sBudget Privacy Policy

1. Introduction

Welcome to the Privacy Policy for sBudget ("we", "us", or "our"). sBudget is a budget tracking app designed to help you manage your income, expenses, and financial goals while maintaining control over your personal financial data.

sBudget operates on a local-first principle: your data is stored on your device by default, and cloud synchronization is entirely optional. This Privacy Policy explains how we collect, use, store, and protect your information when you use our app, including both the local-only experience and the optional cloud sync features.

Please read this policy carefully to understand how we treat your financial information.

Data Controller

The data controller responsible for your personal data is:

Anthony Eli Rasch - sapplify
PO Box 004
91501 Nové Mesto nad Váhom
Slovakia

Email: contact@sapplify.com

2. Data Collection

sBudget collects different types of data depending on how you choose to use the app:

Financial Data You Enter

The core functionality of sBudget involves tracking financial information that you actively provide:

• Transactions: Amount, type (income/expense), date, category, notes, and currency
• Accounts: Account names and organization preferences (e.g., "Personal", "Business")
• Categories: Spending and income category names, icons, and colors
• Budgets: Budget amounts, periods, and warning thresholds
• Recurring Transactions: Templates for automatic transaction entries

Account Data (Cloud Sync Users Only)

If you choose to create an account for cloud sync, we collect:

• Email address: For account identification and communication
• Display name: Optional, for personalization
• Authentication credentials: Securely managed by our authentication provider

Device Information (Cloud Sync Users Only)

For multi-device sync functionality, we collect:

• Device identifier: A unique ID to identify your devices for sync
• Device name: To help you identify your devices (e.g., "iPhone", "Android Phone")
• Platform: iOS or Android

What We DO NOT Collect

• We DO NOT collect bank account numbers, credit card details, or banking credentials
• We DO NOT use analytics or tracking services
• We DO NOT display advertisements
• We DO NOT sell or share your financial data with third parties
• We DO NOT collect location data
• We DO NOT access your contacts, photos, or other personal files

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, we process your personal data based on the following legal grounds:

Contract Performance

We process your data when necessary to provide you with the sBudget service:

• Storing your financial data locally on your device
• Synchronizing data across devices (if you subscribe to cloud sync)
• Managing your account and authentication
• Processing subscription status

Consent

We process certain data only with your explicit consent:

• Enabling cloud sync (you choose to create an account)
• Sending notifications (you enable this in settings)
• Exporting or sharing your data (you initiate this action)

You can withdraw consent at any time by disabling the relevant features or deleting your account.

Legitimate Interest

We may process limited data based on our legitimate interests:

• Ensuring security and preventing fraud
• Responding to support inquiries

Legal Obligations

We may process data when required by law, such as responding to valid legal requests from authorities.

4. Local Data Storage

By default, sBudget stores all your financial data locally on your device. This means your data never leaves your device unless you explicitly enable cloud sync.

Strictly Necessary Storage

Under the EU ePrivacy Directive, the local storage technologies we use are strictly necessary for providing the budgeting service you requested. A budgeting app cannot function without storing your financial data locally. Therefore, no separate consent is required for this storage, and we do not display a "cookie consent" pop-up for these essential functions.

Local Storage Technologies

• SQLite Database: Your transactions, accounts, categories, budgets, and recurring transactions are stored in a local database on your device
• Shared Preferences: Non-sensitive app settings like language preference, theme, and onboarding status
• Flutter Secure Storage: For storing sensitive settings and authentication tokens (when signed in)

Benefits of Local-Only Storage

5. Cloud Sync & Account

sBudget offers optional cloud synchronization for users who want to access their data across multiple devices. Cloud sync is a paid feature available through subscription.

How Cloud Sync Works

When you enable cloud sync:

• Your financial data is securely transmitted over encrypted connections (HTTPS/TLS) to our cloud servers
• Data is stored in a PostgreSQL database hosted by Supabase
• Row Level Security (RLS) ensures only you can access your data
• Changes sync automatically across all your signed-in devices
• Real-time sync keeps your devices up to date

What Gets Synced

• All transactions (amounts, dates, categories, notes)
• Account configurations
• Categories and customizations
• Budgets and settings
• Recurring transaction templates

Cloud Service Provider

We use Supabase as our cloud infrastructure provider. Supabase provides:

• Secure PostgreSQL database hosting
• Authentication services
• Real-time data synchronization
• Row Level Security for data isolation

Supabase's privacy policy and security practices can be found at supabase.com/privacy.

Opting Out of Cloud Sync

Cloud sync is entirely optional. You can:

• Use sBudget without ever creating an account
• Sign out at any time to stop syncing
• Delete your cloud account while keeping local data
• Export your data before deleting your account

6. Authentication

If you choose to use cloud sync, you'll need to create an account. We offer the following sign-in options:

Google Sign-In

• We receive your email address and display name from Google
• We do not access your Google contacts, calendar, or other data
• Google's privacy policy: policies.google.com/privacy

Apple Sign-In

• We receive your email address (or Apple's private relay email) and name
• You can choose to hide your email using Apple's Hide My Email feature
• Apple's privacy policy: apple.com/privacy

Authentication Data We Store

• Email address (for account identification)
• Display name (optional)
• Account creation date
• Beta tester status (if applicable)
• Subscription status and expiration

We do not store social login passwords or access tokens beyond what's needed for authentication.

7. Purchases & Payments

sBudget offers two types of paid upgrades:

• Pro (One-Time Purchase): Unlocks multiple accounts, recurring transactions, and custom categories. This purchase does not require an account and all Pro features work locally on your device.
• Sync (Subscription): Enables cloud synchronization across devices. Requires creating an account.

All payments are processed through the Apple App Store or Google Play Store.

What We Track

• Subscription status: Whether you have an active subscription
• Subscription expiration date: When your current subscription period ends
• Subscription type: Monthly or yearly plan

What We DO NOT Track

• Credit card or payment method details
• Billing address
• Transaction IDs or purchase receipts

Payment Processing

All payment processing is handled by:

• Apple App Store: For iOS users - Apple Privacy Policy
• Google Play Store: For Android users - Google Privacy Policy

We never see or store your payment details. Subscription management (cancellation, renewal) is done through your device's subscription settings.

8. App Permissions

sBudget requests only the minimum permissions necessary to function:

Required Permissions

• Local Storage: To store your financial data in the local database

Optional Permissions

• Internet Access: Required only for cloud sync, authentication, and subscription validation
• File Access: To export your data to files or import from backup (user-initiated only)
• Notifications: For optional budget alerts and reminders (if you enable them)

Permissions We DO NOT Request

• Camera or microphone access
• Contact list access
• Location services
• Background app refresh (except for sync)
• Health or fitness data
• Calendar access

9. Data Sharing

We are committed to keeping your financial data private. Here's how we handle data sharing:

We DO NOT Share Your Data With

• Advertisers or marketing companies
• Data brokers or analytics firms
• Social media platforms
• Any third party for commercial purposes

Limited Data Sharing

Your data may be processed by our infrastructure providers solely for the purpose of providing the service:

• Supabase: Hosts our cloud database and authentication (cloud sync users only)

These providers are bound by strict data processing agreements and cannot use your data for any other purpose. A Data Processing Agreement (DPA) is in place with all sub-processors to ensure GDPR compliance as required by Article 28 of the GDPR.

Sub-processors

The following third-party services may process your data as part of providing sBudget:

• Supabase (Frankfurt, Germany) - Cloud database and authentication
• Google - OAuth authentication (if you use Google Sign-In)
• Apple - OAuth authentication (if you use Apple Sign-In)

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All data processing is for the purpose of providing the budgeting service you requested.

User-Initiated Sharing

You have full control over sharing your data:

• Export your data in JSON or CSV format
• Share exported files with anyone you choose
• Generate reports for personal use or to share with financial advisors

Legal Requirements

We may disclose your information if required by law, such as in response to a valid court order or government request. We will notify you of such requests when legally permitted.

10. Data Security

We implement multiple layers of security to protect your financial data:

Local Security

Cloud Security (For Sync Users)

Conflict Resolution

When syncing across devices, we use a last-write-wins strategy with timestamps to resolve conflicts, ensuring your most recent changes are preserved.

Your Responsibility

To maximize security, we recommend:

• Secure your Google/Apple account with a strong password and two-factor authentication
• Enable device lock screen protection (PIN, password, biometric)
• Keep your device operating system and sBudget app updated
• Sign out from shared or public devices
• Create regular local backups via data export

11. Data Retention & Deletion

Local Data

• Local data remains on your device until you delete it or uninstall the app
• Uninstalling the app removes all local data permanently
• You can clear all local data from within the app settings

Cloud Data (Sync Users)

• Your cloud data is retained as long as your account is active
• Deleted items are soft-deleted (marked as deleted) for sync purposes
• When you delete your account, all cloud data is permanently deleted immediately
• We do not retain backups of deleted account data - your local device serves as your backup

How to Delete Your Data

Delete Local Data Only

Go to Settings > Data & Privacy > Clear All Data. This removes all transactions, budgets, and settings from your device.

Delete Cloud Account

Go to Profile > Delete Account. This will:

• Permanently delete all your cloud-synced data
• Remove your account from our authentication system
• Cancel any active subscriptions (you may need to cancel separately in device settings)
• Your local data will remain on your device unless you clear it separately

Export Before Deletion

We recommend exporting your data before deletion. Go to Settings > Data & Privacy > Export Data to save a backup.

12. Your Rights

You have full control over your personal and financial data:

Access Your Data

You can view all your data within the app at any time. Export functionality allows you to download a complete copy in JSON or CSV format.

Correct Your Data

Edit any transaction, category, budget, or account directly within the app.

Delete Your Data

Delete individual items or your entire account. See the Data Retention & Deletion section for details.

Data Portability

Export your data in standard formats (JSON, CSV) to transfer to other services or for your own records.

Withdraw Consent

You can:

• Sign out to stop cloud syncing while keeping local data
• Delete your cloud account while retaining local data
• Disable notifications at any time

GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

CCPA/CPRA Rights (California Users)

California residents have the right to:

• Know what personal information is collected
• Request deletion of personal information
• Opt-out of the sale of personal information
• Non-discrimination for exercising privacy rights

We do not sell or share your personal information. We do not "sell" your data as defined by the CCPA, nor do we "share" it for cross-contextual behavioral advertising purposes. We have no advertising in our app and do not monetize your data in any way.

Sensitive Personal Information: Your financial data is considered "Sensitive Personal Information" under California law. We only use this information for the purpose of providing the sBudget budgeting service that you requested. We do not use your sensitive personal information for any secondary purposes, and therefore a "Limit the Use of My Sensitive Personal Information" option is not required.

13. Children's Privacy

sBudget is intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13. In some EU member states, the minimum age for consenting to data processing may be higher (up to 16 years) in accordance with local law under GDPR Article 8.

• If you are under 13, please do not use cloud sync or create an account
• The local-only features can be used without providing any personal information
• Parents or guardians should supervise app usage and help set up appropriate settings
• If we discover we have collected data from a child under 13, we will delete it promptly

If you believe a child under 13 has provided us with personal information, please contact us at contact@sapplify.com.

14. International Users

sBudget is available to users worldwide. Here's how we handle international data:

Local-Only Users

If you use sBudget without cloud sync, your data stays entirely on your device. There are no cross-border data transfers.

Cloud Sync Users

If you enable cloud sync, your data is stored on servers provided by Supabase located in Frankfurt, Germany (EU). This means your data remains within the European Union and is subject to EU data protection standards.

Data Protection Standards

Regardless of where your data is stored, we apply the same high standards of data protection:

• Encryption in transit (TLS) and at rest (provided by Supabase)
• Row Level Security for data isolation
• Strict access controls

Supported Languages

sBudget currently supports 15 languages:

• English
• German (Deutsch)
• French (Français)
• Italian (Italiano)
• Spanish (Español)
• Portuguese (Português)
• Dutch (Nederlands)
• Polish (Polski)
• Czech (Čeština)
• Slovak (Slovenčina)
• Turkish (Türkçe)
• Russian (Русский)
• Japanese (日本語)
• Chinese (中文)
• Korean (한국어)

Supported Currencies

sBudget supports transactions in 150+ currencies, allowing you to track finances in your local currency.

15. Data Breach Notification

We take data security seriously. In the unlikely event of a data breach affecting your personal information, we will:

Notification Process

• Assess the breach: Immediately investigate the scope and impact
• Notify authorities: Report to relevant data protection authorities within 72 hours as required by GDPR Article 33
• Notify affected users: Inform you without undue delay if the breach poses a high risk to your rights and freedoms, as required by GDPR Article 34
• Provide details: Inform you of the nature of the breach, potential consequences, and measures taken

What We Will Communicate

• Description of the breach and data involved
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Recommendations for protecting yourself
• Contact information for follow-up questions

Your Local Data

Note that data stored only locally on your device is not affected by server-side breaches. This is another benefit of our local-first approach.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, add new features, or comply with legal requirements.

How We Notify You

When we make material changes, we will notify you by:

• Posting an in-app notification when you next open sBudget
• Updating the "Last updated" date at the top of this policy
• Sending an email notification (if you have an account and email notifications enabled)
• Updating the privacy policy in app store descriptions

Your Continued Use

Your continued use of sBudget after changes are posted constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the app and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

17. Governing Law

This Privacy Policy and any disputes arising from it are governed by the laws of the Slovak Republic, without regard to conflict of law principles. This does not affect your mandatory consumer protection rights under EU law, which may provide additional protections regardless of the governing law.

Jurisdiction

For users in the European Union, any disputes shall be subject to the jurisdiction of the courts in Slovakia, unless mandatory consumer protection laws in your country of residence provide otherwise.

EU Users

If you are located in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

As we are based in Slovakia, our lead supervisory authority is:

Úrad na ochranu osobných údajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hraničná 12
820 07 Bratislava 27
Slovak Republic
Website: dataprotection.gov.sk
Email: statny.dozor@pdp.gov.sk

Dispute Resolution

We encourage you to contact us first at contact@sapplify.com to resolve any concerns or disputes. We are committed to working with you to reach a fair resolution.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

General Inquiries: contact@sapplify.com

Privacy & Data Protection: privacy@sapplify.com

We are committed to addressing your privacy concerns and will respond to your inquiry within 30 days.

Data Protection Inquiries

For specific data protection requests (access, deletion, correction), please email us with:

• Your account email address
• A clear description of your request
• Any relevant details to help us locate your data

We may need to verify your identity before processing certain requests to ensure the security of your data.