Privacy Policy
Last updated: February 18, 2026
This Privacy Policy ("Policy") explains how Budget AI (referred to as "Service Provider", "Developer", "We", "Us") collects, uses, and protects the personal information of users ("User" or "you") of the Budget AI mobile application ("Application", "App"). This service is intended for use "AS IS".
Information Collection and Use
The Application collects information when you download and use it. This information may include:
- Your device's Internet Protocol address (e.g. IP address)
- The pages of the Application that you visit, the time and date of your visit, the time spent on those pages
- The time spent on the Application
- The operating system you use on your mobile device
- Device identifier (AppSet ID) for fraud prevention and premium subscription management
- Your email address (if you signed up)
- Images you choose to send for AI processing (e.g. photos of receipts or other documents)
The Application does not gather precise information about the location of your mobile device.
Types of Data Storage
The Application offers multiple data storage options, and the personal information collected depends on your chosen storage method:
Local Storage (Default)
By default, all your accounts/categories/transactions data is stored exclusively on your device and is not transmitted to any external servers or accessible by the Developer. When using local storage, all data remains on your device. Only voice input and images sent to AI services can be stored in app logs for fraud prevention purposes.
Cloud Sync (Optional)
When you create a Budget AI account and enable cloud sync, the following information is collected and stored:
- Account Information: Email address, authentication credentials
- Transaction Data: Date, description, amount, and category of your financial transactions
- App Data: Your accounts, categories, budgets, and settings
- Device Information: IP address, device type, and operating system for security and authentication purposes
Cloud data is stored using Appwrite's cloud infrastructure, which uses industry-standard encryption for data at rest and in transit.
User Identification
The Application uses AppSet ID to create an internal user identifier. This identifier is used for:
- Fraud prevention and security purposes
- Managing premium subscription status
- Syncing data across devices (when using cloud features)
This identifier does not collect personally identifiable information and is reset when you uninstall the Application.
Voice and Image Input Processing
The Application uses voice and image input to create transactions. Processing works as follows:
Voice Input
- Local Transcription: The Application uses built-in speech recognition (Android Speech Recognition or Apple Speech SDK) to transcribe your voice into text. The transcription happens locally on your device in most cases but could, under some circumstances, be sent to Google's or Apple's servers for processing.
- AI Interpretation: The transcribed text is sent to AI services for interpretation and categorization of transactions. No voice recordings are sent to AI services — only the text transcription.
- No Voice Storage: Voice recordings are processed in real-time and are not stored by the Developer or on any external servers.
Image Input
- Image Submission: You may choose to send images (e.g. photos of receipts, invoices, or other documents) for AI-powered processing. When you do so, the image is transmitted to third-party AI services (such as OpenAI or OpenRouter) for analysis.
- Data Extracted: AI services analyze the image to extract relevant transaction information such as amounts, dates, descriptions, and categories.
- No Permanent Image Storage by the Developer: The Developer does not permanently store the images you send for AI processing. Images are transmitted directly to the AI service provider for analysis and are not retained on the Developer's servers.
- Third-Party Retention: Images sent to AI services are subject to the data handling and retention policies of the respective AI service provider (see "Third-Party Services and APIs" section below). For example, OpenAI may retain API data for up to 30 days for abuse monitoring purposes.
- User Consent: Images are only sent to AI services when you explicitly initiate the action (e.g. by selecting an image and confirming the send). The Application does not automatically send images without your direct action.
- Sensitive Information: Please be mindful of the content in images you submit. Avoid sending images containing sensitive personal information (such as full credit card numbers, social security numbers, or other highly sensitive data) unless necessary for transaction processing.
User Responsibility for Submitted Data
You are solely and entirely responsible for all data you provide, enter, speak, capture, select, and submit through the Application, including but not limited to voice input, text input, images, transaction details, account information, and any other content.
The Developer does not control, review, filter, or moderate any data before it is processed locally or transmitted to third-party services. By using the Application and its features, you acknowledge and agree that:
- You voluntarily choose what data to provide, what to say via voice input, what to type, what to photograph, and what to submit for processing
- You understand that data submitted through the Application (including voice transcriptions, images, and text) may be transmitted to third-party AI services (such as OpenAI or OpenRouter) and is subject to those services' privacy policies and data handling practices, which are beyond the Developer's control
- You are solely responsible for ensuring that the data you submit does not contain personal, sensitive, confidential, or private information that you do not wish to share with third-party service providers
- The Developer assumes no responsibility or liability for any privacy, confidentiality, or security implications arising from the content of data you choose to submit, regardless of the input method (voice, text, image, or otherwise)
- The Developer is not liable for any consequences resulting from the exposure, processing, retention, or misuse of data you submit to or through third-party services
- You must not submit data containing personal information of third parties without their consent
- You are responsible for verifying the accuracy and appropriateness of all data before submitting it
The Developer strongly recommends that you only submit data strictly necessary for transaction processing and that you avoid providing sensitive personal information such as full bank card numbers, PINs, passwords, identity documents, social security numbers, medical records, or any other confidential data through any input method (voice, text, or image). When submitting images, crop or redact any unnecessary sensitive details before submission.
Third-Party Services and APIs
The Application utilizes the following third-party services:
Appwrite (for Cloud Sync users)
Appwrite is used as the backend infrastructure for cloud accounts. Key security features include:
- Data encryption at rest using AES encryption
- Data encryption in transit using TLS/SSL
- Secure authentication and session management
Appwrite's privacy policy can be reviewed at https://appwrite.io/privacy.
DigitalOcean (Cloud Infrastructure)
DigitalOcean provides the cloud infrastructure for hosting our backend services. Key security features include:
- SOC 2 Type II and SOC 3 Type II certified
- Data encryption at rest and in transit using TLS/SSL
- GDPR compliant with transparent data processing
- Cloud Security Alliance STAR Level 1 certification
- Virtual Private Cloud for network isolation
DigitalOcean's privacy policy and security information can be reviewed at Privacy Policy and Security.
OpenAI API (for AI transaction processing)
The transcribed text from voice input and/or images (e.g. receipt photos) are sent to OpenAI API for interpretation and categorization. Important information about OpenAI data handling:
- OpenAI does not store API data for more than 30 days
- OpenAI will not use API data to train its models
- Data is processed in real-time and not retained permanently
- Text transcriptions and images may be sent for processing; voice recordings are never sent
- Images sent via the API are subject to the same data handling policies as text data
You can read more about how OpenAI handles API data in their API data usage policies.
OpenRouter (AI model routing)
OpenRouter may be used as an alternative AI routing service for processing text and image inputs. OpenRouter acts as a proxy to various AI models and follows similar data handling practices. When images are sent via OpenRouter, they may be forwarded to the underlying AI model provider for processing. Their privacy policy is available at https://openrouter.ai/privacy.
Sentry (Error tracking)
Sentry is used for error tracking and performance monitoring. It collects crash reports and performance data to help improve the Application. Privacy policy: https://sentry.io/privacy/.
PostHog (Analytics)
PostHog is used for product analytics to understand how users interact with the Application. It collects usage data such as feature usage, session information, and user interactions to help improve the Application. Privacy policy: https://posthog.com/privacy.
Google AdMob (Advertising)
The free version of the Application displays advertisements provided by Google AdMob. AdMob may collect and use data for personalized advertising. You can opt out of personalized ads in your device settings. Privacy policy: https://policies.google.com/privacy.
Third-Party Data Handling Disclaimer
The Developer does not control and is not responsible for the privacy practices, data handling, data retention, security measures, or any actions of third-party service providers listed above. Once your data (including text, voice transcriptions, images, and any other content) is transmitted to a third-party service, it is governed solely by that service's privacy policy and terms. The Developer makes no representations or warranties regarding how third-party services process, store, retain, or protect your data. You acknowledge that you use the Application and its features at your own risk, and the Developer shall not be liable for any data breach, unauthorized access, data loss, or any other privacy or security incident occurring on the side of any third-party service provider.
Data Security
We implement multiple layers of security to protect your personal information:
- All communication between the App, backend services, and third-party APIs is encrypted using HTTPS/TLS/SSL
- For local storage users: Data is stored exclusively on your device using platform-specific secure storage mechanisms
- For cloud sync users: Data is encrypted at rest and in transit
- Authentication credentials are securely managed
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. The Developer cannot guarantee absolute security and is not liable for any unauthorized access to, or breach of, your data, whether stored locally, in the cloud, or processed by third-party services.
Data Retention
Personal information is retained as follows:
- Local Storage: Data is retained until you manually delete it from the App, uninstall the App, or reset your device
- Cloud Sync: Data is retained until you request deletion or delete your account
- Voice transcriptions: No voice data is retained by the Developer; transcriptions are processed in real-time
- Images: Images sent for AI processing are not permanently stored by the Developer. They are transmitted to third-party AI services and are subject to those services' retention policies
- OpenAI processing: OpenAI may retain data (including text and images sent via the API) for up to 30 days for abuse monitoring but they say that they does not use it for model training
If you'd like us to delete your data, please contact us at appsupp@yahoo.com and we will respond in a reasonable time.
Data Disclosure
The Service Provider may disclose User Provided and Automatically Collected Information:
- As required by law, such as to comply with a subpoena, or similar legal process
- When they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
- With their trusted service providers who work on their behalf, do not have an independent use of the information disclosed to them, and have agreed to adhere to the rules set forth in this privacy statement
Opt-Out Rights
You can stop all collection of information by the Application easily by uninstalling it. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace.
Children's Privacy
The App is not intended for use by children under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children.
Changes to This Policy
This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.
Your Consent
By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us. You acknowledge that you voluntarily provide all data to the Application, that you understand how your data may be processed and transmitted to third-party services, and that the Developer is not responsible for the content of data you choose to submit or for the actions of third-party service providers.
Contact Us
If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at appsupp@yahoo.com.