This Privacy Policy explains how MyAutoBudget ("the Service," "we," "us," or "our") handles your information. MyAutoBudget is operated by an independent developer based in Arizona, United States. We believe in transparency, so this policy is written in plain language and we are candid about what we have and have not built yet.
1. What We Collect
Account information: When you sign up we collect an email address, a display name, and a password. Your password is stored as a one-way cryptographic hash — we never store or have access to your plaintext password.
Financial data you enter: Accounts, balances, bills, income sources, allocation buckets, savings goals, and similar records. All of this data is entered by you and stored solely to provide the budgeting features you signed up for.
Plaid data (optional): If you choose to connect a bank account through our Plaid integration, we receive account balances, transaction data, and account metadata (such as APRs) from Plaid on your behalf. We do not receive or store your bank login credentials — those are handled entirely by Plaid under their own privacy policy.
Server logs: We collect minimal server access logs (IP address, request timestamp, and URL path) for security and debugging purposes. These logs are retained for no more than 30 days.
2. How We Use Your Data
We use your data solely to operate and improve the Service for you. This includes generating your budget dashboard, running calculations and projections, and sending transactional emails (such as password-reset links). We do not analyze, mine, profile, or monetize your personal financial data in any way.
3. We Do Not Access Your Data
Your financial data is stored in an isolated, per-user database. We do not access, review, or inspect individual user data in the normal course of operations. The only circumstance under which we would access your data is to diagnose a specific technical issue that you report to us, and only with your explicit knowledge and consent.
4. Security and Privacy Maturity
We want to be upfront about the current maturity of our security and privacy infrastructure. The following protections have been implemented and are active:
- Encryption at rest — all financial data (account balances, bill amounts, income figures, savings goals, and similar fields) is encrypted at the application layer using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256) before being written to the database. Plaid access tokens are also encrypted at rest.
- Self-service data export — you can download a complete copy of all your data in JSON format from the Profile page at any time, with no need to contact us.
- Self-service account deletion — you can permanently delete your account and all associated data from the Profile page. Deletion is immediate, requires password confirmation, and removes your authentication record, all sessions, and your entire per-user database.
The following protection is not yet implemented:
- Third-party security audits — the Service has not undergone a formal penetration test or independent security audit.
Please factor this limitation into your decision about what data to enter into the Service.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing or advertising. We share data only in these limited circumstances:
- Plaid (if you opt in) — to retrieve bank balances and transaction data. Plaid acts as a data processor on your behalf.
- Email delivery — we use a transactional email service to send password-reset links. The service receives only your email address and the message content.
- Legal obligations — we may disclose data if required by law, regulation, subpoena, or valid legal process.
6. Data Retention and Deletion
We retain your data for as long as your account is active. You can delete your account and all associated data at any time from the Profile page — deletion is immediate and permanent. Alternatively, you can email colorfinger@gmail.com and we will complete the deletion within 30 days. Once deleted, your data cannot be recovered.
7. Breach Notification
If we become aware of a security breach that compromises your personal data, we will notify affected users by email within 72 hours of confirming the breach. The notification will describe the nature of the breach, the data involved, the steps we are taking to address it, and any steps you should take to protect yourself.
8. Cookies and Tracking
We use a single, strictly necessary session cookie to keep you signed in. We do not use analytics cookies, advertising trackers, or any third-party tracking scripts. We do not participate in cross-site tracking or behavioral advertising. There are no third-party pixels, tags, or SDKs on any page of the Service.
9. Security Measures
We take the following measures to protect your data:
- Passwords are hashed with a modern, salted one-way algorithm.
- All connections are encrypted in transit via HTTPS/TLS.
- All financial data is encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256).
- CSRF tokens protect against cross-site request forgery.
- Each user's financial data is stored in an isolated database, separate from every other user.
- Session tokens are cryptographically random and expire after a configurable period.
- Rate limiting is applied to login attempts to mitigate brute-force attacks.
No system is perfectly secure. The Service has not yet undergone a third-party security audit (see Section 4).
10. Your Rights
Depending on your location, you may have rights under applicable privacy laws (such as CCPA if you are a California resident, or GDPR if you are in the EU/EEA). These may include the right to access, correct, delete, or port your data, or to object to certain processing. You can exercise your right to data portability and account deletion directly from the Profile page. For all other requests, email colorfinger@gmail.com. We will respond within 30 days.
11. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If we learn that we have inadvertently collected data from someone under 18, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email or by a prominent notice within the Service at least 14 days before the changes take effect, and we will update the effective date at the top of this page. Continued use of the Service after the notice period constitutes acceptance of the revised policy.
13. Governing Law
This Privacy Policy is governed by the laws of the State of Arizona, United States.
14. Contact
Questions about this policy, your data, or a privacy concern? Email us at colorfinger@gmail.com.