Privacy Policy

Effective date: 2026-04-18

This Privacy Policy explains how MyAutoBudget ("the Service," "we," "us," or "our") handles your information. MyAutoBudget is operated by Josh Jones, an independent software developer based in Arizona, United States. We believe in transparency, so this policy is written in plain language and we are candid about what we have and have not built yet.

1. What We Collect

Account information: When you sign up we collect an email address, a display name, and a password. Your password is stored as a one-way cryptographic hash — we never store or have access to your plaintext password.

Financial data you enter: Accounts, balances, bills, income sources, allocation buckets, savings goals, and similar records. All of this data is entered by you and stored solely to provide the budgeting features you signed up for.

Plaid data (optional): If you choose to connect a bank account through our Plaid integration, we receive account balances, transaction data, and account metadata (such as APRs) from Plaid on your behalf. The Plaid connection is read-only — MyAutoBudget cannot initiate transfers, make payments, or modify your bank account in any way. We do not receive or store your bank login credentials — those are handled entirely by Plaid under their own privacy policy.

Server and operational logs: We maintain limited access and operational logs (such as IP addresses, request timestamps, URL paths, and error information) for security, reliability, and abuse prevention. These logs are retained for no more than 30 days.

2. How We Use Your Data

We use your data to provide the Service, maintain reliability and security, fix bugs, and improve budgeting features and product functionality. This includes generating your budget dashboard, running calculations and projections, and sending transactional emails (such as password-reset links). We do not use your personal financial data for advertising, cross-user profiling, or sale to third parties.

We may generate aggregated, de-identified operational statistics (for example, error rates, feature usage counts, or performance metrics) to maintain and improve the Service. These statistics are designed not to identify individual users and are not sold to third parties.

3. Data Isolation and Access

We design the Service so that each user's financial records are isolated from those of other users. In the ordinary course of operating MyAutoBudget, we do not review individual user financial data. Because the Service is operated by a small independent provider, the operator has administrative access to the underlying infrastructure. Access to account data may occur when reasonably necessary to provide support, investigate a reported issue, maintain or secure the Service, comply with legal obligations, or respond to a security incident. When support-related access is needed for a specific issue you report, we will make reasonable efforts to inform you when practical.

4. Security and Privacy Maturity

We want to be upfront about the current maturity of our security and privacy infrastructure. The following protections have been implemented and are active:

• Encryption at rest — sensitive financial fields and Plaid access tokens are encrypted at the application layer before being written to persistent storage. The encryption key is stored separately from the database files.
• Self-service data export — you can download a complete copy of all your data in JSON format from the Profile page at any time, with no need to contact us.
• Self-service account deletion — you can permanently delete your account and all associated data from the Profile page. Deletion requires password confirmation and removes your authentication record, all sessions, and your user financial data from active application storage.
• Per-user data isolation — each user's financial records are logically isolated from those of other users, and our current storage architecture keeps user financial data separated on a per-user basis.
• HTTPS/TLS in transit — all connections to the Service are encrypted.
• Password hashing — passwords are stored using a modern, salted one-way hashing algorithm.
• CSRF protections — cross-site request forgery tokens are applied to state-changing requests.
• Session security — session tokens are cryptographically random and expire after a configurable period.
• Login rate limiting — brute-force login attempts are throttled.

The following protection is not yet implemented:

• Independent security audit — the Service has not undergone a formal penetration test or independent security audit.

No system is perfectly secure. Please consider these limitations when deciding what data to enter into the Service.

5. Before You Connect Bank Accounts

MyAutoBudget is an independent budgeting tool in public beta. It is not a bank and has not undergone an independent security audit. If you choose to connect financial accounts through Plaid, you should do so with that understanding. Funds held in your own bank accounts remain subject to your bank's terms and protections. MyAutoBudget does not provide FDIC or similar deposit insurance.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising. We share data only in these limited circumstances:

• Plaid (if you opt in) — to retrieve bank balances, transaction data, and liability information (such as credit card APRs). Plaid acts as a data processor on your behalf. See Plaid's privacy policy for details on how they handle your bank credentials.
• Email delivery — we use an SMTP email service to send password-reset links. The service receives only your email address and the message content.
• Legal obligations — we may disclose data if required by law, regulation, subpoena, or valid legal process.

7. Data Retention and Deletion

We retain your data while your account remains active. You may permanently delete your account and associated application data at any time from the Profile page, subject to password confirmation. We will then remove your authentication record, sessions, and user financial data from active application storage. We do not intentionally maintain long-term user-accessible backups of per-user financial data after deletion, but limited residual data may remain temporarily in short-lived logs, infrastructure snapshots, or systems pending normal expiration or overwrite. Once deletion has been completed in active systems, your data cannot be restored by us. Self-service deletion through the Profile page is processed promptly in active application systems. If you submit a deletion request by email to support@myautobudget.com instead, we will complete it within 30 days.

8. Breach Notification

If we confirm a security incident that materially compromises your personal data, we will notify affected users without undue delay and, where feasible, within 72 hours of confirmation. The notice will describe the nature of the incident, the data involved as then understood, the steps we are taking, and recommended protective actions where appropriate.

9. Where Your Data Is Hosted

The Service runs on two separate infrastructure tiers. The application tier is hosted on Fly.io in the United States (Los Angeles / LAX region). Your authentication data and encrypted financial records are stored separately on Turso managed SQLite (libSQL) infrastructure, which runs on Amazon Web Services in the United States West region; data at rest is encrypted at the application layer before it reaches Turso storage. Fly.io's security practices are described in their security documentation.

10. Cookies and Tracking

The Service uses a small number of strictly necessary browser cookies that are required for the Service to function. These are: a session cookie to keep you signed in (HttpOnly, SameSite=Lax); a CSRF-protection helper used by certain forms; a cookie that records your language and currency selection from the language switcher; and a cookie that records whether you have acknowledged this cookie notice. We do not use analytics cookies, advertising trackers, cross-site identifiers, fingerprinting, third-party tracking pixels, tags, or SDKs on any page of the Service. Because every cookie used by the Service is strictly necessary to deliver the Service you have requested, declining the cookie notice means we will not be able to sign you in or remember your settings, and the Service will not function. You can withdraw your acknowledgement at any time through the cookie banner that appears at the foot of every page once you have declined, or by clearing the cookie_consent cookie in your browser.

11. Your Rights

Depending on your location, you may have rights under applicable privacy laws (such as CCPA if you are a California resident, or GDPR if you are in the EU/EEA). These may include the right to access, correct, delete, or port your data, or to object to certain processing. You can exercise your right to data portability and account deletion directly from the Profile page. For all other requests, email support@myautobudget.com. We will respond within 30 days.

12. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If we learn that we have inadvertently collected data from someone under 18, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or by a prominent notice within the Service at least 14 days before the changes take effect, and we will update the effective date at the top of this page. Continued use of the Service after the notice period constitutes acceptance of the revised policy.

14. Governing Law

This Privacy Policy is governed by the laws of the State of Arizona, United States.

15. Translation

This Privacy Policy may be available in languages other than English. In the event of any conflict or inconsistency between a translated version and the English version, the English version shall control.

16. Contact

Questions about this policy, your data, or a privacy concern? Email us at support@myautobudget.com. To report a suspected security issue, email support@myautobudget.com with the subject line "Security Issue".

Service Availability

MyAutoBudget is currently available only to residents of the United States, Canada, and Mexico. Requests originating from other jurisdictions are blocked at the network layer using IP-based geolocation. If you access the Service from a sanctioned jurisdiction or a jurisdiction outside our service area, we may be required to refuse service and will display a notice to that effect under RFC 7725 (HTTP 451 Unavailable For Legal Reasons).

Categories of Personal Information We Collect

In the last twelve months we have collected the following categories of personal information, as those categories are defined by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Identifiers: your email address, display name, and an internal numeric user ID.
• Commercial information: your subscription status, billing history (processed by our payment processor, Stripe), and coupon redemptions.
• Internet or other similar network activity: the IP address of the devices you use to access the Service, browser user-agent, approximate country / region derived from your IP address, and request timestamps.
• Financial information you choose to enter: accounts, balances, bills, income, transactions, allocations, and goals that you record in the Service. All such fields are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256) with a key controlled by MyAutoBudget.
• Inferences: projections and insights derived algorithmically from the financial data you enter (for example, an ETA for a savings goal). Inferences are regenerated on demand and are not persisted across sessions.

How We Use Personal Information

We use the categories above exclusively to operate, secure, and improve the Service; to process your subscription; to send transactional email (such as password-reset and email-verification messages); and to comply with our legal obligations. We do not use personal information for advertising, for building profiles to sell to third parties, or for any purpose that is not reasonably necessary to deliver the Service you requested.

Sale or Sharing of Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding twelve months, and we have no present intention to do so.

You can record an opt-out of any future sale or sharing in two equally effective ways:

• Enable the checkbox on the Privacy Preferences section of your profile. This records a Do Not Sell or Share My Personal Information election on your account and appends a dated entry to our Consent Log.
• Browse with the Global Privacy Control (GPC) signal enabled in your browser or extension. We honor GPC as a legally-binding opt-out under California Civil Code § 1798.135(b)(1); the first authenticated request we receive with a valid Sec-GPC: 1 header automatically records a Do Not Sell / Share election on your account.

Your Rights as a US Resident

Depending on your state of residence you may have some or all of the following rights with respect to your personal information: the right to know what we have collected about you and how we use it; the right to access a copy of that information in a portable format; the right to correct inaccurate information; the right to delete your information; and the right to opt out of any sale or sharing. The exact scope of these rights depends on your state's statute (CCPA/CPRA for California; CPA for Colorado; CTDPA for Connecticut; UCPA for Utah; VCDPA for Virginia; and similar laws in other states).

You can exercise most of these rights directly in the Service:

• Access / portability: Profile → Download your data produces a JSON export of every record we hold about you.
• Correction: you can edit account identifiers on the Profile page and any financial record through the normal management screens.
• Deletion: the "Delete Account" control on the Profile page permanently removes your account and all associated financial data. We retain a one-way hash of the email address and the original account creation timestamp for the sole purpose of preventing abusive re-creation of free trials; this hash is not reversible and cannot be used to identify you.
• Opt-out of sale or sharing: see the preceding section.

To exercise any right that cannot be exercised through the self-service controls above, email us at privacy@myautobudget.com. We verify requests by requiring that you submit them from the email address of record on the account, and we will respond within forty-five (45) days of receiving a verifiable request as required by California Civil Code § 1798.130. You may designate an authorised agent to submit a request on your behalf; the agent must provide written proof of the designation, and we will in all cases verify the identity of the consumer directly.

Non-discrimination. We will not deny you service, charge you a different price, or provide you a different level or quality of service because you exercised any right under the CCPA, CPRA, or analogous state law.

Service Providers

We disclose personal information only to the following categories of service providers, each of which is bound by a written contract that limits their use of the information to the purpose for which we engaged them:

• Turso — managed SQLite (libSQL) hosting for the authentication database and the per-user financial databases. Turso operates on Amazon Web Services in the United States West region. Data at rest is encrypted at the application layer before it reaches Turso storage.
• Stripe, Inc. — subscription billing and payment processing. We never store your card number, expiry, or CVV; Stripe issues the charge directly and returns only a subscription identifier.
• Plaid Inc. — optional bank-account aggregation for users who choose to link an account. Plaid handles all contact with your financial institution; we receive only the normalised account and transaction data that you elect to share.
• SMTP relay — a transactional-email provider used to send password-reset and email-verification messages. Only your email address and the message body leave our infrastructure.
• Cloudflare, Inc. — DNS, DDoS mitigation, and (optionally) the geo-country header used to determine jurisdiction for service availability.

Global Privacy Control (GPC) & Browser Signals

In addition to honoring explicit opt-outs recorded via the Profile page, MyAutoBudget respects the Sec-GPC HTTP header defined by the Global Privacy Control working group as a legally-binding Do Not Sell / Share opt-out under California Civil Code § 1798.135 and corresponding provisions of the Colorado Privacy Act and Connecticut Data Privacy Act. A browser or browser extension that emits Sec-GPC: 1 on a request from an authenticated session will cause the Service to automatically record a Do Not Sell / Share election on that account; the election is reflected in the Consent Log and persists across future sessions.

We do not respond to the legacy "Do Not Track" browser header because that signal has been deprecated and carries no unambiguous legal meaning. GPC supersedes DNT for this purpose.

California Shine the Light (Civil Code § 1798.83)

We do not share personal information with third parties for their own direct-marketing purposes, so no "Shine the Light" disclosure is required. If this changes, we will update this policy and provide the statutorily-required notice.

California Civil Code § 1789.3 Notice

Under California Civil Code § 1789.3, users of the Service from California are entitled to the following consumer rights notice: the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254.

Mexico — LFPDPPP

Users in Mexico have rights of Access, Rectification, Cancellation, and Opposition ("ARCO" rights) under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares. The self-service export, edit, and delete controls described above satisfy the Access, Rectification, and Cancellation rights in full. To exercise the right of Opposition or to submit any ARCO request that cannot be satisfied by self-service, email privacy@myautobudget.com.

Canada — PIPEDA & Provincial Equivalents

Canadian users are protected by the Personal Information Protection and Electronic Documents Act and, where applicable, by provincial statutes (Quebec's Law 25, Alberta's PIPA, British Columbia's PIPA). We handle personal information in accordance with the ten Fair Information Principles and will respond to any access or correction request within thirty (30) days as required by section 8 of PIPEDA.

Consent Log & Version History

Each time you create an account, toggle a privacy preference, or transmit a browser-level opt-out signal, we append an immutable row to an internal Consent Log recording the event, the date, and the version of this Privacy Policy and of our Terms of Use in force at that moment. You can review the last ten entries in your own log from the Privacy Preferences section of your profile and request the full record as part of a data-subject access request.

Contact

For any privacy question, data-subject request, or notice of complaint, contact:

MyAutoBudget — Privacy
Email: privacy@myautobudget.com