Last updated: June 7, 2026 · Effective: May 17, 2026
The short version: DuoBudgets is funded by users, not advertisers. We collect only what is needed to run your budget app. We do not sell your data, share it with advertisers, or use it for any purpose outside of providing the service.
DuoBudgets is operated by Simpsons AI Solutions Inc., Saskatoon, Saskatchewan, Canada. We are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Canadian Anti-Spam Legislation (CASL). Contact: [email protected].
We collect only the information necessary to provide DuoBudgets. We do not collect location data, browsing history, device identifiers beyond what is strictly necessary for push notifications, or any information unrelated to household budgeting.
Solely to provide and operate DuoBudgets. Specifically: authenticating your account, storing and displaying your budget data, sending SMS reminders and monthly summaries you have consented to, delivering push notifications you have enabled, and improving the reliability and performance of the service. We do not sell your data, share it with advertisers, use it for profiling, or use it for any purpose outside the service.
If you connect a bank account, DuoBudgets uses Plaid Technologies Inc. Your bank credentials go directly to Plaid. We never see, receive, or store them. The connection is read-only. You can disconnect at any time from Settings. Plaid is SOC 2 Type II certified. Plaid's privacy policy: plaid.com/legal.
Some of our service providers process data outside of Canada. Specifically: Twilio (SMS delivery, United States), Resend (email delivery, United States), Plaid (bank connectivity, United States), and Cloudflare (receipt storage, distributed globally). DigitalOcean (hosting and database) is located in Toronto, Canada. Data transferred to US providers is governed by their respective privacy policies and applicable data transfer frameworks. We have assessed these providers and are satisfied they maintain appropriate safeguards.
None of these providers are permitted to use your data for their own purposes beyond service delivery.
We use one strictly necessary session cookie (connect.sid) with HttpOnly, Secure, and SameSite=Lax properties. No advertising cookies, no tracking pixels, no analytics cookies, and no third-party cookies.
All data is encrypted in transit using TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) prevents protocol downgrade attacks. Session cookies are HttpOnly, Secure, and SameSite=Lax. PINs expire after 10 minutes and are single-use. Brute-force protection locks authentication after repeated failures. Biometric login uses the WebAuthn standard. Receipt images require authenticated access and verified ownership. In the event of a breach that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada within 72 hours as required under PIPEDA.
Your data is retained for as long as your account is active. When you delete your account, all personal information (budget entries, bank connections, receipts, session data, and credentials) is permanently deleted within 24 hours. A pseudonymised deletion audit record (no personal data) is retained for 6 years per CRA guidelines. SMS consent records are retained as required by CASL. You may export your data at any time before deletion from Settings.
You have the right to: access the personal information we hold about you; request correction of inaccurate information; withdraw consent to processing (which may result in account deletion); and request deletion of your account and all associated data. To exercise any of these rights, contact us at [email protected]. We respond within 30 days. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada: priv.gc.ca or call 1-800-282-1376.
DuoBudgets is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us and we will delete the account promptly.
You may withdraw consent for specific processing activities: disable SMS reminders in Settings → Alerts; disable push notifications in Settings → Alerts; disconnect your bank connection in Settings → Bank Sync; delete your account entirely in Settings → Account → Delete Account. Withdrawing consent for required data (phone number for authentication) will result in account termination.
We may update this Privacy Policy to reflect changes to our practices or for legal reasons. We will notify active users of material changes via SMS and in-app notice at least 14 days before changes take effect. The updated date at the top of this page reflects the most recent revision. Continued use of DuoBudgets after the effective date constitutes acceptance of the updated policy.
Privacy inquiries: [email protected]
DuoBudgets · Simpsons AI Solutions Inc. · Saskatoon, Saskatchewan, Canada