Key Points Summary

Sign in with Apple or Sign in with Google may be required to access secure app sessions on supported platforms. Sign in with Google is offered on the web/PWA only; the iOS app uses Sign in with Apple.
Uploaded financial files are never stored on our servers after parsing. Server-persisted data is strictly limited to account authentication credentials (via Apple/Google Sign-In) and anonymous usage analytics.
Learned rules and session data are stored only on your device and never transmitted to us.
No third-party analytics, ads, or tracking are used.
Support emails are handled externally (by your and our email provider); the app does not store or process support communications.
Children’s privacy is protected; the app is not for children under 13.
You control your data: delete individual saved uploads, clear session history, delete learned rules, and opt out of analytics at any time.
Notice: Paid subscription features are built and will be enabled soon. No payments are collected or processed at this time. All pricing, paid tier terms, and user rights will be clearly disclosed before activation. This policy will be updated before monetization goes live.

See below for full details.

Privacy Policy for MyBudgetNerd

MyBudgetNerd is offered by Athena Analytics LLC, doing business as Athena Data Labs.

Effective date: May 16, 2026

This Privacy Policy describes how MyBudgetNerd (“we,” “us,” or “our”) processes information when you use our mobile application (iOS) and web application (collectively, the “Service”). By using the Service, you agree to the practices described in this policy and to our Terms of Service.

1. Information You Provide or We Process to Operate the Service

Depending on how you use the Service, the following types of information may be provided by you or processed on your behalf:

Apple Sign In authentication data (when sign-in is enabled): We process Apple-issued identity and access credentials needed to authenticate your session. This can include an Apple identity token, a stable Apple user identifier, token expiry metadata, and cryptographic nonce/state values used to validate sign-in requests. If Apple and your settings provide profile information (such as relay or direct email and display name), we may process that data for account/session display and support purposes.
Google Sign In authentication data (web/PWA only, when sign-in is enabled): If you choose Sign in with Google on the web or PWA, we process Google-issued identity and access credentials needed to authenticate your session. This can include a Google ID token, a stable Google user identifier (sub), token expiry metadata, and cryptographic state values used to validate sign-in requests. If Google and your account provide profile information (such as email and display name), we may process that data for account/session display and support purposes. Sign in with Google is not used by the iOS app.
Financial data you choose to upload: Transaction descriptions, amounts, dates, and account type information may be extracted from bank statements you upload so the app can parse, categorize, analyze, and display your information back to you. Uploaded files are processed request-by-request and purged from backend request memory/temporary handles after parsing completes. We do not store uploaded statement files or parsed transaction datasets on our servers as a retained customer financial dataset.
Learned categorization rules: When you recategorize a transaction and choose to remember it, a personal merchant–category rule (normalized merchant name, chosen category, timestamps, and counters) is stored locally on your device only (in browser or app local storage). Rules never leave your device and are never transmitted to our servers.
Device-local session data: When Session History is enabled, parsed and categorized data, plus locally cached Oracle/Financial Story snapshots needed to reopen the app without recomputing, may be stored on your device using a retention window you select (default 120 days; options include off, 6 hours, 30, 60, 90, 120 days, or 1 year). You can also delete individual saved uploads from Session History inside the app, which removes the associated on-device cached analysis for that upload.

2. Authentication and Account Security

On supported flows, we use Sign in with Apple for account authentication. On the web/PWA, Sign in with Google is also available.
We do not receive or store your Apple password.
Authentication tokens are stored using platform security controls (for example, iOS secure storage/Keychain and browser-controlled secure storage where applicable).
You can revoke app authorization from your Apple ID settings (or, for Google sign-in on the web/PWA, from your Google account’s “Apps with access to your account” settings). Revocation can require you to sign in again to continue using authenticated features.

3. Anonymous Usage Analytics

We collect anonymous, non-personal usage analytics to understand how features are used and improve the Service. Analytics events are stored on our servers and include:

Event type (e.g., app opened, file uploaded, export used, Oracle opened, categorization applied).
An anonymous, locally generated device identifier (not tied to your name, email, or any account).
App version and platform (web or iOS).
Basic counts (e.g., number of transactions parsed).

Analytics never include transaction descriptions, merchant names, file names, account numbers, email addresses, or any personally identifiable information. Sensitive metadata is stripped before storage.

You can disable analytics at any time in the app’s Settings. When disabled, no events are sent.

4. Information We Do Not Collect

We do not use third-party analytics services, tracking pixels, advertising cookies, or ad networks.
We do not collect precise location data or device fingerprints.
We do not link to or access bank accounts directly. All data comes from files you upload.

5. How We Use or Process Information

To provide budgeting insights including statement parsing, transaction categorization, trend visualization, and Oracle forecast/anomaly analysis.
To improve app functionality, including reusing learned categorization rules to reduce redundant processing.
To monitor anonymous usage patterns and improve the Service (analytics).
To respond to your support and contact requests. However, the app itself does not store, log, or transmit any user communications or emails. Any emails you send to us are handled externally by your email provider and ours (e.g., Gmail), and may be retained according to their respective policies. We cannot guarantee the security or deletion of emails outside our immediate control. We recommend you do not send sensitive information (such as bank statements or personal data) via email or support channels. Athena Analytics LLC is not responsible for the security, retention, or transmission of communications handled by third-party email providers.
To enforce our Terms of Service and protect the rights, safety, and security of users and the Service.

6. Third-Party Services

If you enable AI-assisted features, the Service sends limited, sanitized data to a third-party AI provider (currently OpenAI) for processing. This data is transmitted securely via OpenAI’s API; contractually, OpenAI does not use data submitted via their API to train their AI models, and data is retained by OpenAI solely for abuse monitoring according to their data privacy terms. The specific data sent includes:

Categorize AI: Sanitized transaction descriptions and account type only.
Oracle follow-up AI: Sanitized summary and aggregate financial signals only (e.g., forecast direction, confidence label, anomaly counts, top categories, monthly estimates).
Financial Story AI: Sanitized aggregate signals only (e.g., total income, total spend, net flow, top category labels and amounts, credit net, savings rate). No merchant names, account numbers, or raw transaction rows are sent.

Raw PDFs, full statement text, account numbers, and full statement balances are never sent to any third-party provider. All AI features are opt-in and can be disabled at any time.

When Sign in with Apple is used, Apple acts as an identity provider and processes authentication data under Apple’s policies. When Sign in with Google is used (web/PWA only), Google acts as an identity provider and processes authentication data under Google’s policies. We only request and process identity data needed to authenticate and secure your session.

We do not use any third-party analytics, advertising, or tracking services. All usage analytics are collected and stored on our own servers.

7. Data Storage and Security

All traffic is served over HTTPS end-to-end.
The Service is deployed on AWS Amplify and AWS Elastic Beanstalk.
CI/CD uses GitHub Actions with OIDC federation to AWS. Long-lived access keys are not used.
Uploaded files are request-scoped and purged from backend request memory/temporary handles after parsing. Parsed statement datasets are not persisted on our servers as retained customer financial data.
Learned categorization rules are stored locally on your device only and are never transmitted to our servers. No raw transaction descriptions, amounts, or account numbers are stored in rules.
Device-local Session History data, including locally cached Oracle and Financial Story snapshots, is stored only on your device and is never transmitted to our servers as part of local caching.
Anonymous usage analytics are the primary server-side persisted dataset and are stored in a server-side database. No personal information is included.

8. App Store (iOS) Disclosures

The iOS app requires Sign in with Apple for protected upload and analysis sessions.
We do not use third-party advertising SDKs, ad identifiers, or cross-app tracking for advertising.
Because the app does not track users across third-party apps or websites for advertising, the current shipping app does not rely on App Tracking Transparency.
We do not sell personal information.
If paid features are introduced later, iOS purchase terms and any required auto-renew disclosures will be shown before purchase.

9. Your Rights

You can delete individual saved uploads, disable Session History, or clear all cached data at any time within the app.
If account auth is active (Sign in with Apple, or Sign in with Google on the web/PWA), you can permanently delete your account in-app from Settings under Data controls.
You can delete any learned categorization rule at any time through the app.
You can disable anonymous usage analytics at any time in Settings.
You can request access to or deletion of any personal data we hold by contacting us at support@mybudgetnerd.com.

10. Data Retention

Uploaded files are processed request-by-request and purged from backend request memory/temporary handles after parsing. Parsed statement datasets are not retained on our servers as a stored customer financial dataset. Device-local Session History retains data for a period you choose (default 120 days; options include off, 6 hours, 30, 60, 90, 120 days, or 1 year), supports deletion of individual saved uploads, and can be cleared at any time. When available, cached Oracle and Financial Story snapshots follow the same on-device retention and deletion behavior. Learned categorization rules are stored on-device and can be cleared at any time through the app. Anonymous analytics events are retained on our servers for operational purposes.

11. Children’s Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

12. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your data with third parties except as described in Section 6 (Third-Party Services) or when required by law to comply with legal obligations, protect our rights, or ensure the safety of our users.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Security and Data Breach Notification

We implement technical and organizational security measures designed to protect the information we process, including HTTPS-only transmission, platform-standard secure storage for authentication tokens, and the infrastructure controls described in Section 7. However, no security measure is perfect or impenetrable, and we cannot guarantee the absolute security of your data.

In the event of a data breach that affects personal information we hold, we will notify affected users and relevant authorities as required by applicable law, without undue delay. Where we have your contact information, notification will be provided by email. We will also post a prominent notice on our website or within the app as appropriate.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, contact us at support@mybudgetnerd.com.

If you contact us for support, please note: the app does not store, log, or transmit user communications or emails. Emails are handled by external email providers and may be retained under their respective policies. We recommend you do not send sensitive information (such as bank statements or personal data) via email or support channels. Athena Analytics LLC is not responsible for the security, retention, or transmission of communications handled by third-party email providers.