Privacy Policy

Last Updated: May 5, 2026

1. Introduction

Piggy Banks ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal budgeting application on the web or on iOS.

By using Piggy Banks, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

Account Information

When you sign in, we receive and store information from your chosen identity provider — Microsoft, Google, or Apple:

  • Your display name and email address (Apple may provide a privacy-relay email instead of your real one)
  • A unique identifier from the provider (used to link your data to your account)

We do not receive or store your provider account password. Authentication is handled entirely by Microsoft, Google, or Apple.

Financial Data from Connected Banks

When you connect a bank account through Plaid, we receive and store:

  • Account name and type (e.g., "Checking")
  • Financial institution name
  • Transaction history (date, description, amount)

What We Do NOT Collect

  • Bank login credentials (username, password, PIN)
  • Full account numbers or routing numbers
  • Social Security numbers or government identification
  • Credit scores or credit reports
  • Data from accounts you have not explicitly connected

3. How We Use Your Information

Your data is used exclusively to provide you with Piggy Banks' budgeting features:

  • Displaying your transactions, balances, and plan status
  • Performing planning calculations and analysis
  • Syncing with your connected bank accounts

We Do NOT Use Your Data For

  • Advertising, ad targeting, or user profiling
  • Sale or licensing to third parties
  • Training machine learning or AI models
  • Marketing communications
  • Credit decisions or financial assessments

4. Bank Connection Security

We use Plaid, a trusted financial services provider, to securely connect to your bank accounts. When you connect a bank:

  • You authenticate directly with your bank through Plaid's secure interface
  • Your bank credentials are never shared with or accessible to Piggy Banks
  • We receive only read-only access to your account information and transactions
  • We cannot move money, make payments, or modify your accounts in any way

Bank access tokens are stored in a managed secrets vault (Microsoft Azure Key Vault), separately from your other application data.

5. Data Sharing

We do not sell, rent, or share your personal financial data with third parties for their independent use. The only external data flows are:

  • Microsoft, Google, or Apple (whichever you used to sign in): authentication tokens only — no financial data
  • Plaid: to retrieve your bank transactions (data flows from Plaid to us, not the reverse)
  • Microsoft Azure: our cloud infrastructure provider, used for storage, secrets management, transactional email delivery, and operational monitoring

We may disclose your information if required by law, court order, or governmental authority.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: All financial data is encrypted using AES-256-GCM authenticated encryption before storage. Each budget is encrypted with its own key.
  • Encryption in Transit: All communications use TLS 1.2 or higher.
  • Data Isolation: Each budget is stored as its own encrypted document. Members of a shared budget hold their own individually-wrapped copy of the budget's encryption key, so we never store a plaintext key on disk and a removed member cannot decrypt the budget. There is no shared database, no admin panel, and no aggregation across budgets.
  • Pseudonymized identifiers: We do not store your account or budget identifiers as raw values; we use one-way pseudonyms that prevent the data from being correlated across our systems.
  • Secure Authentication: We use OAuth 2.0 with PKCE, an industry-standard secure authentication protocol.
  • Token storage on your device: On the web, authentication tokens are kept only in your browser's session storage and cleared when you close the tab. On iOS, they are stored in the iOS Keychain (device-only — never iCloud Keychain) and cleared when you sign out.
  • No Persistent Cookies: The web app does not use cookies for authentication or tracking.

7. Household Sharing

Piggy Banks supports sharing a single budget across a household. Sharing is designed to keep the owner in full control and to protect the data even from us:

  • Up to three members per budget. A household consists of one owner and up to two additional members.
  • Owner-controlled. Only the owner can invite a new member or remove an existing one. Members can leave at any time.
  • Encrypted, short-lived invites. Invitations are exchanged through a one-time QR code that expires in five minutes and can only be used once. The QR itself contains only an opaque identifier — never a usable key — and the key needed to decrypt the budget is itself encrypted while it travels between devices.
  • Removal cuts off access immediately. When a member is removed, they lose the ability to decrypt the budget that same instant — there is no grace period, and no copy of the budget they may have viewed earlier remains usable.
  • Equal data access while a member. All current members of a budget have the same read/write access to its transactions, plans, and bank connections. Only the owner can change membership.

8. Operational Monitoring

We respect your privacy by not including any third-party tracking:

  • No third-party analytics scripts (e.g., Google Analytics)
  • No advertising pixels or trackers (e.g., Facebook Pixel)
  • No session recording tools
  • No third-party cookies
  • No cross-site tracking

We do use Microsoft Azure Application Insights to monitor the operational health of the application — request counts, response times, error rates, and similar performance metrics. Application Insights data does not include your financial information, and any account or budget identifier appearing in diagnostics is shortened so it cannot be tied back to a specific person. Application Insights is operated by Microsoft as part of our cloud infrastructure and is not a third-party analytics service.

9. Email and Push Communications

We send a small number of transactional messages directly related to your use of the app:

  • Welcome — once, when you first complete onboarding
  • Pay Day reminder — on the day your next budget cycle starts, if you have email reminders enabled
  • Milestone — at the three-month mark, summarizing your progress
  • Membership change — when you are removed from a shared budget by the owner, you receive a one-time notification
  • Push notifications (iOS): same triggers as email; the notification body is generic and does not contain dollar amounts, account numbers, or transaction details

You can disable email reminders at any time from Settings → Email Preferences. iOS push notifications can be disabled in your iOS Settings → Notifications → Piggy Banks. We do not send marketing or promotional messages.

10. Data Retention and Deletion

We retain your data for as long as your account is active. You can permanently delete your account at any time from within the application.

If you are not in a shared budget

  • All your financial data is permanently deleted
  • All bank connection tokens are deleted
  • Your user profile is removed
  • The deletion is irreversible

If you are the owner of a shared budget

  • The entire budget is deleted, including data belonging to every other member
  • Every member's user profile is removed
  • Every bank connection token for the budget is deleted
  • We send a one-time notification to each removed member explaining what happened
  • The deletion is irreversible

If you are a member of a shared budget (not the owner)

  • Your user profile is removed
  • Your wrapped copy of the budget encryption key is deleted, removing your access
  • The budget itself, the other members, and any bank connections are unaffected

This only affects data stored by Piggy Banks. Your Microsoft, Google, or Apple account, and your bank accounts, are managed separately by their respective providers.

11. Your Data Subject Rights

Regardless of where you live, you have the following rights with respect to your data:

  • Access: You can view all the data we hold for you directly within the app — transactions, balances, budgets, and account settings. There is no separate data-access request needed.
  • Correction: You can edit your own data (transactions, budgets, profile) at any time within the app.
  • Deletion: You can permanently delete your account from Settings → Forget Me on web, or Settings → Delete Account on iOS. The deletion is described in §10.
  • Portability: A formal data export feature is not currently available; if you have an active request, contact us at help@piggybanksonline.com.
  • Restriction / Objection: Because we do not use your data for advertising, profiling, automated decision-making, or training machine-learning models, there are no marketing or analytics processes to restrict or object to.

12. Data Location

All data is stored on Microsoft Azure servers located in the United States.

13. Children's Privacy

Piggy Banks is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. California and EU Residents

We treat all users to the same privacy standard regardless of jurisdiction. The rights described in §11 are available to everyone. Specifically:

  • California (CCPA / CPRA): California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. The personal information we collect is described in §2; you can exercise the right to know and the right to delete via the in-app interfaces described in §11.
  • European Union (GDPR) and United Kingdom (UK GDPR): EU and UK residents have the right to access, rectify, erase, restrict, and object to processing of personal data, and the right to data portability. The mechanisms in §11 fulfill these rights for our service.

If you have a question we have not answered here, contact us at help@piggybanksonline.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this page. Your continued use of Piggy Banks after any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at help@piggybanksonline.com.