Privacy Policy — Budly
Effective date: May 10, 2026
Last updated: May 17, 2026
Budly is an expense tracking app developed by Giuliano Accorsi ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Budly, in compliance with Brazil's Lei Geral de Proteção de Dados (LGPD, Law 13.709/2018) and the European Union's General Data Protection Regulation (GDPR, EU 2016/679).
By using Budly, you agree to the collection and use of information in accordance with this policy.
Data Controller and Data Protection Officer
Data Controller (Controlador / Controller): Giuliano Accorsi, individual developer, established in Malta (European Union).
Data Protection Officer (Encarregado de Proteção de Dados, per LGPD Article 41): Giuliano Accorsi.
For any questions about this policy, to exercise your data protection rights, or to report an incident, contact the DPO at: support@budlyapp.app.
EU/EEA users — GDPR Article 27: because the Controller is established in the EU/EEA (Malta), the obligation to designate an EU Representative under GDPR Article 27 does not apply. Data subject requests from the EU/EEA should be directed to the DPO at the address above and will be handled within the timeframes set by GDPR Articles 12–22.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address — used for authentication and account recovery
- Display name (optional) — shown in the app interface
Financial Data
To provide the core budgeting experience, Budly stores the following data that you enter:
- Expenses (amounts, dates, descriptions, payment methods)
- Budget categories and spending limits
- Recurring expenses and installment plans
- Trip budgets (name, dates, currency, budget amount)
- Imported bank statement data (CSV)
We do not have access to your bank accounts, credit cards, or any financial institution. All financial data is manually entered or imported by you.
Diagnostic Data
To maintain app stability, we collect:
- Crash reports — stack traces, error messages, and diagnostic breadcrumbs (via Firebase Crashlytics, production builds only)
- Device information — device model and OS version (for crash diagnostics only)
- Device identifier — used solely for data synchronization and conflict resolution
We do not collect usage analytics, behavioral data, or advertising identifiers.
AI Chat Data
Budly includes an in-app AI assistant ("Budly Chat") powered by Google's Gemini model, accessed through Firebase AI Logic on the Vertex AI backend. When you send a message to the assistant, the following data is transmitted to Google Cloud (Vertex AI) for processing:
- The text of the messages you write in the chat
- Recent chat history from the current conversation (used as context for the reply)
- Aggregated financial summaries returned by the assistant's built-in tools (e.g., totals per category, recent expenses, active trips) when the model requests them to answer your question
- Optional "facts about the user" that you have asked the assistant to remember
Budly uses the Vertex AI backend specifically because, under the Google Cloud Platform terms, Google does notuse this data to train its foundation models, and the data is not used to improve Google's products outside the scope of providing the service.
Each chat request is signed by Firebase App Check (App Attest on iOS, Play Integrity on Android) to prevent unauthorized use of our backend.
Chat history and remembered facts are stored locally on your device only and are not synchronized to Firebase Firestore. You can clear the chat history at any time from within the chat screen.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the expense tracking service | Financial data, account info |
| Sync data across your devices | All user data, device identifier |
| Resolve data conflicts during sync | Device identifier, timestamps |
| Diagnose and fix crashes | Crash reports, device info |
| Authenticate and secure your account | Email address |
| Answer questions in the AI chat assistant | Chat messages, recent chat context, financial summaries requested by the assistant's tools |
| Send local and remote notifications (e.g., budget reminders) | Firebase Cloud Messaging device token |
We do not use your data for profiling, advertising, or any purpose other than providing and improving the Budly service.
2A. Legal Basis for Processing
Under LGPD Article 7 and GDPR Article 6(1), each processing activity must rely on a specific legal basis. The table below maps each purpose to the legal basis we rely on:
| Purpose | LGPD basis (Art. 7) | GDPR basis (Art. 6(1)) |
|---|---|---|
| Account creation, authentication, expense tracking, sync | V — execution of contract | (b) — performance of a contract |
| Subscription billing (Budly Pro) | V — execution of contract; VI — legal obligation (tax/consumer law) | (b) — performance of a contract; (c) — legal obligation |
| Crash diagnostics and app stability | IX — legitimate interest of the controller | (f) — legitimate interest |
| AI chat assistant (sending data to Google Vertex AI) | I — explicit consent of the data subject | (a) — explicit consent |
| Push notifications (budget reminders) | I — consent (granted via OS permission prompt) | (a) — consent |
| Fraud prevention (App Check, abuse monitoring) | IX — legitimate interest | (f) — legitimate interest |
Consent for the AI chat assistant is recorded in-app with an explicit, versioned acceptance: each user's acceptance is stored locally with a version number and UTC timestamp, scoped to the signed-in Firebase user. You can revoke consent at any time from Settings > Budly AI consent; once revoked, no further data is sent to the assistant. If we materially change what data the assistant receives, we will bump the consent version and re-prompt you before using the chat again.
No automated decision-making (LGPD Art. 20 / GDPR Art. 22): the AI chat assistant only generates informational suggestions. It does not make automated decisions that produce legal effects or similarly significantly affect you — it does not approve or deny credit, set prices, control access to features, or determine eligibility for anything. If you believe a particular response from the assistant has materially affected you, you have the right to request human review by contacting support@budlyapp.app.
3. Data Storage & Security
Budly follows an offline-first architecture:
- Local storage: Your data is stored on your device using a local database. The app is fully functional without an internet connection.
- Cloud backup:When you sign in, your data is synchronized to Firebase Firestore, hosted by Google on servers secured under their infrastructure. Data is encrypted in transit (TLS) and at rest on Google's servers.
- API security: We use Firebase App Check to prevent unauthorized access to our backend services.
- App lock: Budly offers optional biometric protection (Face ID / Touch ID) to restrict access to the app on your device.
4. Subprocessors (Operators / Processors)
The following providers process personal data on our behalf, under our documented instructions, and are bound by a written data processing agreement (LGPD Art. 39 / GDPR Art. 28):
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google LLC — Firebase Authentication | User sign-in (email/password) | Email, password hash | United States |
| Google LLC — Firebase Firestore | Cloud data synchronization | All user-entered financial data | United States |
| Google LLC — Firebase Crashlytics | Crash reporting (production only) | Crash logs, stack traces, device model, OS version, installation UUID | United States |
| Google LLC — Firebase App Check | API abuse prevention | Device attestation tokens (App Attest / Play Integrity) | United States |
| Google LLC — Firebase AI Logic (Vertex AI) | Power the in-app AI chat assistant (Gemini 2.5 Flash) | Chat messages, conversation context, aggregated financial summaries requested via tool calls, user-saved facts. Vertex AI does not use this data to train foundation models. | United States (us-central1 by default) |
| Google LLC — Firebase Cloud Messaging (FCM) | Deliver push notifications (e.g., budget reminders) | Device push token | United States |
| RevenueCat, Inc. | Subscription management and entitlement verification (Budly Pro) | Firebase user ID (as RevenueCat customer ID), device and platform identifiers, subscription receipts and status | United States |
Reference policies and terms: Google Privacy Policy · Google Cloud Data Processing Addendum · Google Cloud subprocessors · RevenueCat Privacy Policy · RevenueCat DPA
4A. Independent Controllers (Payment Platforms)
When you purchase a Budly Pro subscription, payment is processed by Apple Inc. (on iOS) or Google LLC (on Android) directly. These platforms are independent data controllers for the billing relationship — not our subprocessors. They determine the purposes and means of processing your payment data themselves, under their own terms, privacy notices, and legal obligations (e.g., tax and anti-fraud law). We do not have a data processing agreement governing this billing data because we do not act as the controller of it.
| Controller | Purpose | Data Processed | Location |
|---|---|---|---|
| Apple Inc. — App Store / In-App Purchase | Process subscription payments on iOS | Apple ID, billing data, purchase receipts. We do not see your payment instrument. | United States / regional Apple infrastructure |
| Google LLC — Google Play Billing | Process subscription payments on Android | Google account identifier, billing data, purchase tokens. We do not see your payment instrument. | United States |
For details on how these platforms handle your payment data, please review: Apple Privacy Policy · Google Play Privacy Policy.
No other third-party services, SDKs, advertising networks, or analytics trackers are included in the app.
5. Permissions
Budly may request the following device permissions:
| Permission | Purpose | Required? |
|---|---|---|
| Face ID / Touch ID | Protect access to your financial data | Optional |
| Notifications | Local reminders for budgeting goals and push notifications delivered via Firebase Cloud Messaging | Optional |
| File access | Import bank statements (CSV files) | Optional, on-demand only |
Budly does not access your location, contacts, camera, microphone, calendar, photos, or health data.
6. Data Sharing
- We do not sell your personal or financial data.
- We do not share your data with third parties for marketing or advertising.
- We do not display ads or use marketing trackers.
- Your financial data is not accessible to other users. We do not routinely access the content of your data; administrative access is restricted to support you have requested, service security, and compliance with legal obligations or court orders.
Beyond the subprocessors listed in Sections 4 and 4A (Firebase, Vertex AI, RevenueCat, and — at the moment of purchase — Apple or Google as independent controllers of the billing relationship), we do not transmit your data to any other recipient.
7. Data Portability & Deletion
Export
You can export all your expense data as a CSV file at any time from Settings > Export Data within the app.
Account Deletion
You can permanently delete your account from Settings > Delete Account. This action:
- Immediately deletes your Firebase Authentication account
- Permanently removes all your data from Firebase Firestore
- Clears all locally stored data on the device
- Is irreversible
Data Retention
- Active accounts: Data is retained as long as your account is active.
- Deleted accounts: All cloud data is permanently deleted upon account deletion. No backups or copies are retained.
- Crash reports: Diagnostic data in Firebase Crashlytics is retained for 90 days per Google's default retention policy.
- Chat history and remembered facts: Stored locally on your device only. They are not synchronized to the cloud and are removed when you clear the chat, delete the app, or delete your account.
- AI chat requests on Google Cloud: Vertex AI logs requests for up to 30 days for abuse monitoring per Google Cloud's standard policies, after which they are deleted. This data is not used to train Google's foundation models and is not accessible to us as the controller.
- Subscription records: Retained by RevenueCat, Apple, and Google for as long as required by tax and consumer-protection law in the jurisdiction of purchase (typically 5–10 years).
8. International Data Transfers
Budly processes data on servers located outside Brazil and outside the European Economic Area, primarily in the United States, as part of the Firebase, Vertex AI, and RevenueCat infrastructure.
Safeguards for transfers (LGPD Art. 33 / GDPR Art. 46): we rely on the following contractual safeguards for international transfers of personal data:
- Google Cloud Platform (Firebase & Vertex AI): Cloud Data Processing Addendum (CDPA), incorporating the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, accepted on the Google Cloud console.
- RevenueCat: Data Processing Addendum incorporating the SCCs.
- Apple and Google Play: payment processing is governed by their respective terms and privacy frameworks, as independent controllers (see Section 4A).
Where required, the transfer is also based on your explicit consent (LGPD Art. 33, VIII / GDPR Art. 49(1)(a)) — for example, when you enable the AI chat assistant.
9. Your Rights
Under LGPD Article 18 and GDPR Articles 12–22, you have the following rights with respect to your personal data:
- Confirmation and access — to confirm whether we process your data and obtain a copy (available via in-app CSV export and via written request to the DPO)
- Correction / rectification of incomplete, inaccurate, or outdated data (editable in the app, or via request to the DPO)
- Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data
- Portability of your data to another service provider (available as CSV export)
- Deletion of personal data processed on the basis of consent (available via in-app account deletion)
- Information about sharing — details of public and private entities with whom we share data (see Sections 4 and 4A above)
- Information about not consenting — and the consequences of refusing to consent
- Withdrawal of consent at any time, including for the AI chat assistant (Settings > Budly AI consent)
- Right to lodge a complaint with a supervisory authority: in Brazil, the Autoridade Nacional de Proteção de Dados (ANPD); in the EU/EEA, your local Data Protection Authority.
How to exercise your rights
Send a written request to support@budlyapp.app stating which right you wish to exercise. We may ask you to confirm your identity by signing in with the e-mail tied to your Budly account.
Response timeframe: we will respond without undue delay and, in any case, within 15 days as required by LGPD Article 19, or within 30 days as required by GDPR Article 12(3) (extendable by two further months for complex requests, with notice to you). Exercising your rights is free of charge.
10. Data Breach Notification
In the event of a security incident affecting your personal data that creates relevant risk or damage to you, we will notify:
- The ANPD and affected users within a reasonable timeframe, as required by LGPD Article 48.
- The competent EU supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33, and affected users without undue delay when the breach is likely to result in a high risk to their rights (GDPR Art. 34).
Notifications will describe the nature of the incident, the data categories affected, the likely consequences, and the measures taken or proposed to mitigate the risk.
11. Children's and Adolescents' Privacy
Budly is intended for adults. We do not knowingly direct the service to, or collect personal data from, children or adolescents.
- Brazil (LGPD Art. 14): data of children (under 12) is processed only with specific and prominent consent given by at least one parent or legal guardian. Adolescents (12 to 17) may use the service only with parental or legal guardian consent, in their best interest.
- European Union (GDPR Art. 8): consent of users under 16 (or the minimum age set by the applicable Member State, which can be as low as 13) must be authorized by the holder of parental responsibility.
- United States (COPPA): the service is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
If you believe a child or adolescent has provided personal data without the appropriate consent, contact support@budlyapp.app and we will promptly delete the data and the related account.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes — for example, adding a new subprocessor, changing what data is sent to the AI chat, or changing retention periods — will be highlighted on this page with an updated revision date, and we will, where reasonable, also notify you in-app. We encourage you to review this policy periodically.
13. Contact
For any questions, requests to exercise your data protection rights, or to report a security incident:
Data Controller and Data Protection Officer
Giuliano Accorsi
60 Triq Windsor
SLM1854 Sliema, Malta
Email: support@budlyapp.app