Budgeter AI
Zacznij za darmo

Privacy Policy

Effective Date: January 27, 2026
Last Updated: January 27, 2026

This Privacy Policy (hereinafter - "Policy") explains what personal data is processed when using the BUDGETER AI service (hereinafter - "Service"), why it is needed, on what legal basis we process it, and what rights users have. The Policy is prepared in accordance with the requirements of GDPR (General Data Protection Regulation) and applicable data protection legislation.

The Policy applies to the mobile application, web version, API and related infrastructure of BUDGETER AI. If you do not agree with the Policy, please do not use the Service.

1. Terms

The following terms are used in the Policy:

  • "Personal Data" - any information relating to an identified or identifiable natural person.
  • "Processing" - any operation performed on personal data (collection, recording, storage, use, disclosure, deletion, etc.).
  • "Controller" - a person who determines the purposes and means of processing personal data.
  • "Processor" - a person who processes personal data on behalf of the controller.
  • "User" - a person using the Service.

2. Who We Are (Data Controller)

  • Personal Data Controller: [[Legal Entity / Individual Entrepreneur]]
  • Legal Address: [[Address]]
  • Email for Personal Data Inquiries: [[privacy@yourdomain.com]]
  • Security Contact: [[security@yourdomain.com]]
  • DPO (if appointed): [[DPO contact or "not appointed"]]
  • EU/EEA Representative (if required): [[representative contact or "not applicable"]]

3. What Data We Process

We process data to the extent necessary to provide the Service, ensure security, and comply with legal requirements. The specific composition of data depends on the features you use and the information you enter.

3.1. Account Data

  • email and/or phone number (depending on login method)
  • name/nickname (if provided)
  • password (as a cryptographic hash; password is not stored in plain text)
  • account settings and preferences

3.2. Financial Data You Add

  • transactions (income/expenses), amounts, dates, categories, notes
  • accounts/wallets and their names, currencies, balances (that you set)
  • budgets, limits, goals and savings (if you use the relevant sections)
  • import files (CSV/XLSX) and import metadata - if you upload them to the Service

3.3. Usage and Technical Data

  • IP address, device/application identifiers, OS and application version, language, timezone
  • technical logs, error information and diagnostic data
  • interface interaction events (e.g., screen transitions) - if analytics is enabled

3.4. Communications and Support

  • messages you send to support
  • attached files and screenshots (if you send them)

3.5. AI Request Data

  • If you use AI features, we process data that you send in AI assistant requests, as well as the generated response. The composition of such data is determined by you.

3.6. Special Categories of Data

  • The Service is not intended for processing "special categories" of personal data (e.g., health data, biometric data, political views, religious beliefs). Please do not add such information to the Service or include it in AI requests. If you have provided such data, you do so on your own initiative.

3.7. Cookies and Similar Technologies

  • The web version may use cookies and similar technologies. Details, including cookie categories and management methods, are described in our Cookie Policy.

4. Data Sources

  • directly from you (during registration, use of the Service, support requests)
  • automatically when using the Service (technical logs, device and session information)
  • from payment providers (e.g., payment/subscription status) - if you subscribe to a paid plan

5. Processing Purposes and Legal Basis (GDPR)

We process personal data only when there is a legal basis provided for by GDPR. Below are the main purposes and corresponding bases.

5.1. Service Provision and Contract Performance

Purpose: registration, login, data storage and synchronization, provision of accounting and analytics features.

Basis: contract performance (Art. 6(1)(b) GDPR).

5.2. AI Assistant and Intelligent Analytics

Purpose: generating analytical reports and recommendations based on your data, as well as AI assistant responses.

Basis: contract performance (Art. 6(1)(b) GDPR) and/or our legitimate interest in improving the Service (Art. 6(1)(f) GDPR).

Important: you control what data is sent in AI requests. We recommend not including excessive information unrelated to financial accounting in requests.

5.3. Support and Request Processing

Purpose: responding to requests, fixing errors, consulting on Service use.

Basis: contract performance (6(1)(b)) and/or legitimate interest (6(1)(f)).

5.4. Security and Abuse Prevention

Purpose: protecting accounts, preventing fraud, detecting and investigating incidents.

Basis: legitimate interest (6(1)(f)) and/or legal obligation (6(1)(c)) - when applicable.

5.5. Payments and Accounting (if applicable)

Purpose: processing subscriptions, confirming payments, accounting and compliance with legal requirements.

Basis: contract performance (6(1)(b)) and/or legal obligation (6(1)(c)).

Note: payment card data is processed by the payment provider. We only receive information necessary for subscription management (e.g., payment status and subscription identifier).

5.6. Newsletters and Marketing (only with consent, if applicable)

Purpose: sending product news, useful materials and marketing messages.

Basis: consent (6(1)(a)). You can withdraw consent at any time (unsubscribe link in email or settings).

6. Who We Disclose Data To

We do not sell personal data. We may disclose data to the following categories of recipients:

  • infrastructure providers (hosting, cloud services, databases)
  • analytics/crash reporting providers (if enabled)
  • payment providers (if subscribing)
  • AI/ML service providers for AI functions (if enabled)
  • government agencies and other parties - if required by law or necessary to protect our rights and legitimate interests

We enter into data processing agreements (DPA) with processors and require compliance with confidentiality and security measures.

An up-to-date list of key sub-processors may be published separately. Upon request, we will provide information about suppliers involved in data processing.

7. International Data Transfer

If data processing is carried out outside the European Economic Area (EEA), we ensure appropriate safeguards in accordance with GDPR, including (where applicable) adequacy decisions, standard contractual clauses (SCC) and additional security measures (e.g., encryption and data minimization).

8. Retention Periods

We retain personal data no longer than necessary for processing purposes, as well as to comply with legal obligations.

  • Account data and financial records: while the account is active.
  • Backups: up to [[X days]] after account deletion, then deletion/overwriting.
  • Security logs and technical logs: [[X days/months]].
  • Support requests: [[X months]] after request closure.
  • Accounting documents (if applicable): period established by law of your jurisdiction.

Upon your request, we will delete or anonymize data if there are no legal grounds to continue storage (e.g., obligation to retain accounting records).

9. Security

We apply organizational and technical measures to protect data, including:

  • encryption during data transmission (TLS)
  • access control and principle of least privilege
  • logging and monitoring
  • backup and recovery procedures

No system is completely secure. Use a strong password and do not share access with third parties.

10. Your Rights

If GDPR applies to you, you have the following rights:

  • right of access to data
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object to processing (including on the basis of legitimate interest)
  • right to withdraw consent (if processing is based on consent)
  • right to lodge a complaint with a data protection supervisory authority at your place of residence/work or place of alleged violation

To exercise your rights, write to us: [[privacy@yourdomain.com]]. We may request identity verification to prevent unauthorized access to your data.

11. Automated Decisions and AI

BUDGETER AI may use algorithms, including machine learning models, to prepare analytics and recommendations. We do not make decisions that have legal or similarly significant consequences for you solely on the basis of automated processing, without human involvement.

If you believe that an AI response contains an error or want a human to review the question, contact support: [[support@yourdomain.com]].

12. Children

The Service is not intended for persons under [[16]] years of age (or other age in accordance with local law). If you believe that a child has provided us with data without the consent of a legal representative, contact us - we will take measures to delete the data.

13. Policy Changes

We may update the Policy. The current version is published in the Service and/or on the website. In case of material changes, we will notify you through the application or by email (if applicable).

14. Contacts

  • Privacy Inquiries: [[privacy@yourdomain.com]]
  • Security Inquiries: [[security@yourdomain.com]]