BudgetBuckets
Legal

Privacy Policy

Effective May 28, 2026

This Privacy Policy explains what personal information BudgetBuckets (“we,” “us”) collects when you use the BudgetBuckets service (the “Service”), why we collect it, how we use it, and the choices you have. We aim to be plain about what happens to your data.

1. Who we are

BudgetBuckets is operated by CoreSystem360, LLC, PO Box 7578, York, PA 17404. We are the data controller for the personal information described below. Contact: privacy@budgetbuckets.app.

2. What we collect and why

Account information

Email address, username, display name, Supabase-managed authentication credentials, and workspace name. We use this to create and secure your account, sign you in, and link you to a workspace.

Workspace content you create

Budget buckets, transactions (date, amount, description, type, notes), receipt images you upload, recipes (including ingredients, instructions, optional photos), and shopping list items. This content is stored only to provide the Service to your workspace.

Bank statements you upload

When you upload a CSV or PDF bank statement, we extract the rows for your review. The raw file is deleted after parsing — we keep only the categorized transactions you commit to your budget. A fingerprint (hash) of the file is retained so we can warn you about duplicate uploads.

Billing

Payments are processed by Stripe. We store your Stripe customer and subscription identifiers and your subscription status. We do not see or store your full card number.

Support communications

Ticket subjects, messages, and any files you choose to attach to support requests.

Usage and technical data

Server logs (IP address, browser user agent, timestamps), errors, and counts of AI-powered actions per workspace. We use this for security, abuse detection, billing, and to keep the Service running.

Cookies

We use a small number of strictly-necessary cookies. See our Cookie Policy for details. We do not use advertising or third-party analytics cookies.

3. Legal bases (EU/UK users)

  • Performance of a contract — to create your account, run your workspace, and bill you.
  • Legitimate interests — to secure the Service, prevent abuse, and improve reliability.
  • Legal obligation — to respond to lawful requests and meet tax/recordkeeping duties.
  • Consent — only where required (e.g., specific marketing emails, if and when we send them). You can withdraw consent at any time.

4. Sub-processors

We use the following third parties to provide the Service. Each processes data only as needed for the listed purpose:

  • Stripe, Inc. — payment processing and billing. Privacy policy.
  • MiniMax — AI parsing of receipt OCR text, bank statement text, and recipes. Image and scanned-PDF text is extracted server-side before relevant text is sent for parsing. Privacy policy.
  • Database and hosting infrastructure — we use a managed PostgreSQL provider and cloud hosting to store account data and workspace content. The current providers are listed at /legal/cookies and may change as we scale.

5. AI processing of your content

When you scan a receipt, parse a statement, scan or search for a recipe, or estimate recipe cost, the relevant extracted text or recipe data is sent to our AI sub-processor for parsing. Outputs are returned to your workspace. We do not use your content to train models, and our sub-processors are contractually restricted from using API content for training.

6. Retention

  • Account and workspace data — kept while your account is active and for up to 30 days after deletion to allow recovery from accidental deletion, then permanently deleted.
  • Raw bank statement files — deleted immediately after parsing.
  • Server logs — retained for up to 90 days for security and reliability, then deleted or aggregated.
  • Billing records — kept as required by tax and accounting rules (typically 7 years).

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated workspace data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (EU/UK) or your state attorney general (US).

To exercise any of these rights, open a support ticket from inside the app or email privacy@budgetbuckets.app. We respond within 30 days. Where required, we will verify your identity before acting on a request.

8. California residents (CCPA/CPRA)

California residents have additional rights including the right to know, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under California law. To make a request, use the contact methods in Section 7.

9. International transfers

The Service is hosted in the United States. If you access the Service from outside the U.S., your information will be processed in the U.S. and other countries where our sub-processors operate. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

10. Security

Passwords are hashed before storage. Session cookies are HTTP-only and transmitted over HTTPS in production. Communication with sub-processors uses TLS. No service is perfectly secure; if we become aware of a personal-data breach affecting your information, we will notify you and the relevant authorities as required by law.

11. Children

BudgetBuckets is intended for adults. You must be at least 18 years old to create an account. We do not knowingly collect information from children under 13 (or the equivalent minimum age in your country). If you believe a child has provided us with personal information, contact us and we will delete it.

12. Changes to this policy

We may update this policy. If we make material changes we will notify you in the app or by email at least 14 days before the change takes effect. The current version is always available at /legal/privacy.

13. Contact

Email: privacy@budgetbuckets.app
Postal: CoreSystem360, LLC, PO Box 7578, York, PA 17404

Questions? Open a support ticket inside the app, or email legal@budgetbuckets.app.