隐私政策

Effective date: 2026-04-18

本隱私政策說明MyAutoBudget（「本服務」、「我們」）如何處理您的資訊。MyAutoBudget由Josh Jones營運，他是一位位於美國亞利桑那州的獨立軟體開發者。我們相信透明度，因此本政策以通俗語言撰寫，我們坦誠地說明了我們已經建構和尚未建構的內容。

1. 我們收集什麼

帳戶信息: 註冊時,我們會收集電子郵件地址、顯示名稱和密碼。您的密碼以單向加密雜湊的形式存儲——我們永遠不會存儲或訪問您的明文密碼。

您輸入的財務數據: 帳戶、余額、賬單、收入來源、分配桶、儲蓄目標和類似記錄。所有這些數據都由您輸入,僅用於提供您註冊的預算功能。

Plaid資料（選用）：如果您選擇透過我們的Plaid整合連接銀行帳戶，我們會代表您從Plaid接收帳戶餘額、交易資料和帳戶中繼資料（如年利率）。Plaid連線為唯讀——MyAutoBudget無法發起轉帳、進行付款或以任何方式修改您的銀行帳戶。我們不會接收或儲存您的銀行登入憑證——這些完全由Plaid根據其自身的隱私政策處理。

服務器和運營日誌： 我們維護有限的訪問和運營日誌（如IP地址、請求時間戳、URL路徑和錯誤信息），以用於安全、可靠性和濫用防止。這些日誌保留時間不超過30天。

2. 我們如何使用您的數據

我們使用您的數據來提供服務、維護可靠性和安全性、修復錯誤並改進預算功能和產品功能。這包括生成您的預算儀表板、運行計算和預測以及發送交易電子郵件(如密碼重置鏈接)。我們不會將您的個人財務數據用於廣告、跨用戶分析或出售給第三方。

我們可能會產生彙總的、去識別化的營運統計資料（例如錯誤率、功能使用次數或效能指標）以維護和改進服務。這些統計資料旨在不識別個別使用者，且不會出售給第三方。

3. 數據隔離和訪問

我們設計本服務使每個使用者的財務記錄與其他使用者的記錄隔離。在MyAutoBudget的正常營運過程中，我們不會查看個別使用者的財務資料。由於本服務由小型獨立提供商營運，營運者對底層基礎設施擁有管理存取權限。在合理必要時，可能會存取帳戶資料，以提供支援、調查已報告的問題、維護或保護服務、遵守法律義務或應對安全事件。當需要與支援相關的存取來處理您報告的特定問題時，我們將在切實可行時做出合理努力通知您。

4. 安全與隱私成熟度

我們希望坦誠地說明我們安全和隱私基礎設施的當前成熟度。以下保護措施已實施並處於活躍狀態：

• 靜止加密 — 敏感財務字段和Plaid訪問令牌在寫入持久存儲之前在應用層進行加密。加密密鑰與數據庫文件分開存儲。
• 自助資料匯出 — 您可以隨時從個人資料頁面以JSON格式下載所有資料的完整副本，無需聯繫我們。
• 自助賬戶刪除 — 您可以從個人資料頁面永久刪除您的賬戶和所有關聯數據。刪除需要密碼確認，並從活動應用程序存儲中刪除您的身份驗證記錄、所有會話和用戶財務數據。
• 按用戶數據隔離 — 每個用戶的財務記錄在邏輯上與其他用戶的記錄隔離，我們當前的存儲架構將用戶財務數據按用戶分開。
• 傳輸中的HTTPS/TLS — 與服務的所有連接都已加密。
• 密碼雜湊 — 密碼使用現代的鹽化單向雜湊演算法存儲。
• CSRF保護 — 跨站點請求偽造令牌應用於狀態更改請求。
• 會話安全 — 會話令牌在密碼學上是隨機的，在可配置的時間段後過期。
• 登錄速率限制 — 蠻力登錄嘗試受到限制。

以下保護措施尚未實施：

• 獨立安全審計 — 該服務尚未經過正式滲透測試或獨立安全審計。

沒有任何系統是完全安全的。在決定向服務中輸入哪些數據時，請考慮這些限制。

5. 在連接銀行帳戶之前

MyAutoBudget是一款獨立的預算工具，處於公開測試版。它不是銀行，也未經過獨立的安全審計。如果您選擇通過Plaid連接金融賬戶，應該以這種理解進行。您自己銀行賬戶中持有的資金仍然受您銀行的條款和保護。MyAutoBudget不提供FDIC或類似的存款保險。

6. 數據共享

我們不出售、出租或與第三方共享您的個人數據用於營銷或廣告目的。我們僅在以下有限情況下共享數據:

• Plaid（如果您選擇加入）——用於擷取帳戶餘額、交易資料和負債資訊（如信用卡年利率）。Plaid代表您作為資料處理方。請參閱Plaid的隱私政策了解他們如何處理您的銀行憑證。
• 電子郵件傳送 — 我們使用SMTP電子郵件服務來發送密碼重置鏈接。該服務僅接收您的電子郵件地址和郵件內容。
• 法律義務 ——如果法律、法規、傳票或有效的法律程序要求,我們可能會披露數據。

7. 數據保留和刪除

在您的帳戶保持活躍期間，我們會保留您的資料。您可以隨時通過個人資料頁面永久刪除您的帳戶及相關應用程式資料，需確認密碼。屆時我們將從活躍應用程式儲存中移除您的身分驗證記錄、工作階段和使用者財務資料。我們不會在刪除後刻意維護使用者可存取的長期財務資料備份，但有限的殘留資料可能暫時保留在短期日誌、基礎設施快照或等待正常過期或覆寫的系統中。在活躍系統中完成刪除後，我們無法恢復您的資料。通過個人資料頁面的自助刪除會在活躍應用程式系統中及時處理。如果您透過電子郵件向support@myautobudget.com提交刪除請求，我們將在30天內完成。

8. 違規通知

如果我們確認一個安全事件嚴重損害了您的個人數據，我們將毫不拖延地通知受影響的用戶，在可行的情況下在確認後72小時內通知。通知將描述事件的性質、當時了解的數據、我們正在採取的步驟以及在適當的情況下建議的保護措施。

9. 您的數據託管在何處

本服務運行在兩個獨立的基礎設施層上。應用層託管在美國（洛杉磯 / LAX 地區）的Fly.io基礎設施上。您的身份驗證資料和加密的財務記錄單獨儲存在Turso託管的 SQLite（libSQL）基礎設施上，該設施運行於 Amazon Web Services 的美國西部地區；靜態資料在到達 Turso 儲存之前在應用層進行加密。Fly.io 的安全實務在其安全文件中有所描述。

10. Cookie和跟踪

我們使用單個嚴格必要的會話Cookie來保持您的登錄狀態。我們不使用分析Cookie、廣告跟踪器或任何第三方跟踪腳本。我們不參與跨站點跟踪或行為廣告。服務的任何頁面上都沒有第三方像素、標籤或SDK。

11. 您的權利

根據您的所在地，您可能享有適用隱私法律賦予的權利（例如，如果您是加利福尼亞州居民，則為CCPA；如果您在歐盟/歐洲經濟區，則為GDPR）。這些權利可能包括存取、更正、刪除或轉移您資料的權利，或反對某些處理的權利。您可以直接透過個人資料頁面行使資料可攜性和帳戶刪除的權利。對於所有其他請求，請發送電子郵件至support@myautobudget.com。我們將在30天內回覆。

12. 兒童隐私

本服務不針對18歲以下的個人。我們不會有意收集未成年人的數據。如果我們發現不小心從18歲以下的人收集了數據,我們會立即刪除。

13. 對本政策的更改

我們可能不時更新本隱私政策。對於重大變更,我們將在變更生效前至少14天通過電子郵件或服務內的顯著通知通知您,並將更新本頁面頂部的有效日期。在通知期限後繼續使用該服務表示接受修訂的政策。

14. 管轄法

本隱私政策受美國亞利桑那州法律管轄。

15. 翻譯

本隱私政策可能提供英文以外的其他語言版本。在翻譯版本與英文版本之間存在任何衝突或不一致的情況下，英文版本應佔優先權。

16. 聯繫

對本政策、您的資料或隱私問題有疑問？請發送電子郵件至support@myautobudget.com。如需報告疑似安全問題，請發送電子郵件至support@myautobudget.com，主旨行為「安全問題」。

Service Availability

MyAutoBudget is currently available only to residents of the United States, Canada, and Mexico. Requests originating from other jurisdictions are blocked at the network layer using IP-based geolocation. If you access the Service from a sanctioned jurisdiction or a jurisdiction outside our service area, we may be required to refuse service and will display a notice to that effect under RFC 7725 (HTTP 451 Unavailable For Legal Reasons).

Categories of Personal Information We Collect

In the last twelve months we have collected the following categories of personal information, as those categories are defined by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Identifiers: your email address, display name, and an internal numeric user ID.
• Commercial information: your subscription status, billing history (processed by our payment processor, Stripe), and coupon redemptions.
• Internet or other similar network activity: the IP address of the devices you use to access the Service, browser user-agent, approximate country / region derived from your IP address, and request timestamps.
• Financial information you choose to enter: accounts, balances, bills, income, transactions, allocations, and goals that you record in the Service. All such fields are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256) with a key controlled by MyAutoBudget.
• Inferences: projections and insights derived algorithmically from the financial data you enter (for example, an ETA for a savings goal). Inferences are regenerated on demand and are not persisted across sessions.

How We Use Personal Information

We use the categories above exclusively to operate, secure, and improve the Service; to process your subscription; to send transactional email (such as password-reset and email-verification messages); and to comply with our legal obligations. We do not use personal information for advertising, for building profiles to sell to third parties, or for any purpose that is not reasonably necessary to deliver the Service you requested.

Sale or Sharing of Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding twelve months, and we have no present intention to do so.

You can record an opt-out of any future sale or sharing in two equally effective ways:

• Enable the checkbox on the Privacy Preferences section of your profile. This records a Do Not Sell or Share My Personal Information election on your account and appends a dated entry to our Consent Log.
• Browse with the Global Privacy Control (GPC) signal enabled in your browser or extension. We honor GPC as a legally-binding opt-out under California Civil Code § 1798.135(b)(1); the first authenticated request we receive with a valid Sec-GPC: 1 header automatically records a Do Not Sell / Share election on your account.

Your Rights as a US Resident

Depending on your state of residence you may have some or all of the following rights with respect to your personal information: the right to know what we have collected about you and how we use it; the right to access a copy of that information in a portable format; the right to correct inaccurate information; the right to delete your information; and the right to opt out of any sale or sharing. The exact scope of these rights depends on your state's statute (CCPA/CPRA for California; CPA for Colorado; CTDPA for Connecticut; UCPA for Utah; VCDPA for Virginia; and similar laws in other states).

You can exercise most of these rights directly in the Service:

• Access / portability: Profile → Download your data produces a JSON export of every record we hold about you.
• Correction: you can edit account identifiers on the Profile page and any financial record through the normal management screens.
• Deletion: the "Delete Account" control on the Profile page permanently removes your account and all associated financial data. We retain a one-way hash of the email address and the original account creation timestamp for the sole purpose of preventing abusive re-creation of free trials; this hash is not reversible and cannot be used to identify you.
• Opt-out of sale or sharing: see the preceding section.

To exercise any right that cannot be exercised through the self-service controls above, email us at privacy@myautobudget.com. We verify requests by requiring that you submit them from the email address of record on the account, and we will respond within forty-five (45) days of receiving a verifiable request as required by California Civil Code § 1798.130. You may designate an authorised agent to submit a request on your behalf; the agent must provide written proof of the designation, and we will in all cases verify the identity of the consumer directly.

Non-discrimination. We will not deny you service, charge you a different price, or provide you a different level or quality of service because you exercised any right under the CCPA, CPRA, or analogous state law.

Service Providers

We disclose personal information only to the following categories of service providers, each of which is bound by a written contract that limits their use of the information to the purpose for which we engaged them:

• Turso — managed SQLite (libSQL) hosting for the authentication database and the per-user financial databases. Turso operates on Amazon Web Services in the United States West region. Data at rest is encrypted at the application layer before it reaches Turso storage.
• Stripe, Inc. — subscription billing and payment processing. We never store your card number, expiry, or CVV; Stripe issues the charge directly and returns only a subscription identifier.
• Plaid Inc. — optional bank-account aggregation for users who choose to link an account. Plaid handles all contact with your financial institution; we receive only the normalised account and transaction data that you elect to share.
• SMTP relay — a transactional-email provider used to send password-reset and email-verification messages. Only your email address and the message body leave our infrastructure.
• Cloudflare, Inc. — DNS, DDoS mitigation, and (optionally) the geo-country header used to determine jurisdiction for service availability.

Global Privacy Control (GPC) & Browser Signals

In addition to honoring explicit opt-outs recorded via the Profile page, MyAutoBudget respects the Sec-GPC HTTP header defined by the Global Privacy Control working group as a legally-binding Do Not Sell / Share opt-out under California Civil Code § 1798.135 and corresponding provisions of the Colorado Privacy Act and Connecticut Data Privacy Act. A browser or browser extension that emits Sec-GPC: 1 on a request from an authenticated session will cause the Service to automatically record a Do Not Sell / Share election on that account; the election is reflected in the Consent Log and persists across future sessions.

We do not respond to the legacy "Do Not Track" browser header because that signal has been deprecated and carries no unambiguous legal meaning. GPC supersedes DNT for this purpose.

California Shine the Light (Civil Code § 1798.83)

We do not share personal information with third parties for their own direct-marketing purposes, so no "Shine the Light" disclosure is required. If this changes, we will update this policy and provide the statutorily-required notice.

California Civil Code § 1789.3 Notice

Under California Civil Code § 1789.3, users of the Service from California are entitled to the following consumer rights notice: the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254.

Mexico — LFPDPPP

Users in Mexico have rights of Access, Rectification, Cancellation, and Opposition ("ARCO" rights) under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares. The self-service export, edit, and delete controls described above satisfy the Access, Rectification, and Cancellation rights in full. To exercise the right of Opposition or to submit any ARCO request that cannot be satisfied by self-service, email privacy@myautobudget.com.

Canada — PIPEDA & Provincial Equivalents

Canadian users are protected by the Personal Information Protection and Electronic Documents Act and, where applicable, by provincial statutes (Quebec's Law 25, Alberta's PIPA, British Columbia's PIPA). We handle personal information in accordance with the ten Fair Information Principles and will respond to any access or correction request within thirty (30) days as required by section 8 of PIPEDA.

Consent Log & Version History

Each time you create an account, toggle a privacy preference, or transmit a browser-level opt-out signal, we append an immutable row to an internal Consent Log recording the event, the date, and the version of this Privacy Policy and of our Terms of Use in force at that moment. You can review the last ten entries in your own log from the Privacy Preferences section of your profile and request the full record as part of a data-subject access request.

Contact

For any privacy question, data-subject request, or notice of complaint, contact:

MyAutoBudget — Privacy
Email: privacy@myautobudget.com