Free calculator
Open app

Security

Last reviewed: 13 June 2026

TL;DR. Before you sign in, your budget never leaves your browser. Once you sign in, it syncs to Supabase over HTTPS and is encrypted at rest, protected by per-user and per-household access rules. Budjo never connects to your bank. Sync is not end-to-end encrypted yet, and we say so plainly. Payments run through Stripe; we never see your card details.

This page explains how Budjo protects your data, in plain language. It is a companion to our privacy policy, which covers what we collect and why.

Before you sign in

Without an account, every transaction, account, bill, goal, and preference lives in localStorage on your device. None of it reaches our servers, and we cannot see it. You can use Budjo this way indefinitely.

What syncs after you sign in

When you sign in, on any plan, free or paid, your data syncs to Supabase so you can use it across devices. That includes your transactions, accounts, categories, bills, goals, preferences, any notes you write, and receipt images you attach (paid plans). We store your email address, your Stripe customer ID, and your subscription status. We never store your card details or any bank login.

Encryption in transit

Every request between your browser and our servers is encrypted with HTTPS (TLS). There is no unencrypted path for your synced data.

Encryption at rest

Supabase encrypts all stored data at rest using AES-256. Receipt images live in Supabase Storage under the same protection.

No end-to-end encryption yet

Budjo does not currently use end-to-end encryption on the sync layer. Supabase stores your rows, bound by strict access rules, which means our infrastructure can technically read them. We are working on an optional end-to-end layer so that we could not read your rows even with database access. Until that ships, we state this limitation openly rather than imply more privacy than we deliver.

Access control

Access is enforced by Supabase Row-Level Security (RLS) based on account ownership and household membership:

  • Only you can read the rows you own.
  • Household members you invite can read the financial data, notes, and receipts shared in that household. Don't enter anything you don't want them to see.
  • A small set of restricted Budjo service functions (edge functions) act on your data to run the app. Nothing else in our system can read your rows.

Authentication

Sign-in is handled by Supabase Auth, using Google OAuth or email/password. Passwords are never stored on our side. We don't connect to your bank, so there are no bank credentials to protect.

Receipt storage

Receipt images you attach are stored in Supabase Storage and are visible to everyone in your household. We don't scan, moderate, or virus-check uploads, and images can carry metadata such as location. You control what you upload. Removing a receipt deletes the image.

Backups

Supabase keeps rolling backups on a 7-day retention window. Backups containing data you delete are purged within that window.

Account and data deletion

You can delete your account and every synced row from Settings → Account → Delete account. Synced personal data is removed within 30 days of a deletion request. Stripe transaction records are kept for 7 years to meet tax and audit obligations. You can export everything to CSV at any time from Settings → Data.

Subprocessors

We rely on a short list of vendors to run Budjo, each bound by data-processing terms:

Subprocessor Purpose Location
Supabase Database, auth, storage, edge functions Asia Pacific (Mumbai, India)
Stripe Payment processing USA
Resend Transactional email USA
Google Sign-in (OAuth) and consent-based marketing-site analytics USA
Hostinger Static marketing-site hosting Asia Pacific

The full, current list with privacy-policy links lives in our privacy policy.

Reporting a vulnerability

If you find a security issue, email support@budjo.app with the details and steps to reproduce. We read every message and will work with you on a fix. Please don't publicly disclose an issue before we've had a chance to address it.

Contact

support@budjo.app. We answer every email.