Privacy Policy

Last updated: 19 February 2026

My Money Buckets is a free budgeting tool designed with privacy at its core. This policy explains what data we collect, how it is used, and your rights.

Data stored locally (guest mode)

By default, all your budget data — income, expenses, bank account names, bucket allocations, and snapshots — is stored locally in your browser using IndexedDB. In guest mode, no data is sent to any server.

Data stored in the cloud (signed-in users)

If you choose to sign in, we store the following on secure servers hosted in Australia:

• Email address — used for authentication and to send sign-in verification codes.
• Budget profile — your income, expenses, bucket allocations, and account names, stored in an encrypted database. This is the same data that exists locally, synced so you can access it across devices.
• Snapshots — point-in-time budget snapshots, stored in an encrypted database.
• AI Summary cache — if you use the AI Summary feature, the generated narrative is cached for 24 hours and then automatically deleted.

All cloud data is encrypted at rest and in transit (HTTPS/TLS). You can delete all cloud data at any time from the Settings page.

AI Insights (optional)

The Insights page analyses your budget locally and shows rule-based insights entirely on your device. No data is sent to any server for this.

If you choose to tap “Generate AI Summary”, a summary of your insights is sent to a third-party AI provider (currently Anthropic) to generate a personalised narrative. Specifically:

• Only budget insight titles, descriptions (containing percentages and category names), and your health score are sent. Dollar amounts are never sent.
• The request is made from our API server — the AI provider does not receive your email address or user ID.
• Responses are cached for 24 hours to minimise repeated calls.
• Usage is capped at 5 AI summaries per user per day.
• This feature is entirely opt-in. If you never tap the button, no data is sent to any AI provider.

Enhanced data mode (opt-in)

If you enable the “Include budget details for personalised advice” toggle on the Insights page, additional data is included in the AI request to provide more specific, actionable advice. This is entirely opt-in and disabled by default.

When enabled, the following additional data is sent:

• Expense item names (e.g. “Netflix”, “Rent”)
• Expense amounts per pay cycle (e.g. “$16/fortnight”)
• Expense category names (e.g. “Entertainment”)
• Income line names (e.g. “Salary”, “Side gig”)
• Income amounts per pay cycle
• Your pay cycle label (e.g. “fortnightly”)

Even when enhanced data mode is enabled, the following are never sent to the AI provider: notes, provider names, bank account names or IDs, due dates, user ID, or email address. These fields are structurally excluded from the request payload.

No account numbers or sensitive banking details

The app stores friendly account names only (e.g. “Everyday”, “Bills”). It never asks for, stores, or transmits BSBs, account numbers, or bank login credentials.

Analytics

We use PostHog for anonymous, privacy-friendly analytics. This helps us understand which features are used and improve the app. Specifically:

• No cookies are set. Analytics use memory-only persistence.
• No personally identifiable information (PII) is collected.
• No session recordings or heatmaps are used.
• Only anonymous pageviews and key actions (e.g. “budget exported”) are tracked.

Data export and import

You can export your full budget as a JSON file at any time from the Settings page. This file is generated entirely in your browser — no server is involved. You can also import a previously exported file to restore your data.

Sharing via URL

When you share your budget via a generated link, sensitive fields are automatically stripped. Notes, provider names, and bank account details are never included in shared links. Only budget structure and amounts are shared.

Third-party services

• PostHog — anonymous analytics (described above).
• Amazon Web Services (AWS) — hosts the app, authentication, database, and email delivery for signed-in users. All data is hosted in Australia. Learn more.
• Anthropic — provides the optional AI Summary feature on the Insights page. Only insight summaries (percentages, category names, health score) are sent by default. If you enable enhanced data mode, expense and income amounts are also included. Email addresses and user IDs are never shared. Learn more.

Guest users have no interaction with our cloud services or Anthropic. The AI Summary feature is only available to signed-in users and is entirely opt-in.

Data retention

Guest users: Your budget data exists only in your browser’s local storage. Clearing your browser data or uninstalling the app deletes everything.

Signed-in users: Your data is stored in the cloud until you delete it. You can delete all cloud data from the Settings page (“Reset All Data”). Signing out stops syncing but preserves your local data. Your account and email can be deleted by contacting us.

Your rights

You have full control of your data at all times. You can view, export, modify, or delete your local and cloud data from the Settings page without contacting us. Signed-in users can also request full account deletion by contacting us via the feedback form below.

Contact

If you have questions about this policy or the app, please reach out via our feedback form.

Changes to this policy

We may update this policy from time to time. Changes will be reflected by updating the “Last updated” date at the top of this page.