Privacy Policy

Information we collect

• Account information. The email address and password you use to create an account. Passwords are handled by our authentication provider and stored only as secure hashes.
• Financial account data. When you connect a bank through Plaid, we receive account balances, transactions, merchant names, and account metadata (type, last four digits). We never receive or store your bank login credentials.
• Information you enter. Budget targets, savings goals, pay schedule, category overrides, quiz answers, and chat messages you send to the in-app assistants.
• Usage data. Standard server logs (timestamps, error traces) generated by our hosting provider.

How we use your information

• To display your accounts, transactions, and budget.
• To generate insights, summaries, projections, and AI assistant responses.
• To operate, secure, debug, and improve the service.
• To communicate with you about your account.

We do not sell your personal or financial information, and we do not use it for advertising.

Plaid

We use Plaid Inc. to connect your bank accounts. When you link an account, you enter your credentials directly with Plaid — they never pass through our servers. Plaid's handling of your data is governed by the Plaid End User Privacy Policy. By connecting an account you also agree to Plaid's policy.

AI features

The in-app assistants and the monthly summary are powered by Anthropic's Claude API. When you use these features, the relevant financial figures and your messages are sent to Anthropic to generate a response. Anthropic processes this data as a service provider and does not use it to train its models.

How your data is stored and secured

• Data is stored in a Postgres database hosted by Supabase, with row-level security so each user can only access their own data.
• Plaid access tokens are encrypted at rest with AES-256-GCM.
• All traffic is encrypted in transit over HTTPS/TLS.
• We never store your bank username or password.

Sharing

We share data only with the service providers needed to run the product — Plaid (bank connections), Supabase (database and auth), Vercel (hosting), and Anthropic (AI features) — and only as needed to provide the service. We may disclose information if required by law. We do not sell your data.

Data retention

We keep your data while your account is active. You can disconnect a bank or delete your account at any time; on account deletion we remove your personal and financial data from our systems, subject to short-term backup retention and any legal obligations.

Your rights

You can access, correct, export, or delete your data. To make a request, or to ask any question about this policy, contact us at [your-contact-email@example.com]. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA.

Children

HansonsBudget is not directed to anyone under 18, and we do not knowingly collect data from children.

Changes

We may update this policy. Material changes will be reflected by a new effective date at the top of this page.

Contact

Questions? Email [your-contact-email@example.com].