Privacy Policy — Budly
Effective date: May 10, 2026
Last updated: May 10, 2026
Budly is an expense tracking app developed by Giuliano Accorsi ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Budly.
By using Budly, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address — used for authentication and account recovery
- Display name (optional) — shown in the app interface
Financial Data
To provide the core budgeting experience, Budly stores the following data that you enter:
- Expenses (amounts, dates, descriptions, payment methods)
- Budget categories and spending limits
- Recurring expenses and installment plans
- Trip budgets (name, dates, currency, budget amount)
- Imported bank statement data (CSV)
We do not have access to your bank accounts, credit cards, or any financial institution. All financial data is manually entered or imported by you.
Diagnostic Data
To maintain app stability, we collect:
- Crash reports — stack traces, error messages, and diagnostic breadcrumbs (via Firebase Crashlytics, production builds only)
- Device information — device model and OS version (for crash diagnostics only)
- Device identifier — used solely for data synchronization and conflict resolution
We do not collect usage analytics, behavioral data, or advertising identifiers.
AI Chat Data
Budly includes an in-app AI assistant ("Budly Chat") powered by Google's Gemini model, accessed through Firebase AI Logic on the Vertex AI backend. When you send a message to the assistant, the following data is transmitted to Google Cloud (Vertex AI) for processing:
- The text of the messages you write in the chat
- Recent chat history from the current conversation (used as context for the reply)
- Aggregated financial summaries returned by the assistant's built-in tools (e.g., totals per category, recent expenses, active trips) when the model requests them to answer your question
- Optional "facts about the user" that you have asked the assistant to remember
Budly uses the Vertex AI backend specifically because, under the Google Cloud Platform terms, Google does notuse this data to train its foundation models, and the data is not used to improve Google's products outside the scope of providing the service.
Each chat request is signed by Firebase App Check (App Attest on iOS, Play Integrity on Android) to prevent unauthorized use of our backend.
Chat history and remembered facts are stored locally on your device only and are not synchronized to Firebase Firestore. You can clear the chat history at any time from within the chat screen.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the expense tracking service | Financial data, account info |
| Sync data across your devices | All user data, device identifier |
| Resolve data conflicts during sync | Device identifier, timestamps |
| Diagnose and fix crashes | Crash reports, device info |
| Authenticate and secure your account | Email address |
| Answer questions in the AI chat assistant | Chat messages, recent chat context, financial summaries requested by the assistant's tools |
| Send local and remote notifications (e.g., budget reminders) | Firebase Cloud Messaging device token |
We do not use your data for profiling, advertising, or any purpose other than providing and improving the Budly service.
3. Data Storage & Security
Budly follows an offline-first architecture:
- Local storage: Your data is stored on your device using a local database. The app is fully functional without an internet connection.
- Cloud backup:When you sign in, your data is synchronized to Firebase Firestore, hosted by Google on servers secured under their infrastructure. Data is encrypted in transit (TLS) and at rest on Google's servers.
- API security: We use Firebase App Check to prevent unauthorized access to our backend services.
- App lock: Budly offers optional biometric protection (Face ID / Touch ID) to restrict access to the app on your device.
4. Third-Party Services
Budly uses the following third-party services, all provided by Google LLC:
| Service | Purpose | Data Processed |
|---|---|---|
| Firebase Authentication | User sign-in (email/password) | Email, password hash |
| Firebase Firestore | Cloud data synchronization | All user-entered financial data |
| Firebase Crashlytics | Crash reporting (production only) | Crash logs, stack traces, device model, OS version |
| Firebase App Check | API abuse prevention | Device attestation tokens |
| Firebase AI Logic (Vertex AI backend) | Power the in-app AI chat assistant (Gemini model) | Chat messages, conversation context, aggregated financial summaries requested via tool calls. Vertex AI does not use this data to train foundation models. |
| Firebase Cloud Messaging (FCM) | Deliver push notifications (e.g., budget reminders) | Device push token |
Google's privacy policy: policies.google.com/privacy
No other third-party services, SDKs, or trackers are included in the app.
5. Permissions
Budly may request the following device permissions:
| Permission | Purpose | Required? |
|---|---|---|
| Face ID / Touch ID | Protect access to your financial data | Optional |
| Notifications | Local reminders for budgeting goals and push notifications delivered via Firebase Cloud Messaging | Optional |
| File access | Import bank statements (CSV files) | Optional, on-demand only |
Budly does not access your location, contacts, camera, microphone, calendar, photos, or health data.
6. Data Sharing
- We do not sell your personal or financial data.
- We do not share your data with third parties for marketing or advertising.
- We do not display ads or use marketing trackers.
- Your financial data is accessible only to you and is never shared with anyone, including us.
The only data transmission occurs between your device and Firebase services for the purpose of cloud synchronization and crash reporting.
7. Data Portability & Deletion
Export
You can export all your expense data as a CSV file at any time from Settings > Export Data within the app.
Account Deletion
You can permanently delete your account from Settings > Delete Account. This action:
- Immediately deletes your Firebase Authentication account
- Permanently removes all your data from Firebase Firestore
- Clears all locally stored data on the device
- Is irreversible
Data Retention
- Active accounts: Data is retained as long as your account is active.
- Deleted accounts: All cloud data is permanently deleted upon account deletion. No backups or copies are retained.
- Crash reports: Diagnostic data in Firebase Crashlytics is retained for 90 days per Google's default retention policy.
- Chat history and remembered facts: Stored locally on your device only. They are not synchronized to the cloud and are removed when you clear the chat, delete the app, or delete your account.
- AI chat requests on Google Cloud: Vertex AI may temporarily log requests for abuse monitoring per Google Cloud's standard policies. This data is not used to train Google's foundation models.
8. International Data Transfers
Your data may be processed on servers located outside your country of residence, including in the United States, as part of Google's Firebase infrastructure. By using Budly, you consent to this transfer. Google complies with applicable data protection frameworks for international transfers.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data (available via in-app export)
- Delete your personal data (available via in-app account deletion)
- Portability of your data (available via CSV export)
- Withdraw consent by deleting your account at any time
For users in Brazil, your rights under the LGPD (Lei Geral de Proteção de Dados) are fully supported through the features described above.
10. Children's Privacy
Budly is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated revision date. We encourage you to review this policy periodically.
12. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact:
Giuliano Accorsi
Email: giulianoaccorsi@gmail.com