1. Introduction
This Privacy Policy describes how Global Transaction Systems, LLC (“we,” “us,” or “our”), operating as ExpenseBuddy.io, collects, uses, maintains, and discloses information collected from users (“you” or “User”) of the ExpenseBuddy.io website and service (the “Service”).
By creating an account or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register for an ExpenseBuddy account, we collect:
- First and last name
- Email address
- Phone number (optional)
- Password (stored in encrypted/hashed form only)
2.2 Financial Information You Enter
When you use the Service to manage your finances, you may voluntarily provide:
- Account names, types, and balances
- Transaction details (dates, amounts, descriptions, categories, notes)
- Budget amounts and category configurations
- Institution names and partial account numbers (last four digits)
2.3 Banking Data via Plaid
If you choose to link a bank account, we use Plaid Inc. to securely access your financial institution. Through Plaid, we receive:
- Account names, types, and balances
- Transaction history (merchant names, amounts, dates, categories)
- Account and routing numbers (used only for account identification)
🔒 Important: We never receive, see, or store your bank login credentials (username or password). Plaid handles all authentication directly with your financial institution using bank-grade encryption.
2.4 Automatically Collected Information
When you access the Service, our servers may automatically record:
- Browser type and version
- Device type and operating system
- IP address
- Pages visited and time spent
- Referring URL
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Description |
|---|---|
| Provide the Service | Create and manage your account, process transactions, generate reports, track budgets, and calculate net worth |
| Bank Integration | Import transactions from linked banks, display balances, and detect duplicates |
| AI Categorization | Analyze transaction descriptions to suggest appropriate expense/income categories |
| Communications | Send account verification emails, password reset links, and important service notifications |
| Security | Detect, prevent, and respond to fraud, abuse, or security incidents |
| Improvement | Analyze usage patterns to improve features, fix bugs, and enhance user experience |
4. Plaid & Banking Data
Our use of Plaid is governed by both this Privacy Policy and the Plaid End User Privacy Policy.
When you connect a bank account through Plaid:
- Your bank credentials are transmitted directly between you and Plaid — we never access, see, or store them.
- Plaid provides us with an access token that allows us to retrieve account and transaction data on your behalf.
- We receive and store: account names, account types, account balances (available, current, and credit limits where applicable), and transaction data (merchant names, amounts, dates, Plaid-assigned categories, and transaction identifiers).
- We store Plaid access tokens, item IDs, and cursor values for ongoing transaction synchronization in our database.
- Transaction data is synced using Plaid’s cursor-based sync API, which retrieves new, modified, and removed transactions since the last sync.
- We store Plaid transaction IDs to prevent duplicate imports and to track which transactions originated from bank sync.
- You may disconnect (unlink) your bank at any time from the Linked Banks page. Disconnecting revokes the Plaid access token and stops future data syncing, but does not automatically delete previously imported transactions from your ExpenseBuddy account.
- To request deletion of previously imported transactions, contact us at support@expensebuddy.io.
Plaid uses 256-bit encryption for all data in transit and at rest, and undergoes regular security audits. For more information, visit plaid.com/safety.
📊 What Plaid data we store: Account metadata (names, types, balances), transaction details (merchant, amount, date, category), and technical identifiers (Plaid item IDs, access tokens, transaction IDs, sync cursors). We do not store your bank login credentials, full account numbers, or social security number.
5. AI Data Processing
ExpenseBuddy uses the Anthropic Claude API to provide intelligent transaction categorization. When AI categorization is performed:
- Transaction descriptions (merchant names) and your category list are sent to the Anthropic API for analysis.
- No personally identifiable information (name, email, account numbers) is included in AI requests.
- Anthropic does not use data submitted through their API to train their models.
- AI suggestions are returned to ExpenseBuddy and presented as recommendations that you review and approve before import.
🤖 AI Transparency: AI categorization is always a suggestion. You maintain full control over how transactions are categorized and can modify or reject any AI recommendation before it is saved to your account.
6. Data Sharing & Third Parties
We do not sell, trade, or rent your personal or financial information to third parties for marketing purposes.
We may share information with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid Inc. | Bank account linking and transaction retrieval | Access tokens, account identifiers |
| Anthropic | AI-powered transaction categorization | Transaction descriptions, category names (no PII) |
| SendGrid (Twilio) | Email delivery | Email address, email content (verification links, password resets) |
| Stripe | Subscription payment processing | Payment card details (handled directly by Stripe), email address |
| NMI | Payment processing | Payment card details (handled via tokenization), billing information |
| AWS (Amazon) | Hosting infrastructure | All service data (encrypted at rest and in transit) |
We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Global Transaction Systems, LLC, our users, or the public.
7. Data Security
We implement industry-standard security measures to protect your information:
- Password Protection: All passwords are hashed using bcrypt before storage. We never store plain-text passwords.
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (256-bit encryption).
- Secure Token Management: Email verification and password reset tokens are generated using cryptographically secure random bytes.
- Access Controls: Access to user data is restricted to authorized personnel and systems only.
- Independent Security Testing: We engage third-party security firms (including NightVision.net) to conduct penetration testing and vulnerability assessments.
While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to following best practices and promptly addressing any vulnerabilities.
8. Cookies & Local Storage
ExpenseBuddy uses a minimal set of cookies and browser storage:
| Type | Purpose | Duration |
|---|---|---|
| Session Cookie | Maintains your login session as you navigate the site | Browser session (or 30 days for “remember me”) |
| User ID Cookie | Identifies your account for authenticated requests | 30 days |
| Theme Preference | Stores your light/dark mode preference (localStorage) | Persistent until cleared |
We do not use third-party advertising cookies, tracking pixels, or analytics services that share data with advertisers.
9. Data Retention
We retain your account information and financial data for as long as your account is active and as needed to provide the Service. If you wish to delete your account and associated data, please contact us at support@expensebuddy.io.
Upon account deletion:
- Your account profile, transactions, categories, budgets, and linked bank data will be permanently deleted from our active systems.
- Backup copies may be retained for up to 90 days for disaster recovery purposes before being purged.
- Data that is required to be retained by law (such as for tax or legal compliance) may be kept for the legally mandated period.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of any inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Request your data in a structured, commonly used format.
- Objection: Object to certain processing of your personal data.
- Withdrawal of Consent: Withdraw consent for data processing at any time (this does not affect processing prior to withdrawal).
To exercise any of these rights, please contact us at support@expensebuddy.io. We will respond to your request within 30 days.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.
11. Children’s Privacy
ExpenseBuddy is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete it. If you believe a child under 13 has created an account, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page. For material changes, we may notify you via email or by posting a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
| Channel | Details |
|---|---|
| Company | Global Transaction Systems, LLC |
| support@expensebuddy.io | |
| Phone | (805) 414-0684 |
| Website | expensebuddy.io |