🔒 Privacy Policy

📋 What Information We Collect

Account Information

When you sign in with Google, we collect and store:

• Your email address
• Your name
• Your Google account ID
• Google OAuth tokens (for API access)
• Your Google Sheets spreadsheet ID (for budget updates)
• Account creation and last login timestamps

Custom Preferences

We store your learned categorization keywords to improve your experience.

Feedback & Support Messages

When you submit feedback, we store your name, email, and message to respond to your inquiries.

Usage Information

We collect basic usage logs for debugging and security purposes, including:

• Page visits
• Error reports
• File upload attempts (success/failure status only)

✅ What We DON'T Collect

We are committed to a privacy-first design:

• NO long-term transaction storage: Transaction data is only stored temporarily during review (30 minutes max), then permanently deleted
• NO bank statement PDFs: PDFs are processed temporarily in memory and immediately deleted after export or inactivity
• NO spreadsheet data: Your budget spreadsheet stays in YOUR Google Drive only
• NO payment information: We don't store credit card numbers or payment details
• NO browsing history: We don't track your activity outside our app
• NO device information: We don't collect phone models, operating systems, or device IDs

🎯 How We Use Your Information

We use the information we collect to:

• Authenticate your account and maintain your session
• Create and update your budget spreadsheet in Google Sheets
• Improve transaction categorization based on your corrections
• Send you responses to feedback and support requests
• Debug errors and improve the application
• Prevent fraud and maintain security

We will NEVER:

• Sell your data to third parties
• Share your financial information with anyone (since we don't even have it)
• Send you marketing emails without your consent
• Use your data for advertising purposes

🔗 Google API Access

3 Bucket Budget uses Google APIs to provide core functionality. When you authorize our app, we request access to:

Google Sheets API

Used to:

• Create your budget spreadsheet in Google Drive
• Update transaction data, formulas, and charts
• Format cells and create summary sheets

Important: We only access spreadsheets that OUR APP creates. We cannot see or access any other spreadsheets or files in your Google Drive.

Note: We do NOT request Google Drive file access. Your bank statement PDFs are processed locally and never uploaded to our servers or your Drive.

Google Account Information

Used to:

• Identify you when you sign in
• Display your name and email in the app

Gmail API (Optional - Only if you enable Email Auto-Import)

Used to:

• Monitor your Gmail for bank statement emails (Scotiabank Bahamas or CIBC FirstCaribbean)
• Extract PDF attachments from bank emails
• Automatically process statements without manual uploads

Important: Gmail monitoring runs entirely in YOUR Google account via Google Apps Script (not on our servers). You control the script and can disable it anytime.

📧 Email Auto-Import Privacy

If you enable Email Auto-Import:

• The monitoring script runs entirely in YOUR Google account (not on our servers)
• The script only reads emails from your bank (Scotiabank Bahamas or CIBC FirstCaribbean)
• Transaction data goes directly from your Gmail to YOUR spreadsheet
• We never see, store, or access your emails
• You can disable the script at any time by removing the trigger in Google Apps Script

⏱️ Temporary Transaction Storage During Review

When you upload bank statements, transaction data is temporarily stored in our secure database to enable the review and categorization workflow. This temporary storage allows you to:

• Upload multiple statements and review them together
• Switch between different uploads while maintaining your category changes
• Auto-save category adjustments as you work (prevents data loss)
• Take your time reviewing before exporting to Google Sheets

How Long Is Data Stored?

Transaction data is stored for a maximum of 30 minutes and is automatically deleted when:

• ✅ You click "Export to Google Sheets" (immediate deletion after export)
• ✅ You click "Clear All" on the Review page (immediate deletion)
• ✅ 30 minutes of inactivity pass (automatic expiration)

What Happens to This Data?

• NEVER used for marketing, analytics, or advertising
• NEVER shared with third parties
• NEVER retained after the review session
• Encrypted in transit (HTTPS) and at rest (secure database)
• Completely unrecoverable after deletion - we cannot retrieve it even if you ask

🛡️ Data Security

We take security seriously:

• Encrypted connections: All data transmitted between your browser and our servers uses HTTPS encryption
• Secure token storage: OAuth tokens are encrypted in our database
• Session management: Sessions expire automatically after inactivity
• No plaintext passwords: We use Google OAuth exclusively - we never see your password
• Rate limiting: Protection against abuse and automated attacks
• Regular backups: Database backups to prevent data loss

⏰ Data Retention

We retain your data as follows:

• Account information: Stored as long as your account is active
• Learned keywords: Stored as long as your account is active
• Feedback messages: Stored for 2 years or until resolved
• Activity logs: Retained for 90 days for debugging purposes
• Transaction data: Temporarily stored for up to 30 minutes during review, then permanently deleted after export or inactivity
• Bank statement PDFs: Processed in memory, then permanently deleted (never stored on our servers or uploaded anywhere)

Account Deletion

If you want to delete your account:

1. Go to Settings and click "Delete My Account"
2. Confirm the deletion (this action cannot be undone)
3. Your account information will be permanently deleted immediately
4. Your budget spreadsheet will remain in your Google Drive (we cannot delete it)

Note: Account deletion revokes our app's access to your Google account, deletes your learned keywords, and removes all your account data from our database.

🔗 Third-Party Services

We use the following third-party services:

• Render.com: For web hosting and database (PostgreSQL)
• Google OAuth: For secure sign-in (Google's Privacy Policy applies)
• Google Sheets API: For budget spreadsheet management
• Gmail API: For email monitoring (only if you enable Email Auto-Import)

We do NOT use:

• Analytics services (no Google Analytics, no tracking pixels)
• Advertising networks
• Marketing automation tools
• Social media tracking

⚖️ Your Rights

You have the right to:

• Access your data: Request a copy of your account information
• Correct your data: Update your name or preferences in Settings
• Delete your data: Request account deletion at any time
• Revoke access: Remove our app's access via Google Account settings
• Export your data: Download your data as Excel anytime, or access your Google Sheets budget directly

To exercise these rights, contact us at support@3bucketbudget.com

📝 Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes:

• We will update the "Last Updated" date at the top
• We will notify you via email if the changes are material
• Continued use of the app after changes means you accept the updated policy

📧 Contact Us

If you have questions about this Privacy Policy or how we handle your data:

• Email: support@3bucketbudget.com
• Feedback Form: Submit feedback