Privacy Policy
Last updated: 2026-05-17
Zero Budget is a personal-finance application that helps a household run a zero-based budget. This policy describes what we collect, why we collect it, who we share it with, and how long we keep it.
Who runs Zero Budget
Zero Budget is operated as a single-operator service. Contact: hello@zerobudget.ca. For everything in this document, "we" means that single operator and "you" means the user of the app.
What we collect
- Account information. Email address, hashed password, full name, household name. Provided by you at signup.
- Bank-connection metadata.When you connect a bank via Plaid (Production tier; supports banks in the United States and Canada) we receive an access token, the institution name, and a list of accounts (name, mask, type, subtype, balances). The access token is encrypted with AES-256-GCM before it is written to our database. We use Plaid's Transactions product only; we do not call Investments, Liabilities, Identity, or any other Plaid product.
- Transaction data. Pulled from Plaid for the accounts you have linked. Includes date, merchant name, amount, and a Plaid-supplied category. We do not receive your bank login credentials.
- Application data you create. Budget categories, sinking funds, debt totals, transaction assignments, splits, due dates, categorization rules, and other budgeting structure.
- Billing data. When you subscribe, Stripe stores your card details and customer record on its own systems and returns us a customer ID, subscription ID, status, period end, and any active promo code. We never see or store the card number, CVC, or expiry. We do store the Stripe customer ID against your household so we can reconcile webhooks.
- Push-notification subscriptions. If you enable notifications we store the push endpoint URL, the cryptographic keys your browser provides for that endpoint (p256dh and auth), and your user agent string. Used only to deliver Zero Budget notifications. Removable from Settings → Notifications.
- Email delivery metadata. Resend (our transactional email provider) processes your email address to deliver signup confirmation, password reset, subscription receipts, trial-ending reminders, and feature notices. Resend records standard delivery telemetry (delivered, bounced, opened) which we use to detect inbox issues.
- Crash and error reports. Sentry captures unhandled exceptions thrown by the app, including stack traces, the user ID (so we can correlate errors to bug reports), browser user agent, and route path. We do not deliberately send Sentry any transaction amounts, merchant names, or personally identifying data beyond user ID.
- Operational logs. Vercel records request metadata (path, status code, latency, IP address) for at most 30 days for debugging and abuse prevention. Our own application logs (also on Vercel) record similar request-level events plus the user ID when an authenticated route fires.
- Session cookies. Supabase Auth sets a session cookie on your device so we can recognize you between page loads. Removed on logout or when you clear cookies.
How we use it
- To show you your own budget, transactions, and balances.
- To sync new transactions from Plaid on a daily schedule.
- To respond to webhooks from Plaid that signal new data or that your bank has logged you out and needs to be reconnected.
- To process subscription payments and react to billing events (renewal, cancellation, payment failure).
- To deliver transactional and lifecycle emails (signup confirmation, trial ending, payment receipts, account-deletion notices).
- To deliver push notifications you opted into (morning brief, bill due, balance low, trial ending). Each notification category has its own toggle in Settings → Notifications.
- To diagnose and fix bugs you report or that show up in logs or Sentry.
We do not sell your data. We do not share your data with advertisers. We do not share aggregated, anonymized, or otherwise repackaged versions of your data with third parties for marketing.
Who we share it with
- Plaid Inc.Plaid is the network that connects Zero Budget to your bank. We send Plaid your bank-account selection and receive transactions in return. Plaid's end-user privacy notice is shown to you inside Plaid Link before you authorize a connection. See Plaid's consumer policy.
- Stripe Inc. Processes subscription payments and stores your card information. We send Stripe your email, household name, and price selection at checkout. See Stripe's privacy policy.
- Supabase. Hosts our PostgreSQL database and authentication service. Data is stored in their managed infrastructure under our project (United States region).
- Vercel. Hosts the application code and serves HTTPS traffic. Edge functions execute in multiple regions depending on your location.
- Resend. Sends transactional email on our behalf. Receives your email address and the message contents.
- Sentry. Receives error reports as described above. Used only for debugging.
- Web Push services. If you enable notifications, the push payload is delivered through the push service your browser uses (Apple Push Notification service for Safari, Firebase Cloud Messaging for Chrome and Edge, Mozilla autopush for Firefox). These services see the encrypted payload and the destination endpoint; they do not see the decrypted message.
- Law enforcement / legal process. Only with valid legal process, and only the minimum we are compelled to disclose.
We do not use any third-party analytics or advertising trackers.
Where we store it
Application data, billing references, and Plaid access tokens are stored in our Supabase PostgreSQL instance hosted in the United States. Plaid access tokens are encrypted at rest with AES-256-GCM; the encryption key is held only by our server runtime and never sent to the browser. All traffic between your device and Zero Budget is encrypted with TLS.
If you are accessing Zero Budget from outside the United States your data is transferred to and processed in the United States (Supabase and Vercel host primary infrastructure there). By using Zero Budget you consent to this transfer.
How long we keep it
| Category | Retention |
|---|---|
| Auth identity, profile, household | Until you delete your account |
| Plaid access tokens | Until you disconnect a bank or delete your account; revoked at Plaid in real time |
| Transactions, budget data | Until you delete your account |
| Stripe customer + subscription records | Retained by Stripe per their own retention schedule even after we delete the linkage on our side |
| Push subscriptions | Until you disable notifications or the push service marks the endpoint as expired |
| Resend email delivery logs | 30 days on Resend, then automatically purged |
| Sentry error reports | 90 days, then automatically purged |
| Database backups | Up to 7 days (Supabase point-in-time recovery) |
| Operational request logs | 30 days (Vercel) |
Your rights
- Access and portability. Email us and we will provide a copy of your account, household, and transaction data in a machine-readable format. The app also supports CSV export of transactions from Settings → Export.
- Correction. Most fields are editable directly in the app (Settings, transaction edit, budget rename). For anything that is not, email us.
- Deletion.The Settings page has a "Delete account" control. Scheduling deletion immediately revokes every linked bank from Plaid (calling Plaid's
/item/removeon your behalf) and flips your Stripe subscription to cancel at the end of the current billing period. Your data stays available to you during a 30-day cool-off window (or until the billing period ends, whichever lines up with your plan) so you can change your mind. After the timer elapses, a daily cron job permanently deletes every database row associated with your household and removes your auth user from Supabase. You can cancel a scheduled deletion any time before the timer elapses. Backups expire on the schedule above and cannot be selectively restored. - Disconnect a bank.The Accounts page lets you disconnect any single linked bank without deleting your account. Disconnecting calls Plaid's
/item/removeand stops further syncing. - Withdraw consent. You may revoke our access to your bank at any time from inside the app or by contacting your bank.
- Manage notifications. Each notification category has its own toggle in Settings → Notifications. Disable any category individually, or revoke browser permission entirely.
Children
Zero Budget is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, contact us and we will delete the account.
Security
Our security posture, including access controls, encryption, MFA policy, and patch SLA, is documented at SECURITY.md in our public repository.
Changes to this policy
If we change this policy in any material way we will update the "Last updated" date above and announce the change in the app on next sign-in. Trivial wording changes will not trigger an announcement.
Contact
Questions or requests: email hello@zerobudget.ca with the subject Zero privacy.