Privacy Policy for MyBudgetNerd

MyBudgetNerd is offered by Athena Analytics LLC, doing business as Athena Data Labs.

Effective date: April 1, 2026

This Privacy Policy describes how MyBudgetNerd (“we,” “us,” or “our”) processes information when you use our mobile application (iOS) and web application (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

1. Information You Provide or We Process to Operate the Service

Depending on how you use the Service, the following types of information may be provided by you or processed on your behalf:

• Apple Sign In authentication data (when sign-in is enabled): We process Apple-issued identity and access credentials needed to authenticate your session. This can include an Apple identity token, a stable Apple user identifier, token expiry metadata, and cryptographic nonce/state values used to validate sign-in requests. If Apple and your settings provide profile information (such as relay or direct email and display name), we may process that data for account/session display and support purposes.
• Financial data you choose to upload: Transaction descriptions, amounts, dates, and account type information may be extracted from bank statements you upload so the app can parse, categorize, analyze, and display your information back to you. Uploaded files are processed request-by-request and purged from backend request memory/temporary handles after parsing completes. We do not store uploaded statement files or parsed transaction datasets on our servers as a retained customer financial dataset.
• Learned categorization rules: When you recategorize a transaction and choose to remember it, a personal merchant–category rule (normalized merchant name, chosen category, timestamps, and counters) is stored locally on your device only (in browser or app local storage). Rules never leave your device and are never transmitted to our servers.
• Device-local session data: When Session History is enabled, parsed and categorized data, plus locally cached Oracle/Financial Story snapshots needed to reopen the app without recomputing, may be stored on your device using a retention window you select (default 90 days; options include off, 6 hours, 30, 60, 90, 120 days, or 1 year).

2. Authentication and Account Security

• On supported flows, we use Sign in with Apple for account authentication.
• We do not receive or store your Apple password.
• Authentication tokens are stored using platform security controls (for example, iOS secure storage/Keychain and browser-controlled secure storage where applicable).
• You can revoke app authorization from your Apple ID settings. Revocation can require you to sign in again to continue using authenticated features.

3. Anonymous Usage Analytics

We collect anonymous, non-personal usage analytics to understand how features are used and improve the Service. Analytics events are stored on our servers and include:

• Event type (e.g., app opened, file uploaded, export used, Oracle opened, categorization applied).
• An anonymous, locally generated device identifier (not tied to your name, email, or any account).
• App version and platform (web or iOS).
• Basic counts (e.g., number of transactions parsed).

Analytics never include transaction descriptions, merchant names, file names, account numbers, email addresses, or any personally identifiable information. Sensitive metadata is stripped before storage.

You can disable analytics at any time in the app’s Settings. When disabled, no events are sent.

4. Information We Do Not Collect

• We do not use third-party analytics services, tracking pixels, advertising cookies, or ad networks.
• We do not collect precise location data or device fingerprints.
• We do not link to or access bank accounts directly. All data comes from files you upload.

5. How We Use or Process Information

• To provide budgeting insights including statement parsing, transaction categorization, trend visualization, and Oracle forecast/anomaly analysis.
• To improve app functionality, including reusing learned categorization rules to reduce redundant processing.
• To monitor anonymous usage patterns and improve the Service (analytics).
• To respond to your support and contact requests. However, the app itself does not store, log, or transmit any user communications or emails. Any emails you send to us are handled externally by your email provider and ours (e.g., Gmail), and may be retained according to their respective policies. We cannot guarantee the security or deletion of emails outside our immediate control. We recommend you do not send sensitive information (such as bank statements or personal data) via email or support channels. We will be good stewards of any information you share with us, but cannot guarantee anything outside of our immediate control (such as your or our email provider).

6. Third-Party Services

If you enable AI-assisted features, the Service may send limited, sanitized data to a third-party AI provider (currently OpenAI) for processing:

• Categorize AI: Sanitized transaction descriptions and account type only.
• Oracle follow-up AI: Sanitized summary and aggregate financial signals only (e.g., forecast direction, confidence label, anomaly counts, top categories, monthly estimates).
• Financial Story AI: Sanitized aggregate signals only (e.g., total income, total spend, net flow, top category labels and amounts, credit net, savings rate). No merchant names, account numbers, or raw transaction rows are sent.

Raw PDFs, full statement text, account numbers, and full statement balances are never sent to any third-party provider. All AI features are opt-in and can be disabled at any time.

When Sign in with Apple is used, Apple acts as an identity provider and processes authentication data under Apple’s policies. We only request and process identity data needed to authenticate and secure your session.

We do not use any third-party analytics, advertising, or tracking services. All usage analytics are collected and stored on our own servers.

7. Data Storage and Security

• All traffic is served over HTTPS end-to-end.
• The Service is deployed on AWS Amplify and AWS Elastic Beanstalk.
• CI/CD uses GitHub Actions with OIDC federation to AWS. Long-lived access keys are not used.
• Uploaded files are request-scoped and purged from backend request memory/temporary handles after parsing. Parsed statement datasets are not persisted on our servers as retained customer financial data.
• Learned categorization rules are stored locally on your device only and are never transmitted to our servers. No raw transaction descriptions, amounts, or account numbers are stored in rules.
• Device-local Session History data, including locally cached Oracle and Financial Story snapshots, is stored only on your device and is never transmitted to our servers as part of local caching.
• Anonymous usage analytics are the primary server-side persisted dataset and are stored in a server-side database. No personal information is included.

8. App Store (iOS) Disclosures

• The iOS app requires Sign in with Apple for protected upload and analysis sessions.
• We do not use third-party advertising SDKs, ad identifiers, or cross-app tracking for advertising.
• Because the app does not track users across third-party apps or websites for advertising, the current shipping app does not rely on App Tracking Transparency.
• We do not sell personal information.
• If paid features are introduced later, iOS purchase terms and any required auto-renew disclosures will be shown before purchase.

9. Your Rights

• You can disable Session History or clear all cached data at any time within the app.
• If Sign in with Apple account auth is active, you can permanently delete your account in-app from Settings under Data controls.
• You can delete any learned categorization rule at any time through the app.
• You can disable anonymous usage analytics at any time in Settings.
• You can request access to or deletion of any personal data we hold by contacting us at support@mybudgetnerd.com.

10. Data Retention

Uploaded files are processed request-by-request and purged from backend request memory/temporary handles after parsing. Parsed statement datasets are not retained on our servers as a stored customer financial dataset. Device-local Session History retains data for a period you choose (default 90 days; options include off, 6 hours, 30, 60, 90, 120 days, or 1 year) and can be cleared at any time. When available, cached Oracle and Financial Story snapshots follow the same on-device retention and clearing behavior. Learned categorization rules are stored on-device and can be cleared at any time through the app. Anonymous analytics events are retained on our servers for operational purposes.

11. Children’s Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

12. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your data with third parties except as described in Section 5 (Third-Party Services) or when required by law to comply with legal obligations, protect our rights, or ensure the safety of our users.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

Support Communications Disclaimer

If you contact us for support or feedback, please note:

• The app itself does not store, log, or transmit any user communications or emails.
• Any emails you send to us are handled externally by your email provider and ours (e.g., Gmail), and may be retained according to their respective policies. We cannot guarantee the security or deletion of emails outside our immediate control.
• We recommend you do not send sensitive information (such as bank statements or personal data) via email or support channels.
• We will be good stewards of any information you share with us, but cannot guarantee anything outside of our immediate control (such as your or our email provider).

Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us:

Email: support@mybudgetnerd.com