Privacy Policy

Last updated: May 2026

Overview

Basis Budget is developed and operated by JK Creative Studios LLC. It is designed with privacy as a core principle. Your financial data (transactions, balances, budgets, and categories) is stored on your device. It is also encrypted on your device and synced to our servers (Supabase) so your data can be restored when you reinstall the app or sign in on a new device. Encrypted records are unreadable in transit and at rest without the per-user encryption key. If you link a bank, Plaid automatically imports transactions from your accounts. You can also enter transactions manually with no bank connection.

What We Store on Our Servers

We store the following on our servers (Supabase) to enable authentication, cross-device sync, and bank sync (when you link a bank):

  • Anonymous user identifier — a random ID generated by Sign in with Apple. We do not know your name or real email address.
  • Apple private relay email — if you choose to share your email, Apple provides a private relay address, not your real email.
  • Bank connection tokens — encrypted tokens that allow us to sync your accounts. These tokens cannot be used to access your bank directly.
  • Encrypted financial records — your transactions, balances, budgets, categories, net worth snapshots, and app settings, encrypted on your device with AES-GCM before upload. We store only the ciphertext.
  • Your per-account encryption key — stored in a protected vault table so your data is available when you sign in on a new device. See “Encryption” below for what this means in practice.

We never store your bank login credentials, account numbers, or routing numbers — those stay between you, your bank, and Plaid.

What We Never Collect

  • Bank login credentials or passwords
  • Account numbers or routing numbers
  • Transaction history or account balances
  • Personal information (name, address, phone number)
  • Device identifiers or advertising IDs
  • Per-user behavioral profiles or cross-app tracking

The App contains no advertising code, no third-party analytics SDKs, and no tracking pixels.

Anonymous Usage Events

We collect a small number of anonymous, aggregate events (e.g., sync success and errors, paywall views) so we can understand how the App is performing across our user base. These events do not contain any identifier that links them to you, your account, or your device. We use this data for product decisions only and do not share it with third parties.

On-Device Data

All financial data is stored locally on your device using Apple's SwiftData framework. It is also encrypted on-device and synced to our Supabase backend so it is available when you reinstall the app or restore on a new device.

Encryption

Each of your financial records is encrypted on your device with AES-GCM using a 256-bit key (a Data Encryption Key, or DEK) that is unique to your account. Only ciphertext is transmitted and stored in our database.

Your DEK is stored in a protected table in our Supabase project, accessible only to your authenticated session via row-level security, so your data can be decrypted when you sign in on a new device. We never access, view, sell, or share your financial data.

Third-Party Services

Plaid

Bank account syncing is powered by Plaid, a trusted financial data provider used by thousands of apps. When you connect your bank, you authenticate directly with your bank through Plaid's secure interface — your bank credentials are never shared with Basis Budget. Plaid provides us with account balances and transaction data, which flows through our server but is only stored on your device. Plaid's data handling is governed by Plaid's Privacy Policy.

Supabase

We use Supabase for user authentication (Sign in with Apple), to securely store bank connection tokens, and to store your encrypted financial records and encryption key for cross-device sync. Supabase encrypts all data at rest, and your financial records are additionally encrypted on your device before upload.

Vercel

Our API is hosted on Vercel. API requests pass through Vercel's infrastructure but no financial data is persisted there.

Background Refresh

If you've linked a bank, the App uses iOS's Background App Refresh to periodically fetch new transactions from Plaid and sync your encrypted records so your data is current when you open the App. You can disable this at any time in iOS Settings → General → Background App Refresh. If you haven't linked a bank, no background refresh runs.

Sign-In

Sign-in is required to sync your encrypted data to our servers so it can be restored when you reinstall the app or switch devices. You can sign in with Apple ID or email. With Apple Sign-In, you can hide your email using Apple's private relay. With email sign-in, we use your email address only to send one-time sign-in codes. We do not require or store your real name.

Face ID / Touch ID

If you enable biometric authentication, it is handled entirely by Apple's LocalAuthentication framework on your device. We never access, store, or transmit biometric data.

Data Deletion

You can delete all your data at any time from within the App (Settings → Delete All My Data). This permanently removes all local data, your encrypted records and encryption key from our Supabase backend, your bank connections, and your authentication record.

Children's Privacy

Basis Budget is not directed at children under the age of 13. We do not knowingly collect any information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date.

Contact

If you have questions about this Privacy Policy, contact us at support@basisbudget.com.