How BudgetLuma protects your data.
No bank connection. Server-authoritative rules. Row-level security in Postgres. Immutability triggers on transactions. No ads. No tracking. Delete on request.
- No PSD2, no Plaid, no scraping
- Permissions & balances computed on the backend
- Explicit subprocessor list — Supabase, Apple, RevenueCat, Frankfurter
- No AI / ML on your data
Free to start. No credit card.
Security as product behaviour, not marketing.
Each claim below corresponds to a specific mechanism in the codebase or database.
No bank sync, no scraping
No PSD2 connections, no Plaid, no account aggregator. You enter what matters to you — nothing more is collected from external sources.
Server-authoritative balances & permissions
Balances, FX conversions, role checks and Premium status are all computed on the backend, behind row-level security. The mobile client never decides what you’re allowed to do; the backend does.
Immutability triggers on transactions
Sensitive fields — original amount, original currency, stored rate, rate source — are protected by database-level triggers. They can only be changed through well-defined RPCs with an explicit rate-mode choice.
No ads, no tracking, no data sold
No advertising identifiers, no cross-app tracking, no data sold to third parties. Ever. Delete your account any time by emailing [email protected] — irreversible by design.
Four partners. Each with a narrow, specific role.
No other third-party service receives your personal or financial data.
Supabase
Policy ↗Authentication and Postgres database hosting. Stores your account and financial data.
Apple App Store
Policy ↗Processes subscription payments. Apple handles all payment information.
RevenueCat
Policy ↗Manages subscription status and entitlements. Receives a user identifier and subscription events.
Frankfurter
Policy ↗Supplies reference exchange rates. Only currency pair data is requested; no personal data is shared.
Honest about what we don’t have.
We don’t publish compliance certifications we don’t hold. We don’t claim audited penetration tests we haven’t commissioned. We don’t present roadmap items as shipped features.
If you need specific security assurances for an enterprise deployment, that isn’t what BudgetLuma is built for today — it’s a personal and small-group finance app, and the honest answer is to say so.
Security — questions answered honestly
Does BudgetLuma connect to my bank account?
No. BudgetLuma has no PSD2 connection, no Plaid integration, and no account scraping. You record transactions yourself. This is a deliberate design choice — we don’t want to hold credentials we don’t need.
How do you protect shared-wallet data?
Access is enforced by Postgres row-level security and by `security definer` RPCs that explicitly check ownership and role membership. A member invited as a viewer cannot change anything, even if a malicious client tried — the backend refuses.
Are you audited, SOC2 certified, or ISO 27001 compliant?
We don’t claim certifications we don’t have. Supabase’s infrastructure has its own compliance posture — see their privacy documentation. BudgetLuma itself does not publish a certification today; we prefer to say less than to overstate.
How do I delete my account?
Email [email protected]. Your account, wallets, transactions, categories and shared-wallet memberships are permanently and irreversibly removed. We don’t retain data after deletion except where required by law.
Do you use AI or machine learning on my data?
No. Every insight, every recurring-payment detection, every financial score is a deterministic SQL query or a fixed formula over your real transactions. There is no model, no prediction pipeline, no training on user data — and no intention to add one.
Is my data encrypted?
Data in transit is encrypted via HTTPS/TLS. Data at rest is stored inside Supabase’s managed Postgres infrastructure with their standard protections. For the exhaustive legal wording, see the privacy policy.
Keep your money data calm and in your hands.
Free to start on iOS. No bank sync. No ads.