Basis BudgetBasis Budget

Privacy & security

What we store, how encryption actually works here, what we don’t do with your data, and how to lock the app on your end.

Finance apps handle sensitive stuff. Here's the short version of how Basis Budget keeps yours safe, what we genuinely don't do with it, and what you can do to lock things down on your end.

Your data is encrypted

Your financial data (transactions, balances, budgets, net worth) is stored on your device first. A backup also goes to our servers so you can restore on a new device or after reinstalling.

That backup is encrypted on your device before it leaves. Our servers hold ciphertext, not your transactions in the clear. If you're curious about the exact cryptography, the Privacy Policy lays it out. For day-to-day use, the thing to know is: your data is protected, both on the device and on our servers.

Your bank credentials never touch us

When you link a bank, you sign in through Plaid. Your bank login goes to Plaid directly. Basis Budget never sees your username or password. Plaid sends us only the transaction data after you've authorized it.

What we don't do

Basis Budget makes money one way: the monthly subscription. Because the business model is just “people pay for the app,” we don't need to do any of this:

  • No ads. None. Not now, not later.
  • No analytics SDKs. We don't track what you tap, how long you stay on a screen, or which features you use. Genuine tradeoff for us (we'd love the data), but the trust cost isn't worth it.
  • No data sales. Your financial data never leaves the infrastructure required to run the app. Not anonymized and sold. Not aggregated and sold. Not shared with advertisers or brokers.

Locking the app on your end

Server-side protection doesn't help if someone picks up your unlocked phone. A couple of small features handle that.

Face ID / Touch ID app lock

In Settings, toggle on Require Face ID (or Touch ID, on older devices). The app will lock when you background it. You'll need to authenticate to get back in. Apple handles the biometric match; the app never sees your face or fingerprint.

Useful if your phone is shared, or if you just want a second barrier between the app and anyone glancing at your screen.

Number masking

Every numeric value in the app can be masked at once. Look for the small eye icon on the net worth card. Tap it and every balance, amount, and total becomes bullets: $••••. Tap again to reveal.

Good for handing your phone to a friend to show them the app, or pulling it out in public without broadcasting your finances.

The services we use

A small indie app leans on a few trusted services for parts we'd rather not rebuild. Here's who's in the loop:

  • Apple. Sign in with Apple, Face ID, App Store billing, and Wallet integration for Apple Card / Apple Savings.
  • Plaid (only if you link a bank). The layer that connects to your bank. Plaid is the one that holds your bank login; we never see it. Plaid is regulated and SOC 2 Type II, used by thousands of finance apps.
  • Supabase. Hosts the encrypted backup of your data. SOC 2 Type II.
  • Vercel. Hosts our API. Traffic passes through (encrypted), but no financial data is persisted there.

Deleting everything

If you want out, you want out. Go to Settings and tap Delete Account. After a confirmation step:

  • Any Plaid-linked banks are disconnected
  • Your encrypted data is deleted from our servers
  • Your authentication record is deleted
  • All local data on the device is wiped

No hold period. No “we keep it 30 days in case you change your mind.” Delete means delete.

For the full technical and legal version, see the Privacy Policy.