Privacy Policy

Budgi Pty Ltd (ABN to be confirmed) (“Budgi”, “we”, “us”, “our”) operates the Budgi personal finance application available at budgi.com.au and via mobile applications (“the Service”).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information, including financial data accessed through Australia’s Consumer Data Right (CDR) framework. We are committed to complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the CDR Rules.

By creating an account or using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

2.1 Information you provide directly

• Account registration details: name, email address, password (hashed; never stored in plain text)
• Profile preferences: household type, income range, pay cycle, financial goals
• Manually entered financial data: transactions, account balances, debts, savings goals, bills, sinking funds
• Notes and tags you add to transactions
• Reflection notes entered during weekly check-ins
• Communications you send to us (support emails, feedback)

2.2 Financial data via Open Banking (CDR)

If you choose to connect a bank account, we access your banking data through an accredited CDR data recipient (currently Basiq, a ACCC-accredited intermediary). With your explicit consent, this may include:

• Account names, types, balances, and BSB/account numbers
• Transaction history (merchant, amount, date, description)
• Regular payment patterns

CDR data is only accessed with your active consent, only for the purposes you authorise, and is governed by the CDR Rules in addition to this Policy. You can withdraw CDR consent at any time from Settings → Connections. Withdrawal of consent does not affect data already processed.

2.3 Imported data

If you import a CSV bank statement, we process the contents of that file to create transaction records. The raw file is not retained after processing.

2.4 AI-generated data

We use Claude (by Anthropic) to auto-categorise transactions and generate personalised coaching insights. Transaction descriptions and anonymised financial summaries are sent to Anthropic’s API to provide this functionality. Anthropic’s data processing is governed by their Privacy Policy. We do not send your name, email address, or direct identifiers to Anthropic’s API.

2.5 Usage and technical data

• Log data: IP address, browser type, pages visited, timestamps
• Device information: operating system, screen resolution
• Cookies and local storage (see Section 7)

We use your information solely to provide and improve the Service. Specifically:

We do not sell your personal information. We do not use your financial data for advertising. We do not share your data with third parties for their own marketing purposes.

We disclose personal information only to:

4.1 Service providers (processors)

• Supabase Inc. — database and authentication hosting. Data is stored in their cloud infrastructure. See Supabase Privacy Policy.
• Basiq Pty Ltd — CDR data intermediary for Open Banking connections. ACCC-accredited. See Basiq Privacy Policy.
• Vercel Inc. — application hosting and CDN. See Vercel Privacy Policy.
• Anthropic PBC — AI model provider for categorisation and coaching. Anonymised transaction data only. See Anthropic Privacy Policy.
• Resend Inc. — transactional email provider (digest emails). Email address and digest content only.

All service providers are contractually bound to process your data only on our instructions and to implement appropriate security measures.

4.2 Legal requirements

We may disclose information if required by law, court order, or government authority, or where we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of users or the public.

4.3 Business transfers

If Budgi is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

Your data is stored on Supabase infrastructure. We implement the following security measures:

• Passwords are hashed using bcrypt via Supabase Auth — we never see your password
• All data in transit is encrypted using TLS 1.2 or higher
• Database access is protected by Row Level Security (RLS) policies — your data is only accessible by your authenticated session
• CDR consent tokens are encrypted at rest
• API keys and secrets are stored as environment variables, never in code
• Access to production infrastructure is restricted to authorised personnel only

Despite these measures, no method of electronic storage or transmission is 100% secure. You use the Service at your own risk and we cannot guarantee absolute security.

In the event of a data breach that is likely to result in serious harm, we will notify you and, where required, the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

When you delete your account, your personal data is permanently deleted within 30 days, except where retention is required by law (e.g. financial record-keeping obligations).

We use the following browser storage mechanisms:

• Authentication cookies — set by Supabase to maintain your logged-in session. These are strictly necessary and cannot be opted out of while using the Service.
• localStorage — used client-side to store UI preferences (e.g. dismissed notifications, net worth target). This data never leaves your browser.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies (e.g. Google Analytics). We do not use fingerprinting.

Under the Australian Privacy Principles, you have the right to:

• Access — request a copy of the personal information we hold about you
• Correction — request we correct inaccurate or out-of-date information
• Deletion — request deletion of your account and associated data (subject to legal retention requirements)
• Complaint — lodge a complaint with us or with the OAIC (oaic.gov.au)

Under CDR Rules, you additionally have the right to:

• Withdraw consent for data sharing at any time via Settings → Connections
• Request deletion of CDR data we hold
• Lodge a complaint with the ACCC

To exercise any of these rights, contact us at privacy@budgi.com.au. We will respond within 30 days.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@budgi.com.au and we will delete the account promptly.

Some of our service providers (Supabase, Vercel, Anthropic, Resend) are based in the United States. When we transfer personal information outside Australia, we take steps to ensure it receives comparable protections, including contractual clauses aligned with the APPs.

AI coaching features send anonymised financial summaries (no names or direct identifiers) to Anthropic’s US-based API. This is disclosed in Section 2.4.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to your registered address) at least 14 days before the changes take effect, and update the “Last updated” date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

For privacy enquiries, access requests, or complaints:

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.