Privacy Policy

The short version

Bud is a personal finance app for iPhone made by Shreyas Kalyanpad. We collect the minimum data needed to make Bud work for you. We don't sell your data, we don't share it with advertisers, we don't run ads inside the app, and we don't allow third-party trackers. You can delete everything from inside the app at any time.

What we collect, where it lives, and why

Account information. Your email address, first and last name, phone number (if you choose to add one), and your authentication provider (email, Apple, or Google). This is stored in our Supabase database and used to sign you in, send transactional emails, and identify you across devices. We use Resend to deliver auth emails from auth@budtheapp.com.

Your financial activity. Transactions, budgets, recurring payments, splits, friends, settlements, and notes you enter into the app are stored in our Supabase database under your user ID, protected by row-level security so only you can read them. Splits are additionally readable by the specific people you invite to that split, and only for the rows in that split. We need this data on the server so the app can sync across your devices, so other split participants see consistent totals, and so Buddy can answer questions about your money.

Receipt photos and profile pictures. When you attach a photo to a transaction or upload an avatar, the image is stored in a private Supabase storage bucket scoped to your user ID. Receipt photos load in the app via signed URLs that expire on a short window. We never make these public.

AI prompts and responses. When you use Buddy chat, Snap Photo, Attach Photo, Quick Add NLP, or share a screenshot to Bud, the text and (for image features) the compressed photo are sent to Google's Gemini API along with a small context window (recent transactions, budget, settings) so the model can produce a useful answer. Google processes the request under its Gemini API terms, which prohibit training on your prompts when the call is made from a paid project. We don't retain Buddy chat history on our backend; the on-device chat memory is stored locally in SwiftData on your phone. On-device fallbacks (used when the AI quota is exhausted or the network is unreachable) never leave your device.

Subscriptions. Bud Plus is billed through Apple via the App Store. We use RevenueCat to mirror your subscription state (active / expired / trial) so the app knows whether you have Plus access. We don't see your payment method, card number, or billing address; Apple handles those.

Crash and performance diagnostics. To keep Bud stable, we use Sentry to collect crash reports and basic performance data (such as launch time, hang rate, and errors). These reports are tagged with your account's user ID so we can group issues, but we do not send your email, name, or other personal details to Sentry, and this data is never used to track you or for advertising. It is used solely to find and fix bugs.

Splitwise integration. If you choose to import from Splitwise, we exchange an OAuth token with Splitwise during the connect flow. The token is stored encrypted in our backend and used only to fetch your Splitwise friends, groups, and expenses for the one-time import. You can disconnect at any time from the Split tab; disconnecting revokes the token at Splitwise's end.

Push notification tokens. If you grant Bud notification permission, your APNs device token is stored alongside your account so we can deliver budget alerts, split reminders, and recurring-payment reminders. Tokens are wiped on sign-out and rotated when iOS reassigns them.

Local-network proximity. If you opt in to "Split with nearby friends", Bud uses Apple's MultipeerConnectivity (Bluetooth + Wi-Fi) to discover other Bud users nearby. Your name and avatar are broadcast only while the app is in the foreground; nothing is sent to our servers. iOS's local network permission gates this feature.

Crash and diagnostic data. If you opt in via iOS Settings → Privacy & Security → Analytics, Apple shares anonymized crash reports with developers. We use those to fix bugs. You can turn this off any time.

What stays only on your device

Your Buddy chat transcript, your local SwiftData cache of transactions used for offline access, your custom category list, and your widget snapshots all live on your iPhone in encrypted on-device storage. Bud's on-device parsing fallbacks (heuristic receipt reader, heuristic Quick Add parser, on-device insights generator) never call the network, so the inputs they process never leave the device.

Who we share data with

Bud uses the following processors. We do not share your data with anyone else, and we do not sell, rent, or trade your data.

• Supabase — database, authentication, file storage, edge functions for AI proxying and webhooks. Hosted in the US.
• Google (Gemini API) — AI inference for Buddy chat, receipt parsing, Quick Add NLP, and share-sheet captures.
• Apple — App Store payment processing, push notifications via APNs, crash reports (if you opt in).
• RevenueCat — subscription state synchronization.
• Resend — transactional email delivery (sign-up confirmations, account recovery).
• Splitwise — only invoked when you explicitly connect a Splitwise account; receives an OAuth handshake and our import requests against your data.
• logo.dev — brand logo lookup for merchant tiles. We send a hashed merchant string and receive a logo URL; nothing user-identifying is included.

Children

Bud is intended for users 13 and older. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, please email us and we will remove the account.

Your rights

Delete your account. Account → Reset or Delete → Delete Account. Permanently removes your auth row, all your data from our database, and your receipt photos from storage. You can also run a non-destructive "Start Over" from the same screen to wipe data while keeping your account.

Export your data. Bud Plus subscribers can export transactions to CSV, Excel, or PDF from Account → Data. Free users can manually copy any view in the app.

Access, correction, portability, restriction. Email shreyas@kalsdesigns.com and we'll respond within 30 days. EU / UK / California users have additional rights under GDPR / CCPA which we honor.

Security

Data in transit uses TLS. Local data is protected by the iPhone's on-disk encryption. Server-side data is protected with Supabase's row-level security so a row belonging to one user is never readable by another (except for the explicit split-sharing exception described above). OAuth tokens for Splitwise are encrypted at rest in our database. We rotate keys before each major release.

Data retention

Active accounts: we keep your data as long as you keep your account. Deleted accounts: we remove your data from our live database within 30 days of the delete request, and from encrypted backups within 90 days. Receipts and avatars are removed within the same window.

International transfers

Our infrastructure is hosted in the United States. If you're using Bud from outside the US, your data is transferred to and processed in the US. The processors we work with (Supabase, Google, Apple, RevenueCat, Resend, Sentry) maintain Standard Contractual Clauses or equivalent safeguards for international data transfer.

Changes to this policy

If we update this policy, we'll change the date at the top and, for material changes, notify you in-app before the change takes effect. Continuing to use Bud after a material change indicates acceptance of the updated policy.

Contact

Privacy questions: shreyas@kalsdesigns.com

General questions: shreyas@kalsdesigns.com

Support: shreyas@kalsdesigns.com