Privacy Policy
Effective date: June 2026 · Version 2.0
1. Introduction
Custovia Inc., operating as BudgX ("BudgX," "we," "our," or "us"), is committed to protecting your privacy. This policy explains how we collect, use, share, and protect your personal and financial information when you use the BudgX web application and mobile apps (iOS & Android) (collectively, the "Service").
By using BudgX you agree to this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Information you provide directly:
- Account details — email address, display name, profile photo
- Manually entered transactions — amount, date, merchant, category
- Budget limits and savings goals you create
- Messages and questions sent to the AI coach
- Security settings, preferences, and notification choices
Financial data collected via Plaid:
When you choose to link a bank account, BudgX uses Plaid — a regulated financial data platform — to connect to your financial institution. Through Plaid we may receive:
- Transaction history (payee, amount, date, category, payment method)
- Account balances (current and available)
- Account identifiers (institution name, account type, last 4 digits)
- Investment holdings and portfolio values (if you link investment accounts)
- Liability information such as credit card balances, loan balances, minimum payments (if linked)
- Recurring transaction and subscription detection data
We receive this data on a read-only basis. BudgX cannot initiate transfers, payments, or any transactions on your behalf. Your banking credentials (username, password) are entered directly into Plaid's interface and are never transmitted to or stored by BudgX. Plaid access tokens are encrypted at rest using AES-256-GCM before storage.
Bank linking is entirely optional. You can use BudgX by entering transactions manually. You can disconnect any linked account at any time from Settings → Connected Accounts.
Automatically collected data:
- Device type, operating system, and app version
- IP address and approximate location (country/region)
- Usage patterns — which features you use and how often
- Error logs and crash reports (excluding financial data)
- Push notification tokens (for in-app alerts, if you opt in)
3. How We Use Your Information
We process your information for the following purposes and legal bases:
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the budgeting, goals, and AI coaching features | Performance of contract |
| Generating AI insights, spending nudges, and weekly reports | Performance of contract |
| Processing subscription payments via Stripe | Performance of contract |
| Sending transactional emails (password reset, receipts, alerts) | Performance of contract |
| Detecting fraud, security incidents, and abuse | Legitimate interest |
| Improving our product using anonymised, aggregated analytics | Legitimate interest |
| Complying with legal obligations (tax, regulatory) | Legal obligation |
| Sending marketing communications (product updates, tips) | Consent (opt-in; you can unsubscribe at any time) |
Automated decision-making: BudgX uses AI (powered by Anthropic Claude) to automatically categorise transactions, generate spending insights, and provide financial coaching. These are informational outputs to help you understand your finances — they do not produce legal or similarly significant effects. You can override any AI categorisation in the app.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share data only as follows:
| Service provider | Purpose | Data shared |
|---|---|---|
| Plaid (plaid.com) | Bank account connectivity | User consent token, institution selection. Plaid holds your bank credentials — we do not. |
| Anthropic (anthropic.com) | AI coaching, insights, categorisation | Anonymised spending summaries and your chat messages. Raw bank account numbers and full transaction lists are not sent. |
| Stripe (stripe.com) | Subscription payment processing | Email address, subscription plan. BudgX does not store full card numbers. |
| Google Firebase | Authentication, database, storage | All user profile and financial data stored on the platform. |
| Vercel | Web hosting and serverless compute | Request metadata (IP, user agent). Financial data is not logged in request bodies. |
| Resend | Transactional email delivery | Email address, email content (budget alerts, weekly reports). |
| Sentry | Error monitoring | Stack traces and error context. Financial data is excluded from error reports. |
We may also disclose your information (i) if required by law, court order, or regulatory authority; (ii) to protect the rights, safety, or property of BudgX or others; or (iii) in connection with a merger, acquisition, or sale of assets, in which case the acquirer will be bound by this policy.
5. International Data Transfers
BudgX is operated from the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States. We rely on the following safeguards for such transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers
- Processing by providers certified under applicable data transfer frameworks (where applicable)
By using BudgX you acknowledge that your data may be transferred to and processed in the United States and other countries where our service providers operate.
6. Data Security
We implement the following technical and organisational security measures:
- Encryption in transit: All connections use TLS 1.2 or higher (HTTPS enforced by Vercel; HTTP Strict Transport Security headers set)
- Encryption at rest: Plaid access tokens are encrypted using AES-256-GCM before storage in our database. Google Firebase uses AES-256 for all stored data.
- Access control: Firestore security rules enforce per-user data isolation — your data cannot be accessed by other users. Admin access requires Firebase service account credentials stored as encrypted environment variables.
- Authentication: Two-factor authentication (2FA) available for all user accounts. All staff access to production systems requires MFA.
- Read-only bank access: Plaid connections are provisioned with read-only permissions. BudgX cannot initiate any financial transactions.
- Monitoring: Real-time error monitoring (Sentry), rate limiting on all API endpoints, and Vercel access logs for anomaly detection.
Despite these measures, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@budgx.ai.
7. Data Retention
| Data type | Retention period |
|---|---|
| Account profile (email, name, preferences) | Duration of account; deleted within 30 days of account deletion request |
| Financial data (transactions, budgets, goals) | Duration of account; deleted within 30 days of account deletion request |
| Plaid access tokens | Deleted immediately when you disconnect an account; automatically revoked on account deletion |
| AI chat history | Duration of account; deleted within 30 days of account deletion |
| Billing and payment records | Up to 7 years for tax and legal compliance |
| Server and access logs | 90 days |
| Anonymised and aggregated analytics | Indefinitely (cannot be linked back to individuals) |
8. Your Privacy Rights
Depending on your location you may have the following rights. You can exercise most of these directly in the app at Settings → Privacy & data:
- Access: Request a copy of the personal data we hold about you.
- Portability: Download your data in JSON format from Settings → Privacy → Export data.
- Correction: Update inaccurate information from your profile settings.
- Deletion (right to be forgotten): Delete your account and all associated data from Settings → Privacy → Delete account. Data is permanently purged within 30 days.
- Restriction: Request that we limit how we process your data in certain circumstances.
- Objection: Object to processing based on legitimate interest (e.g. marketing).
- Withdraw consent: Where we rely on consent (e.g. marketing emails), you can withdraw it at any time. Withdrawing consent does not affect lawful processing before withdrawal.
- Disconnect bank accounts: Revoke Plaid access at any time from Settings → Connected Accounts. This immediately revokes our access to your bank data.
California residents (CCPA/CPRA): We do not sell or share your personal information for cross-context behavioural advertising. You have the right to know what data we collect, the right to delete, the right to correct, and the right to opt out of any future sale (we have no such programme). To exercise CCPA rights, contact us at privacy@budgx.ai.
EEA/UK residents (GDPR/UK GDPR): You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.
9. Cookies and Tracking
We use a small number of strictly necessary cookies:
- budgx_session — authenticates your API requests. Expires with your session or after 24 hours.
- budgx_subscription — stores your subscription status so we can gate Premium features without an extra API call on every page load.
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics that track you across the web. See our Cookie Policy for full details.
10. Children's Privacy
BudgX is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@budgx.ai and we will delete it promptly.
11. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policies of any third-party services you access.
12. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify you via email (to the address on your account) and/or a prominent notice in the app at least 30 days before the change takes effect. The "Effective date" at the top of this page reflects when the current version became active. Your continued use of BudgX after changes are effective constitutes acceptance of the updated policy.
13. Contact & Data Controller
The data controller responsible for your personal information is:
For data subject rights requests, you can also use the in-app tools at Settings → Privacy & data. We aim to respond to all requests within 30 days.