Privacy Policy

Last updated: March 12, 2026

Bumbershoot Labs ("we", "us", or "our") operates the Budgette mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. By using Budgette, you consent to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect your email address and name. If you create a family, we also collect the names and roles of family members you add. Child profiles are created and managed by a parent or guardian — children do not create their own accounts.

Family & Financial Data

Budgette stores allowance amounts, budget categories, and transaction records that you create within the app. This data is used solely to provide the Service's functionality. Budgette does not connect to real bank accounts, process real money, or store payment card information. Subscription payments are processed entirely by Apple (App Store) or Google (Google Play); we receive only a confirmation of your subscription status.

Device and Usage Data

We collect device type, operating system version, app version, and general usage analytics to improve the Service. This data is collected in aggregate and is not linked to individual identities.

Push Notification Tokens

If you grant notification permissions, we collect your device's push notification token to deliver notifications about allowance deposits, transactions, and other activity. You can disable notifications at any time through your device settings or the app's Settings screen. Tokens are removed from our servers when you log out or revoke notification permissions.

Cookies and Website Tracking

Our marketing website (budgette.app) may use cookies and similar technologies for basic site functionality and analytics. We do not use cookies for advertising or cross-site tracking. The mobile app does not use cookies.

2. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the Service
  • To authenticate your identity and manage your account
  • To sync your family's data across devices
  • To send transactional communications (e.g., magic login codes, push notifications)
  • To respond to support requests and feedback
  • To monitor and analyze usage trends to improve the Service
  • To detect, prevent, and address technical issues or abuse

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for (account data, family data, syncing).
  • Legitimate Interest: Processing for product improvement, analytics, and security, where our interests do not override your rights.
  • Consent: Processing that requires your opt-in, such as push notifications. You may withdraw consent at any time.
  • Legal Obligation: Processing required to comply with applicable laws.

4. Data Sharing and Third-Party Providers

We do not sell, rent, or trade your personal data. We may share data with the following categories of third-party service providers solely to operate the Service:

  • Cloud Hosting: Server infrastructure and database hosting.
  • Email Delivery: Transactional email services (e.g., login codes, invitations).
  • Push Notifications: Expo push notification service for delivering app notifications to your device.
  • Payment Processing: Apple App Store and Google Play handle all subscription payments. We do not receive or store payment card details.

All providers are bound by data processing agreements and are prohibited from using your data for their own purposes. We may also disclose data if required by law, court order, or governmental authority, or to protect the rights, safety, or property of Bumbershoot Labs, our users, or the public.

5. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place with all providers to protect your data.

6. Children's Privacy

Budgette is designed for families and may be used by children under the supervision of a parent or guardian. We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws.

  • Only a parent or guardian may create and manage the family account, including child profiles.
  • Children do not create their own accounts or provide personal information directly to us.
  • Child profiles contain only a name (chosen by the parent) and associated allowance/budget data. No email address, date of birth, or device identifiers are collected for children unless the parent activates child mode on a device.
  • Parents may review, modify, or delete their child's data at any time through the app.
  • Parents may request deletion of all child data by contacting us at [email protected].

If you believe we have inadvertently collected information from a child without proper parental consent, please contact us immediately and we will delete it promptly.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics purposes.

8. Data Security

We use industry-standard technical and organizational measures to protect your data, including:

  • Encrypted connections (TLS) for all data in transit
  • Hashed passwords (never stored in plaintext)
  • Role-based access controls limiting internal access to data
  • Regular security reviews of our infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than required by applicable law. We will also notify relevant supervisory authorities as required.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Restriction: Request that we limit how we process your data.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by applicable law).

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app, updating the "Last updated" date above, and, where appropriate, sending a notification. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Bumbershoot Labs
Email: [email protected]