Privacy Policy

1. Who We Are

For Nothing Ventures LLC ("we," "us," or "our") operates the Budge mobile application and the website at budgeme.com. We are committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we use it.

2. What Data We Collect

We collect only the minimum data necessary to provide the Budge service:

• Account information: Email address and password, or third-party authentication via Google Sign-In or Sign in with Apple (stored securely via Supabase Auth). If you sign in with Google or Apple, we receive your name, email address, and profile photo (if available) from the provider. Optional display name and username.
• Location data: GPS coordinates are collected in the background to calculate your daily activity metrics: time at home vs. away, number of distinct places you stopped at (5+ minutes at a location), and time of first departure. Raw GPS events are stored temporarily and automatically deleted after 90 days. Only the aggregated daily summary is retained long-term. Fee safety: Each daily summary records how many GPS events were available. If no location data is available for a given day (e.g., permissions were revoked or the app was not running), no fees are assessed for that day. A last-received timestamp is maintained to detect when tracking has stopped.
• Home zone: The latitude and longitude of your self-selected home location and radius.
• Payment information: Payment method details are collected and processed by Stripe. We store only a Stripe customer ID and payment method ID - never your card number, CVV, or bank details.
• Usage data: Mood check-in responses, streak data, and prompt responses (your stated reasons for staying home).
• Device information: Push notification token (for sending check-in prompts) and timezone.

3. Communications

We may send you the following types of email:

• Transactional emails: Welcome email upon registration, password reset links, and payment receipts. These are essential to operating your account and cannot be unsubscribed from.
• Service emails: Important updates about changes to our Terms of Service, Privacy Policy, or the Budge service. These are sent infrequently and only when necessary.

We do not send marketing emails. If we introduce marketing communications in the future, they will be opt-in only. You can manage your email preferences at budgeme.com/unsubscribe.

4. What We Do NOT Do With Your Data

• We do not display or share the specific places you visit with anyone - not other users, not third parties, not even within the app. We process GPS into aggregate metrics only (time out, location count, departure time).
• We do not build a user-facing map of your movements or create a shareable movement profile.
• We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties for marketing purposes.
• We do not use your data for ad targeting.
• We do not collect contacts, photos, microphone data, or any sensor data beyond GPS.
• Raw GPS events are automatically deleted after 90 days. Only aggregated daily summaries are retained.

5. How We Use Your Data

Your data is used solely to provide and improve the Budge service:

• Home detection: GPS data determines if you are home or away to calculate your daily and weekly activity baseline.
• Check-in prompts: When your time at home significantly exceeds your baseline, we send a push notification asking why.
• Fee calculation: If you confirm you stayed home without a valid reason, fees are calculated based on the schedule disclosed during onboarding ($2 per unjustified miss, $6/week maximum).
• Progress tracking: Streaks, vitality scores, and mood check-ins are calculated from your activity data to provide motivation and a sense of progress.
• Personal insights: Your weekly insights and mood history are shown only to you.

6. Data Storage and Security

• All data is stored in Supabase (hosted on AWS) with encryption at rest and in transit.
• Authentication tokens are stored in your device's secure keychain (iOS Keychain via expo-secure-store), not in plain storage.
• Row-level security (RLS) policies ensure users can only access their own data.
• Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified.
• All network communication uses HTTPS/TLS.

7. Data Sharing

We share data only with the following service providers, solely to operate the Budge service:

• Supabase: Database hosting, authentication, and serverless functions.
• Stripe: Payment processing.
• Google: Authentication via Google Sign-In (if you choose to sign in with Google). We send no data to Google; we receive an ID token to verify your identity.
• Apple: Authentication via Sign in with Apple (if you choose to sign in with Apple) and app distribution via the App Store. We receive an identity token to verify your identity.
• Resend: Transactional email delivery (welcome emails, password resets).
• Expo: Push notification delivery.

We do not share your data with any other third parties. We will never sell your data.

8. Social Features

Budge may include optional social features in the future. If you participate:

• Your display name, username, and streak may be visible to users who follow you.
• Your home location, GPS data, mood responses, and fee history are never shared with other users.
• You can set your profile to private at any time.

9. Data Retention

• Your data is retained for as long as your account is active.
• Location events older than 90 days may be aggregated into daily summaries and the raw events deleted.
• If you delete your account, all associated data is permanently deleted from our database within 30 days.

10. Your Rights

You have the right to:

• Access your personal data at any time through the app.
• Correct your personal data (display name, username, home location) at any time.
• Delete your account and all associated data from the Profile screen in the app.
• Export your data by contacting us at privacy@budgeme.com.
• Revoke location or notification permissions at any time through your device settings.
• Unsubscribe from non-essential emails at budgeme.com/unsubscribe. Transactional emails (password resets, payment receipts) cannot be unsubscribed from as they are necessary for account operation.

If you revoke location permissions, Budge will not be able to track your activity and no fees will be assessed.

11. Children's Privacy

Budge is not intended for anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it immediately.

12. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: privacy@budgeme.com

Website: budgeme.com