Privacy Policy
1. Introduction
Growth Budget (“the App,” “we,” “us,” or “our”) is a personal finance application that helps individuals track spending, manage savings, and model investment decisions through envelope budgeting and AI-powered insights. Growth Budget is independently developed and operated by Eric Nace.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and how you can request deletion of your data. By using the App, you agree to the practices described here.
If you have questions about this policy, contact us at: [email protected]
2. Information We Collect
We collect two categories of information: information you provide directly, and information collected automatically through the services you connect.
2.1 Information You Provide
| Data | Purpose |
|---|---|
| Email address | Account identification and recovery |
| Passkey credential | Passwordless authentication via WebAuthn (managed by Hanko) |
| Budget names, category names, account names | Organizing your budget envelopes |
| Manual transactions | Transactions you enter by hand |
| Memos and notes | Annotations you add to transactions |
We do not collect your legal name, home address, phone number, Social Security number, or government-issued ID. We do not collect payment card numbers.
2.2 Information Collected Automatically via Plaid
When you choose to connect a bank or financial institution through Plaid Link, we receive and store the following data from the Plaid API on your behalf:
| Data | Source | Notes |
|---|---|---|
| Plaid access token | Plaid Link flow | Encrypted at rest; used to retrieve your data |
| Account names and types | Your financial institution | e.g., “Chase Checking” |
| Account balances | Your financial institution | Current and available balances |
| Transaction history | Your financial institution | Payee name, amount, date, category |
| Institution name | Plaid | e.g., “Bank of America” |
We do not receive or store full account numbers, routing numbers, or login credentials for your financial institution. Plaid handles those credentials directly and does not share them with us.
To stop syncing a linked account, contact us at [email protected] or delete your account. Per-account disconnection is a planned self-service feature.
2.3 Session and Technical Data
| Data | Purpose |
|---|---|
| Session token (cookie) | Keeps you logged in during a browser session; signed and not readable by third parties |
| Server logs | Standard web server logs (IP address, request path, timestamp); automatically rotated on a rolling basis and not retained indefinitely |
We do not use third-party analytics, advertising networks, or tracking pixels.
3. How We Use Your Information
We use your information exclusively to operate Growth Budget. Specifically:
- To authenticate you — Your passkey credential is verified through Hanko on every login. No password is stored.
- To display your budget — Account balances and transactions retrieved from Plaid are used to populate your budget registers, envelope categories, and reports.
- To generate AI insights — If you enable the AI Insights feature, your budget data is analyzed by a locally-hosted AI model running on our own infrastructure. Your data is never transmitted to a third-party AI provider, cloud AI service, or used to train any model. See §5 for full details.
- To sync your transactions — The App polls Plaid approximately every 12 hours to retrieve new transactions and updated balances.
- To model investment opportunities — Balances you hold are compared against reference investment vehicles (CDs, index ETFs, high-yield savings) to show projected returns. This analysis runs entirely within the App; no data is sent to external financial services for this feature.
We do not use your financial data for advertising, profiling, credit scoring, or any purpose other than powering your budgeting features.
4. Data Sharing and Subprocessors
We do not sell your personal information or financial data. We do not share your data with data brokers, advertisers, or analytics companies.
We share limited data with the following subprocessors solely to operate the App:
| Subprocessor | Purpose | Data Shared | Their Privacy Policy |
|---|---|---|---|
| Plaid Technologies, Inc. | Bank account connection and transaction sync | Plaid access token; receives your bank login credentials directly (we never see them) | plaid.com/legal |
| Hanko GmbH | Passkey authentication | Passkey credential and session verification | hanko.io/privacy |
We may disclose information if required by law or court order, but we will notify you when legally permitted to do so.
5. Artificial Intelligence Features
5.1 How AI Is Used
Current features (user-initiated):
Growth Budget currently uses AI for the following, and only when you explicitly request it from the AI Insights page:
- Analyzing your spending patterns and generating personalized budget suggestions
- Identifying recurring transactions and unusual spending trends
- Providing natural-language summaries of your financial activity
No automatic or background AI analysis occurs for these features. Your data is processed only on demand.
Planned features (automatic):
We are developing additional AI-powered features that will run automatically as part of normal app operation, without requiring a separate user action each time:
- Transaction categorization — automatically suggesting or applying spending categories to imported transactions
- Merchant name clarity — cleaning and standardizing raw bank payee strings into readable merchant names
When these features are introduced, they will operate on your financial data as part of the transaction sync process. We will update this policy and notify users before these features are enabled. You will have the ability to review, correct, or override any AI-generated categorization.
5.2 Local Processing — Your Data Stays on Our Infrastructure
The AI model that powers these features runs entirely on our own self-hosted infrastructure. Your financial data is never transmitted to a cloud-based AI provider, third-party AI service, or any external system to perform AI analysis.
Unlike services that route data through providers such as OpenAI or Google, our AI runs on-premises alongside the application. The same data isolation, encryption, and access controls that apply to the rest of your data apply equally to AI processing.
5.3 No Training on Your Data
Your personal financial data is never used to train, fine-tune, or improve any AI model — ours or anyone else’s. AI processing is read-only and ephemeral: your data is analyzed in memory to produce a result, and that input is not retained for any model improvement purpose.
5.4 No Automated Decision-Making With Legal or Significant Effect
We do not use automated decision-making, including profiling, in a way that produces legal effects or similarly significant effects on you. AI features — both current and planned — are designed to assist and inform. They surface insights, suggest categories, and clarify merchant names, but all financial decisions remain entirely yours. Any AI-generated output can be reviewed, edited, or overridden directly in the App.
AI processing does not affect your account status, creditworthiness, access to services, or any other right or entitlement.
5.5 Future Changes
If this policy ever changes and we begin using an external AI provider or automated decision-making that has a significant effect on individuals, we will inform you, update this policy, and provide information about the logic involved and the consequences of such processing before the change takes effect.
6. How We Protect Your Data
Growth Budget is built with application-level encryption as a core design principle, not an afterthought.
- Per-user encryption keys — Each user account has a unique 256-bit Data Encryption Key (DEK). Your DEK is never stored in plaintext; it is wrapped by a Key Encryption Key managed by a dedicated cryptographic key management server.
- Encrypted at rest — Your email address, account names, payee names, transaction memos, and Plaid access token are encrypted using AES-256-GCM before being written to the database.
- No passwords — The App uses WebAuthn passkeys exclusively. There are no passwords to steal or phish.
- Network isolation — The App is accessible only through a Cloudflare Zero Trust Tunnel. There are no open ports on the public internet.
- Row-Level Security — PostgreSQL Row-Level Security policies ensure that queries for one user cannot return another user’s data, even in the event of an application bug.
- CSRF protection — All state-changing requests require a CSRF token, preventing cross-site request forgery attacks.
7. Data Retention
We retain your data for as long as your account is active.
| Data | Retention |
|---|---|
| Account data, transactions, budgets | Retained until account deletion |
| Plaid access tokens | Retained until account deletion |
| Internal security audit logs | Retained for up to 7 years after account deletion for fraud prevention, legal compliance, and dispute resolution; PII columns are redacted at write time |
| Plaid webhook event logs | Retained for up to 2 years; used to reconcile transaction sync state and investigate data integrity issues |
| Server logs | Automatically rotated; not retained indefinitely |
| Session tokens | Expire at browser close or on explicit logout |
8. Your Rights and Choices
Access — You can view all data associated with your account within the App at any time.
Correction — You can edit account names, transaction memos, payee names, and other user-provided data directly in the App.
Disconnect a bank account — Per-account bank disconnection is not yet available as a self-service feature. To stop syncing a specific linked account, please contact us at [email protected] and we will remove it on your behalf, or you may delete your full account to remove all linked data.
Delete your account — You can permanently delete your account at any time from Account Settings within the App. Deletion is immediate and self-service — no email or waiting period required. Upon deletion:
- Your user record is deleted from the database, which immediately cascade-deletes all associated data: budgets, accounts, transactions, payees, categories, and AI settings.
- Your Data Encryption Key (DEK) is destroyed. Any encrypted data that remains in backups becomes permanently unreadable without it.
- Plaid access tokens stored in our database are deleted as part of the cascade.
- Your session cookies are cleared and you are logged out immediately.
If you are unable to access your account and need assistance with deletion, contact us at [email protected].
AI Insights — AI analysis only runs when you explicitly request it from the AI Insights page. If you do not wish to use AI features, simply do not use that page — no configuration or opt-out is required.
9. Cookies and Local Storage
The App uses a single session cookie to keep you logged in. This cookie:
- Is cryptographically signed with a server-side secret
- Is flagged
HttpOnly(not accessible to JavaScript) - Is flagged
Securein production (transmitted only over HTTPS) - Is flagged
SameSite=Strictto prevent cross-site transmission - Does not contain personal information
- Expires at the end of your browser session
We do not use advertising cookies, tracking pixels, or third-party cookies.
10. Children’s Privacy
Growth Budget is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. For material changes, we will provide notice within the App. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.
12. Policy Review
This Privacy Policy is reviewed at least annually to ensure it remains accurate, complete, and compliant with applicable data privacy laws (including CCPA and GDPR where applicable). Reviews are also triggered by:
- Material changes to data processing practices or third-party integrations
- New legal or regulatory requirements
- Significant product changes affecting what data is collected or how it is used
The review process includes verifying that documented retention periods match actual system behavior, confirming that third-party data processor agreements (e.g., Plaid, Hanko) remain current, and assessing any new data categories introduced since the last review. Completed reviews are recorded internally. Users are notified of material changes via an in-app notice.
13. Contact
Eric Nace
Email: [email protected]
Application: Growth Budget — growth-budget.com