Privacy Policy
Your financial privacy is fundamental to our service. This policy explains how PiggyBank collects, uses, protects, and manages your personal and financial information with complete transparency and in compliance with applicable privacy laws.
Last updated: December 23, 2024
Information We Collect
Account Information
Email address, name, and profile information collected through Google OAuth or direct registration via Better Auth authentication system.
Financial Data
Transaction records, account balances, spending categories, budgets, financial goals, and any manually entered financial information.
Usage Information
App usage patterns, feature interactions, device information, IP addresses, and analytics data to improve our service.
How We Use Your Information
Primary Uses
- Provide financial tracking and budgeting services
- Generate personalized financial insights and reports
- Authenticate and secure your account access
- Provide customer support and technical assistance
Secondary Uses
- Improve and optimize our application features
- Conduct security monitoring and fraud prevention
- Send important service updates and notifications
- Comply with legal obligations and regulatory requirements
Data Storage and Security
Powered by Neon Database: Enterprise-Grade Security
Your financial data is stored securely in Neon's PostgreSQL-compatible database infrastructure, which provides industry-leading security features and compliance standards.
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards.
Secure Infrastructure
Data centers with SOC 2 Type II compliance, regular security audits, and 24/7 monitoring.
Access Controls
Strict role-based access controls and multi-factor authentication for all system access.
Authentication Security
We use Better Auth combined with Google OAuth to provide secure, industry-standard authentication:
- OAuth 2.0 and OpenID Connect protocols for secure authentication
- Session management with secure, httpOnly cookies
- Regular security token rotation and validation
- Protection against CSRF, XSS, and other common attacks
Data Sharing and Third Parties
We Do NOT Sell Your Data
PiggyBank never sells, rents, or trades your personal or financial information to third parties for marketing purposes. Your financial data remains private and is only used to provide our services.
Limited Sharing Scenarios
- Service providers (hosting, analytics) under strict data processing agreements
- Legal compliance when required by law or court order
- Business transfers (with user notification and consent options)
Third-Party Services
- Google OAuth (authentication only, governed by Google's privacy policy)
- Neon Database (secure data storage with data processing agreement)
- Analytics services (anonymized usage data only)
Your Rights and Controls
You have complete control over your financial data. We provide comprehensive tools and rights to manage your information in compliance with GDPR, CCPA, and other privacy regulations.
Access
View all data we have about you
Export
Download your data in portable formats
Correct
Update or correct your information
Delete
Permanently remove your account and data
Data Retention
Active Accounts
We retain your financial data for as long as your account remains active and for up to 7 years after account closure for legal and regulatory compliance purposes.
- Transaction data: Retained while account is active
- Account information: Retained while account is active
- Usage analytics: Anonymized after 2 years
Account Deletion
When you delete your account, we immediately stop processing your data and begin secure deletion procedures within 30 days, except where legal retention is required.
- Personal data: Deleted within 30 days
- Financial records: May be retained for legal compliance
- Backups: Securely overwritten in next backup cycle
Contact Us About Privacy
If you have questions about this privacy policy, want to exercise your rights, or need to report a privacy concern, please contact us:
- Email: privacy@piggybank.com
- Response Time: Within 72 hours
- Data Protection Officer: Available upon request
Policy Updates
We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or in-app notification.
You can always find the current version of our privacy policy at piggybank.com/privacy