Information We Collect

Personal Information You Provide

When you interact with our services, we collect information you voluntarily share with us. This happens when you create an account, contact us, or use our budgeting tools.

• Your name and email address when you register for an account
• Phone number if you choose to provide it for support purposes
• Financial data you input into our forecasting tools (stored securely and encrypted)
• Communication records when you reach out to our support team
• Payment information processed through secure third-party payment processors

Automatically Collected Data

Like most websites, we automatically gather certain technical information when you visit our site. This helps us improve your experience and understand how people use our services.

• IP address and general location data (city/state level only)
• Browser type, device information, and operating system
• Pages viewed and time spent on different sections
• Referring website or search terms that brought you here
• Session data including login times and feature usage patterns

How We Use Your Information

We're not in the business of selling your data. Everything we collect serves a specific purpose related to providing and improving our budget forecasting services.

Data Storage and Security

We store your information on secure servers located in Australia, managed by reputable hosting providers with strong security credentials. All sensitive data is encrypted both in transit and at rest.

Security Measures We Implement

• 256-bit SSL encryption for all data transmission between your device and our servers
• AES-256 encryption for stored financial data and sensitive personal information
• Regular security audits and penetration testing by independent third parties
• Multi-factor authentication options for account access
• Strict access controls limiting employee access to personal data on a need-to-know basis
• Automated backup systems with encrypted off-site storage
• 24/7 monitoring for suspicious activity and potential security threats

While we can't guarantee absolute security (no one can), we take every reasonable precaution to protect your information. If we ever detect a breach that affects your data, we'll notify you promptly and explain what happened.

Your Rights Under Australian Privacy Law

The Australian Privacy Act 1988 and Privacy Principles give you specific rights regarding your personal information. We comply fully with these requirements and make it straightforward for you to exercise these rights.

Access and Correction

You can request a copy of the personal information we hold about you at any time. Just send us an email, and we'll provide it within 30 days. If you spot something incorrect or outdated, let us know and we'll fix it promptly.

Data Portability

Want to move your financial data to another service? We'll export your information in a common format (CSV or JSON) so you can take it with you. This includes all forecasting data, account settings, and historical records.

Deletion Requests

You have the right to request deletion of your personal information. We'll honour this within 30 days, though we may need to retain certain records for legal or regulatory reasons (like tax documentation). We'll explain what we need to keep and why.

Cookies and Tracking Technologies

We use cookies to remember your preferences and keep you logged in. That's about it. We don't use invasive tracking or share cookie data with advertising networks.

Essential Cookies

These are necessary for the site to function. They remember your login status, session details, and basic preferences. You can't opt out of these because they're required for the service to work.

Analytics Cookies

We use basic analytics to understand how people use our site. This helps us spot issues and improve things. The data is anonymised and we don't track you across other websites. You can disable these in your browser settings if you prefer.

We don't use advertising cookies, social media tracking pixels, or any of those third-party trackers that follow you around the web. What happens on our site stays on our site.

Third-Party Services

We work with a small number of trusted third parties who help us provide our services. Each has been carefully vetted for security and privacy practices.

Payment Processing

We use Stripe for payment processing. When you make a payment, your credit card information goes directly to Stripe—we never see or store your full card details. Stripe is PCI DSS compliant and maintains bank-level security.

Email Communications

We use SendGrid to send transactional emails (like password resets and account notifications). They process your email address for delivery purposes only and don't use it for their own marketing.

Cloud Hosting

Our infrastructure runs on AWS servers located in Sydney. AWS provides physical security, network protection, and infrastructure monitoring. They're bound by strict data processing agreements.

None of these partners can use your data for their own purposes. They're bound by contracts that require them to protect your information and use it only as we direct.

Data Retention

We keep your information only as long as necessary to provide services or meet legal requirements. Here's what that means in practice.

• Active accounts: Your data remains accessible while your account is active
• Closed accounts: After you close your account, we delete personal data within 90 days
• Financial records: Tax and transaction records are kept for 7 years (Australian legal requirement)
• Support communications: Stored for 3 years for quality assurance and dispute resolution
• Analytics data: Anonymised usage statistics kept indefinitely for service improvement

When we delete data, it's permanently removed from our systems and backups. We don't just hide it or archive it somewhere—it's actually gone.

International Data Transfers

Your data stays in Australia. We don't transfer it overseas or store it on international servers. All processing happens within Australian data centres, subject to Australian privacy law.

If we ever need to change this arrangement, we'll notify you in advance and give you the option to close your account if you're not comfortable with the change.

Children's Privacy

Our services aren't designed for anyone under 18. We don't knowingly collect information from minors. If we discover we've inadvertently gathered data from someone under 18, we'll delete it immediately.

If you're a parent and believe your child has provided us with personal information, please contact us straight away so we can remove it.

Changes to This Policy

We'll update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice on the website.

The "Last Updated" date at the top shows when the current version took effect. We recommend checking back periodically, especially if you haven't visited in a while.

If you continue using our services after we update the policy, that means you accept the changes. If you don't agree with a new version, you can close your account and we'll delete your information according to our retention policy.

Complaints and Disputes

If you have concerns about how we've handled your personal information, please contact us first. We'll investigate thoroughly and respond within 30 days.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). They're the independent regulator responsible for privacy matters in Australia.

• OAIC Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au