Effective: March 25, 2026
1. Introduction
My Home Budget (“the App”) is a household budget management application developed by EvenPathLabs (“we”, “us”, “our”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the App.
By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.
2. Data Controller
EvenPathLabs
Contact: myhomebudget@evenpathlabs.com
3. Data We Collect
3.1 Account Information
When you create an account, we collect:
- Email address — required for account creation and communication
- Name — optional, used for display within the App
- Authentication tokens — from Google Sign-In or Apple Sign-In (if you choose these methods)
3.2 Financial Data (User-Provided)
All financial data is entered by you voluntarily:
- Expenses, incomes, and budget plans
- Bank account names and balances
- Savings goals and credit/loan information
- Household members (names, roles)
- Payment methods and categories
3.3 Receipt Scanning (OCR)
When you use the receipt scanning feature:
- Your device camera captures receipt images
- Text recognition is performed entirely on your device using on-device text recognition technology
- Receipt images are never uploaded to our servers or any third party
- Only the extracted data (store name, total amount, date) is saved if you confirm
3.4 Location Data
- We request location permission once during initial setup to auto-detect your country for currency and language defaults
- Only the country code (e.g., “DE”, “US”) is stored — not your GPS coordinates
- You can deny location permission and select your country manually
- We do not track your location continuously
3.5 Device Information
- Push notification token — for delivering notifications via Firebase Cloud Messaging
- App integrity data — our security system (freeRASP) checks for device tampering to protect your data
3.6 Usage Data
- Gamification progress (XP, streaks, achievements) — synced with your account
- Notification preferences you set within the App
What we do NOT collect: contacts, call logs, SMS, browsing history, photos (other than temporary receipt scans), microphone audio, installed apps, device IMEI, or advertising identifiers (except via AdMob for free-tier users).
4. How We Use Your Data
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide core budget tracking | Financial data, account info | Contract performance |
| Sync across devices | All app data | Contract performance |
| AI-powered insights (Premium) | Aggregated expenses, currency, language | Consent / Contract |
| Send transactional emails | Email address, name | Contract performance |
| Display advertisements (Free tier) | Ad ID, IP (by AdMob) | Consent (EU) / Legitimate interest |
| Process subscriptions | User ID, purchase receipts | Contract performance |
| Security & fraud prevention | App integrity signals | Legitimate interest |
| Push notifications | FCM device token | Consent |
5. AI Features
If you use AI-powered budget insights (Premium feature):
- We send aggregated spending data (category totals, not individual transactions) to Anthropic's Claude API
- Your email, name, or other personal identifiers are never sent to the AI
- AI responses are cached locally and on our server to reduce repeated processing
- You can disable AI features in your notification settings
6. Third-Party Services
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Supabase | Supabase Inc. (US) | Backend, authentication, database | All synced app data |
| Google Sign-In | Google LLC | Authentication | OAuth tokens, email, name |
| Apple Sign-In | Apple Inc. | Authentication | Apple ID token, email (optional) |
| Firebase Cloud Messaging | Google LLC | Push notifications | Device token |
| Google AdMob | Google LLC | Advertising (Free users) | Ad ID, IP, device info |
| RevenueCat | RevenueCat Inc. (US) | Subscription management | User ID, purchase data |
| Anthropic Claude API | Anthropic PBC (US) | AI budget insights | Aggregated financial data |
| Resend | Resend Inc. | Transactional emails | Email address, name |
| Talsec (freeRASP) | Talsec s.r.o. | App security | App integrity signals |
Each third-party service has its own privacy policy. We encourage you to review them.
7. Advertising & Consent (GDPR)
For users in the EU/EEA:
- We use Google's User Messaging Platform (UMP) to collect your consent before showing personalized ads
- If you decline, only non-personalized ads are shown (or no ads at all)
- You can change your consent at any time in the App settings
- Premium subscribers see no ads at all
8. Data Storage & Security
- Local storage: All data is stored locally on your device in an SQLite database (Drift)
- Cloud storage: Data syncs to Supabase (PostgreSQL) hosted on secure cloud infrastructure
- Encryption in transit: All network communication uses HTTPS/TLS with certificate pinning
- Encryption at rest: Server-side database encryption; local secure storage for sensitive tokens
- Row-Level Security: Each user can only access their own household data (enforced server-side)
- Biometric lock: Optional fingerprint/face lock for additional app security
9. Data Retention
- Your data is retained as long as your account is active
- When you delete your account, all server-side data is permanently deleted
- Local data is deleted from the device upon account deletion or app uninstallation
- Cached AI insights expire automatically after their validity period
10. Your Rights (GDPR & Applicable Laws)
You have the right to:
- Access — export all your data as a PDF from within the App
- Rectification — edit any data directly in the App
- Erasure — delete your account and all associated data (Settings → Delete Account)
- Data portability — export your data before deletion
- Withdraw consent — for ads, notifications, AI features, or location access at any time
- Object — to certain data processing by contacting us
To exercise these rights, use the in-app options or contact us at myhomebudget@evenpathlabs.com.
11. Children's Privacy
The App is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. Household members under 13 may be listed by a parent/guardian, but they do not have independent accounts.
12. International Data Transfers
Your data may be processed in the United States through our service providers (Supabase, RevenueCat, Anthropic). These transfers are protected by:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs)
- Encryption in transit and at rest
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. The “Effective” date at the top indicates the latest revision.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices:
Email: myhomebudget@evenpathlabs.com
Developer: EvenPathLabs
© 2026 EvenPathLabs. All rights reserved.