuse of the service
App Improvement	Legitimate interest	Analyzing anonymized, aggregated usage data to improve features and fix bugs. Individual financial data is never used for this purpose.
Legal Compliance	Legal obligation	Complying with applicable laws and responding to lawful requests from authorities

4. AI Engine (Explora) and Your Financial Data

BudgetExplora's AI feature — called "Explora" — is powered by Claude 3.5 Sonnet, an AI model developed by Anthropic. When you use Explora to ask questions about your finances, your financial data is included in the request sent to Anthropic's API.

What data is sent to Anthropic

When you use the Explora AI feature, we construct a structured "audit package" containing:

Your recent transaction history (amounts, dates, categories — no transaction descriptions unless you explicitly ask)
Your account balances and budget allocations
Your active workspace name and type (Personal or BudgetExplora Spaces/Shared)
Aggregate spending summaries by category
Your query (the question you asked Explora)

This data is sent to Anthropic's API endpoints in the United States for processing. The response is returned to your device and displayed in the app.

Anthropic's data handling

According to Anthropic's API usage policies, API inputs and outputs are not used to train Anthropic's models by default. You can review Anthropic's privacy policy at anthropic.com/privacy.

What we never send to Explora

Your name or email address is not included in financial audit packages
Data from your other apps or device
Data from a different workspace than the one currently active (workspace isolation is enforced)

Workspace Isolation: Explora operates in a "Sealed Room" mode — it can only see data from your currently active workspace. Personal workspace data is never mixed with BudgetExplora Spaces (shared) workspace data, and vice versa. This is enforced at the API construction level.

Opting out of AI features

The Explora AI feature is a premium feature that requires a subscription. You may choose not to use it at any time. Declining to use Explora does not affect your access to other app features.

5. Third-Party Services

BudgetExplora uses the following third-party services to operate. Each service has its own privacy policy:

Service	Provider	Purpose	Data Shared	Privacy Policy
Firebase Authentication	Google LLC	User authentication and account management	Email address, device identifiers	firebase.google.com/support/privacy
Firebase Firestore	Google LLC	Cloud sync of your budgets, transactions, and account data	All financial data you enter in the app	firebase.google.com/support/privacy
Firebase Cloud Messaging	Google LLC	Delivering push notifications to your device	FCM device token, notification content	firebase.google.com/support/privacy
Firebase Analytics	Google LLC	Anonymized usage analytics (screen views, feature events)	Anonymized event data, device type	firebase.google.com/support/privacy
Firebase Crashlytics	Google LLC	Crash reporting for bug fixes	Anonymized crash logs, stack traces	firebase.google.com/support/privacy
Firebase App Check	Google LLC	Preventing unauthorized access to our Firebase backend	App attestation tokens	firebase.google.com/support/privacy
RevenueCat	RevenueCat, Inc.	Subscription management, in-app purchase processing	User ID, subscription status, purchase events	revenuecat.com/privacy
Anthropic (Claude API)	Anthropic PBC	Powering the Explora AI financial analysis feature	Structured financial data when you use Explora (see Section 4)	anthropic.com/privacy
Google Sign In	Google LLC	Optional Google account authentication	Google account email, display name (only if you choose Google Sign In)	policies.google.com/privacy
Apple Sign In	Apple Inc.	Optional Apple ID authentication	Anonymized Apple user ID (Apple controls what email is shared)	apple.com/legal/privacy

We do not sell, rent, or share your personal data with any advertising networks, data brokers, or marketing platforms. BudgetExplora does not display advertisements.

6. Data Storage and Security

Where your data is stored

Your BudgetExplora data is stored in two places:

On your device: A local SwiftData database stores your data for offline access. This data is protected by iOS's built-in data protection (encrypted at rest when your device is locked).
Google Firebase (Cloud): Your data is synced to Firebase Firestore servers operated by Google LLC. Google's data centers are primarily located in the United States and the European Union. Firebase data is encrypted in transit (TLS) and at rest (AES-256).

International transfers

If you are located outside the United States, your data will be transferred to and processed in the United States (where our Firebase project and Anthropic's API are hosted). We rely on Google's and Anthropic's compliance with applicable data transfer mechanisms (including Standard Contractual Clauses for EU residents).

Security measures

Firebase App Check is enforced — only the legitimate BudgetExplora app can access our backend
All data in transit uses TLS 1.2 or higher
Passwords are hashed by Firebase Authentication and never accessible to us
Firebase security rules restrict each user to their own data only
Workspace isolation rules prevent Personal and BudgetExplora Spaces workspace data from mixing
RevenueCat handles all payment processing — we never receive or store payment card data

No system is 100% secure. While we implement strong security measures, no internet-based service can guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant authorities as required by law.

7. Data Retention

We retain your data for as long as you have an active BudgetExplora account or as needed to provide you with the service. Specifically:

Active account data: Retained for the duration of your account's existence
After account deletion: Your financial data (transactions, budgets, accounts) is deleted from Firebase within 30 days of account deletion. Some anonymized, aggregated analytics data (not linked to you) may be retained for product improvement.
Deleted workspace data: Data from workspaces you delete is removed within 30 days
Cached/churned accounts: If your account is inactive for 24 months with no sign-in, we may delete your data after providing 30 days' notice to your registered email address
Backup data: Firebase's internal backup retention is governed by Google's policies. Backups are typically cycled within 7 days.

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. We honor these rights regardless of your location.

Right	What It Means	How to Exercise
Access	Request a copy of the personal data we hold about you	Email support@budgetexplora.shop
Rectification	Correct inaccurate personal data	Update directly in the app, or email us
Erasure ("Right to be Forgotten")	Request deletion of your account and all associated data	Use "Delete Account" in app settings, or email us
Data Portability	Receive your data in a machine-readable format	Email support@budgetexplora.shop — we will provide a JSON export
Restriction of Processing	Request that we limit how we process your data	Email support@budgetexplora.shop
Object to Processing	Object to processing based on legitimate interests	Email support@budgetexplora.shop
Withdraw Consent	Withdraw consent for push notifications or other consent-based processing	iOS Settings → BudgetExplora → Notifications, or email us
Non-Discrimination (CCPA)	You will not receive different service quality for exercising your privacy rights	Automatic — we do not discriminate
Do Not Sell (CCPA)	We do not sell personal data. This right is already honored by default.	Not applicable — we never sell data

We will respond to all rights requests within 30 days. For complex requests, we may extend this period by a further 60 days, but will notify you within the initial 30 days if an extension is required.

EU/EEA residents have the right to lodge a complaint with their national data protection authority if they believe their rights have been violated.

9. Children's Privacy (COPPA)

BudgetExplora is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you are under 13, you may not use BudgetExplora.

If you are aged 13–17, you must have a parent or guardian's consent before creating an account. By creating an account, you confirm that you are at least 13 years old and, if between 13 and 17, that you have obtained parental consent.

If we learn that we have inadvertently collected personal data from a child under 13, we will delete that data promptly. If you believe we may have collected data from a child under 13, please contact us immediately at support@budgetexplora.shop.

10. Location Data and Transaction Tagging (Optional)

BudgetExplora offers an absolutely optional location tagging feature that allows you to associate a geographical location, address, or merchant name with your transactions. This helps you track where your spending occurs and analyze spatial financial trends.

Strict Local Processing (By Default): By default, all location information you assign to a transaction is processed and stored strictly locally on your iOS device within the app's secure SwiftData sandbox. BudgetExplora does not track your real-time GPS location in the background, and we do not collect or sell your location history.

Cloud Backup and Synchronization: If you use our real-time cloud synchronization features (such as secure Firebase backups or collaborative shared spaces in BudgetExplora Spaces), the location tags, merchant addresses, or geographical coordinates that you manually assign to transactions will be encrypted and transmitted to our secure servers solely to back up your budget ledger and synchronize it across your authorized devices or with your invited workspace partner. This data is never shared with third-party advertisers or used for profiling.

Control and Deletion: You can edit, remove, or completely delete location tags from any transaction at any time. If you delete a transaction or delete your account, all associated location data is permanently deleted from your local device and our cloud servers.

11. Partner/Couple Workspace (BudgetExplora Spaces)

BudgetExplora includes an optional shared workspace feature called "BudgetExplora Spaces" that allows two users to share a collaborative budget. When using BudgetExplora Spaces:

Financial data you enter in the BudgetExplora Spaces workspace is visible to your invited partner(s)
Your partner's display name and email address may be visible to you in the shared workspace
Actions in the shared workspace (transactions, allocations) are attributed to the user who performed them
Push notifications may be sent to both workspace members for shared budget activities
Your Personal workspace remains completely separate and private from your BudgetExplora Spaces workspace

By accepting an invitation to a BudgetExplora Spaces workspace, you consent to your financial data in that workspace being visible to other members. You may leave a BudgetExplora Spaces workspace at any time through the app settings, which will revoke your access to the shared data.

Invite codes are generated uniquely and expire. We do not store your invite codes after they are used or expired.

12. Push Notifications

BudgetExplora may send the following types of push notifications, all of which require your explicit permission granted through iOS:

Bill due date reminders: Reminders you configure for upcoming bills and recurring transactions
Partner workspace notifications: Alerts when your BudgetExplora Spaces workspace partner makes a significant financial action
Trial end reminder: A single notification sent 1 day before your free trial ends (as promised in our subscription flow)
Daily check-in reminder: Optional reminders you configure for your 5-minute daily financial check-in
Financial insights: Optional notifications when Explora has a new insight for you

You can manage notification permissions at any time in your iPhone's Settings app under BudgetExplora. Revoking notification permissions does not affect your access to the app or any of its features.

Notification content is generated on our servers using your account data. Notification payloads are transmitted via Firebase Cloud Messaging and Apple Push Notification Service (APNs). We do not share notification content with third parties beyond these required transmission intermediaries.

13. Summit of Legends & Leaderboards

BudgetExplora features an optional, competitive gamification element known as the Summit of Legends (or "Leaderboards"), designed to motivate users in their financial journey. To protect your absolute privacy, this feature is built with privacy-first principles:

No Collection or Sharing of Financial Data: We do not collect, store, share, or display any actual financial data (such as account balances, income, transaction details, expenses, or category names) for the leaderboards. Your personal financial information remains entirely private and local to your device (or shared with your partner in BudgetExplora Spaces).
Financial Power Score (FPS): Users on the leaderboards are ranked solely using an abstract, non-monetary, and dimensionless calculation called the Financial Power Score (FPS). The FPS measures your financial discipline, envelope budgeting consistency, savings rate progress, and breathing room optimization. It is a mathematical score that reflects budgeting habits rather than the actual amount of money you earn or spend.
Complete User Anonymization: To protect your identity, all leaderboard standings are fully anonymized. The App assigns you a randomized default alias (e.g., BreathingRoomHero-492) and a system-generated abstract avatar. Your real name, email address, profile picture, and device details are never exposed to other users or public leaderboards.
Entirely Optional: Participation in the Summit of Legends/Leaderboards is 100% voluntary. You can choose to opt in or opt out at any time by navigating to App Settings → Leaderboard Options. If you opt out, your score will not be calculated or uploaded, you will immediately disappear from all leaderboards, and your account will remain entirely invisible to other players.

14. Account Deletion

You have the right to permanently delete your BudgetExplora account at any time. Account deletion is available directly within the app:

How to delete your account: Open BudgetExplora → More → Settings → Account → Delete Account

When you delete your account:

Your account is immediately deactivated and you will be signed out
All your financial data (transactions, budgets, accounts, categories, goals) will be permanently deleted from Firebase within 30 days
Your local device data will be deleted immediately
Any active subscription must be separately cancelled in iOS Settings → Subscriptions (account deletion does not automatically cancel your Apple subscription)
Data shared in a BudgetExplora Spaces workspace will be retained for other workspace members until they also delete their accounts
We will retain minimal records (email address, deletion timestamp) for legal compliance purposes for up to 7 years

Account deletion is irreversible. We recommend exporting your data before deleting your account by contacting support@budgetexplora.shop.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Send a notification to your registered email address for significant changes
Display an in-app notification on your next app launch

Your continued use of BudgetExplora after a policy update constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you should stop using the app and delete your account.

16. Contact Us

Privacy Requests and Questions

Email: support@budgetexplora.shop
Subject line: Include "Privacy Request" for data rights requests
Response time: We aim to respond within 5 business days, and always within 30 days for formal rights requests
Website: budgetexplora.com

For users in the European Economic Area, you also have the right to contact the data protection supervisory authority in your country of residence.