All docs

Account, Plans & Security

Security & Privacy

How your data is protected, what we collect, what we don't, and the controls you have.

BudgetLabs is a budgeting app, not a banking app. We made some specific design choices about data — what we collect, what we never collect, and how the bits we do hold are protected.

What we don't collect

We never ask for and never store:

  • Your bank account number, routing number, or login credentials.
  • Your credit or debit card number. (Stripe handles billing on the web; the App Store handles billing on iOS — neither sends card numbers to us.)
  • Your Social Security number or any government ID.

If you find yourself about to type any of those into BudgetLabs, stop — the app won't ask for them.

What we do collect

  • Your email address.
  • The categories, transactions, assets, and debts you enter.
  • Subscription status (Free or Pro), so we can show you the right limits.
  • Light analytics on which features are used (no message content, no transaction descriptions).

That's the list. The full Privacy Policy at /privacy is the authoritative document.

How it's protected

In transit

Every request between your device and BudgetLabs is sent over HTTPS / TLS.

At rest

The Postgres database is encrypted at the disk level. On top of that, sensitive columns — category names, transaction descriptions, savings account names, debt account names — are encrypted at the application layer using pgcrypto with AES-256. The encryption key lives in Supabase Vault and is rotated independently of the database.

Row-level security

Every table is protected by Row Level Security (RLS). Even if a query somehow escaped the application, the database itself only returns rows that belong to the authenticated user's budget. There is no shared, unrestricted view of any user table.

Audit log

Security-sensitive actions — sign-ins, MFA changes, subscription changes, account deletions — are written to an append-only audit log.

Rate limiting

Every API endpoint has per-user, per-window rate limits. This blunts brute-force attempts and limits the blast radius of compromised credentials.

Multi-factor authentication (MFA / TOTP)

Turn on MFA for your account:

  1. Go to Settings > Security.
  2. Tap Enable two-factor authentication.
  3. Scan the QR code with your authenticator app of choice (1Password, Authy, Google Authenticator).
  4. Enter the six-digit code to confirm.
  5. Save the backup codes somewhere offline — these get you back in if you lose the authenticator.

Once enabled, every sign-in asks for the code in addition to your password / OAuth identity.

Trusted devices

After you sign in with your 6-digit code, BudgetLabs offers to trust the device for 30 days. On a trusted device you'll skip the code on future sign-ins until the 30 days expire or you revoke trust.

Manage your trusted devices in Settings → Security → Trusted devices. You can revoke a single device or all of them. Changing your password or turning off two-factor authentication automatically revokes every trusted device.

Trusted devices use a signed bl_trust cookie tied to your account. Only the server can mint or verify the cookie; an attacker who steals the cookie value but doesn't have your password still can't change your password or 2FA settings without your real session. Revoking from another device invalidates the cookie immediately.

Biometric lock (mobile)

On iOS, BudgetLabs supports Face ID and Touch ID. Enable it under Settings > Security:

  1. Toggle Biometric lock on.
  2. Set a background timeout — the number of seconds the app can be in the background before requiring biometric re-auth.
  3. Authenticate once to confirm.

When the app comes back to the foreground after the timeout, it covers the screen and waits for your face / fingerprint before showing data.

Account deletion

You can delete your account end-to-end at any time:

  1. Go to Settings > Account.
  2. Tap Delete account and confirm.

Deletion is permanent: budget, transactions, categories, assets, debt, and any associated metadata are removed. The audit log retains a record that the deletion occurred (without your data) for a short period for fraud prevention, then is purged.

Reporting a vulnerability

If you find a security issue, please email the address listed in the Privacy Policy or use the Support page. Responsible reports are appreciated and acknowledged.

Related

  • Privacy Policy at /privacy.
  • Terms of Service at /terms.
  • Plans & billing — how subscription data is handled.
Last updated April 28, 2026
Back to all docs