MyBudgetSign in

Privacy Policy

Last updated: April 2026

1. Overview

Your privacy matters to us. This policy explains what data MyBudget collects, how it is used, and your rights regarding that data.

2. Data We Collect

MyBudget stores the following data:

  • Account information: Name, email address, and hashed password (bcrypt, cost factor 12).
  • Financial data: Expense and income entries including date, category, vendor/source, amount, and optional notes.
  • Team data: Team membership and invitation records if you use the team/family feature.

3. How Your Data Is Used

Your data is used exclusively to:

  • Authenticate you and manage your account.
  • Display your expense and income records, charts, and reports.
  • Generate exports in CSV, Excel, and PDF formats.
  • Share financial data within your team or family group (if applicable).

4. Third-Party Sharing

None. MyBudget does not sell, share, or transmit your data to third-party services, analytics platforms, or advertising networks.

5. Cookies

MyBudget uses a single session cookie (HttpOnly, Secure, SameSite) to maintain your authenticated session. No tracking cookies, analytics cookies, or third-party cookies are used.

6. Data Retention

Your data is retained for as long as your account exists. When you delete your account, all associated data is scheduled for permanent deletion within 30 days. During this period you may cancel the deletion and restore your account.

7. Your Rights

You have the right to:

  • Access: View all data associated with your account via the dashboard and export features.
  • Export: Download all your data in CSV, Excel, or PDF format at any time.
  • Rectification: Edit any of your expense or income records at any time.
  • Erasure: Delete individual records or request complete account deletion from Settings.
  • Data portability: Export your data in standard formats (CSV, XLSX) for use in other applications.

8. Data Security

  • Passwords are hashed using bcrypt with a cost factor of 12.
  • Sessions use JWT tokens with 30-day expiry.
  • All state-mutating operations require authentication.
  • HTTP security headers (CSP, X-Frame-Options, HSTS) are enforced.
  • Rate limiting protects against brute-force attacks.

9. Children's Privacy

MyBudget is not intended for use by children under 13. We do not knowingly collect personal information from children.

10. Contact

For privacy-related questions or to exercise your data rights, contact us at admin@appbox.app or through our Contact Us page.