Privacy Policy

Privacy Policy

Last updated: January 3, 2026

1. Information We Collect

AB Foundry LLC, doing business as OneBudget ("we," "us," or "our"), collects the following types of information:

Account Information

Phone number for authentication via SMS verification (Twilio Verify)

Financial Information

Bank account data, transaction history, account balances, merchant information, and spending patterns accessed through Plaid's secure API

Usage Information

Budget preferences, category assignments, income sources, bill tracking data, and app usage patterns

Technical Information

Device information, browser type, IP address, and access logs

2. GLBA Compliance

As a financial service provider, we comply with the Gramm-Leach-Bliley Act (GLBA) and take the protection of your financial information seriously. We collect, use, and share your financial information only as described in this Privacy Policy.

For complete details about how we protect your financial information, please see our GLBA Notice.

3. AI Data Usage

We use Anthropic's Claude 3.5 Haiku AI model to assist with transaction categorization when merchant information is ambiguous or when Plaid provides low-confidence category data.

Data Sent to AI Services:

  • Transaction merchant name
  • Transaction description
  • Transaction amount (dollar value only)

Data NOT Sent to AI:

  • Account numbers or routing numbers
  • Bank credentials or access tokens
  • Personal identification information
  • Full account balances

For more information about our AI usage, see our AI Disclaimer.

4. How We Use Your Information

We use your information to:

  • Provide and maintain the OneBudget service
  • Authenticate your identity via SMS verification
  • Categorize transactions automatically and with AI assistance
  • Calculate safe-to-spend amounts and budget recommendations
  • Detect recurring income patterns and bill schedules
  • Generate spending insights and financial reports
  • Send notifications about budget alerts and important account activity
  • Process subscription payments and manage billing
  • Improve and optimize our service
  • Respond to support requests and communicate with you

We never sell your personal or financial data to third parties.

5. Third-Party Services

We work with the following trusted third-party service providers:

Plaid (Bank Connectivity)

Securely connects to your financial institutions using OAuth. We never see or store your bank login credentials. Plaid's privacy policy governs their data practices.

RevenueCat (Subscription Management)

Manages premium subscriptions and billing. PCI-DSS certified for payment processing.

Stripe (Payment Processing)

Processes credit card payments for premium subscriptions. PCI Level 1 certified. Payment data is sent directly to Stripe and never touches our servers.

Anthropic Claude (AI Categorization)

Provides AI-powered transaction categorization for ambiguous merchants. Only receives anonymized merchant names, descriptions, and amounts.

Amazon Web Services (Infrastructure)

Hosts our application infrastructure including Lambda functions, DynamoDB database, and API Gateway. All data is encrypted at rest and in transit.

Twilio Verify (SMS Authentication)

Sends SMS verification codes for secure authentication. Only receives your phone number for delivery.

Cloudflare (Security & CDN)

Provides DDoS protection, web application firewall, and content delivery. Does not access financial data.

6. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for all data at rest in DynamoDB
  • TLS 1.3 encryption for all data in transit
  • Bank credentials never stored—we use Plaid's secure token system
  • Passwords salted and hashed using PBKDF2 key derivation
  • Access controls and logging for all data access
  • Regular security monitoring and updates
  • Infrastructure managed via Terraform for consistency and security

For complete security information, see our Security page.

7. Data Retention

We retain your data as follows:

  • Active accounts: Transaction data retained for up to 2 years to provide historical spending analysis and budget calculations
  • Expired accounts: Data retained for a limited period after subscription expiration to allow reactivation
  • Deleted accounts: All financial data is completely and irreversibly removed from our systems. We do not mark accounts as inactive—we fully destroy the data.

You can request data deletion at any time by deleting your account in Settings. Before deletion, you can export your data in CSV format.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know

You have the right to request information about the personal data we have collected about you in the past 12 months, including categories of data, sources, business purposes, and third parties we share data with.

Right to Delete

You have the right to request deletion of your personal data, subject to certain exceptions required by law.

Right to Opt-Out

We do not sell your personal information. If our practices change, we will update this policy and provide you with opt-out options.

Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive the same level of service regardless of whether you exercise your rights.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

To exercise your California privacy rights, contact us at privacy@onebudget.ai.

9. Your Rights

Regardless of your location, you have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (you can delete your account anytime from Settings)
  • Export: Download your transaction data in CSV format from Data & Privacy settings
  • Objection: Object to processing of your data for certain purposes
  • Portability: Receive your data in a structured, machine-readable format

To exercise these rights, contact us at privacy@onebudget.ai.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes via email or through a prominent notice in the Service.

Your continued use of OneBudget after such notification constitutes acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically.

11. Contact Information

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

AB Foundry LLC (d/b/a OneBudget)

1021 E Lincolnway Suite 9643

Cheyenne, WY 82001

Email: privacy@onebudget.ai

Related Documents:

© 2026 AB Foundry LLC (d/b/a OneBudget). All rights reserved.