Data Security & Disclaimers

Last updated: January 2, 2025

1. Data Security Overview

At BudgetBetter, we take the security of your financial data seriously. This document outlines our comprehensive approach to protecting your information and important disclaimers regarding our services.

2. Technical Security Measures

2.1 Data Encryption

  • In Transit: All data transmitted between your device and our servers is protected using TLS 1.3 encryption
  • At Rest: Financial data is encrypted using AES-256 encryption when stored in our databases
  • Password Protection: User passwords are hashed using bcrypt with adaptive cost factors

2.2 Infrastructure Security

  • Secure cloud hosting with enterprise-grade security controls
  • Regular security updates and patch management
  • Intrusion detection and prevention systems
  • Network firewalls and access controls
  • Automated backup systems with encryption

2.3 Access Controls

  • Multi-factor authentication for user accounts
  • Role-based access control for family groups
  • Principle of least privilege for system access
  • Regular access reviews and deprovisioning
  • Audit logging for all data access events

3. Data Handling Practices

3.1 Data Minimization

We collect and process only the financial information necessary to provide our services. We do not store:

  • Full banking credentials (we use read-only access where applicable)
  • Credit card numbers or payment details
  • Social Security Numbers or tax identification numbers
  • Unnecessary personal identifiers

3.2 Data Anonymization

  • Analytics data is anonymized before processing
  • Aggregated reporting removes personally identifiable information
  • Research data is de-identified and cannot be traced back to individuals

3.3 Secure Development Practices

  • Regular security code reviews and testing
  • Automated vulnerability scanning
  • Secure coding standards and training
  • Third-party security audits

4. Incident Response and Monitoring

4.1 Continuous Monitoring

  • 24/7 system monitoring and alerting
  • Automated threat detection systems
  • Regular security assessments and penetration testing
  • Real-time fraud detection and prevention

4.2 Incident Response Plan

In the event of a security incident, we will:

  • Immediately contain and assess the incident
  • Notify affected users within 72 hours when required by law
  • Cooperate with law enforcement and regulatory authorities
  • Implement corrective measures to prevent recurrence
  • Provide regular updates on incident resolution

5. User Security Responsibilities

5.1 Account Security Best Practices

To help protect your account, please:

  • Use a strong, unique password for your BudgetBetter account
  • Enable two-factor authentication (2FA) when available
  • Keep your contact information up to date
  • Log out of shared or public devices
  • Monitor your account regularly for suspicious activity
  • Report any security concerns immediately

5.2 Safe Usage Guidelines

  • Do not share your login credentials with others
  • Be cautious when using public Wi-Fi networks
  • Keep your devices updated with latest security patches
  • Use reputable antivirus software
  • Be wary of phishing attempts and suspicious emails

6. Important Disclaimers

6.1 Financial Advice Disclaimer

⚠️ No Financial Advice

BudgetBetter is a financial management tool and does not provide financial, investment, tax, or legal advice. The information provided by our platform is for informational purposes only and should not be considered as professional financial advice.

  • Always consult qualified financial professionals for investment decisions
  • Tax implications vary by individual circumstances and jurisdiction
  • Past performance does not guarantee future results
  • We are not licensed financial advisors, accountants, or tax professionals

6.2 Data Accuracy Disclaimer

📊 Data Accuracy Responsibility

Users are responsible for the accuracy of all financial information entered into BudgetBetter:

  • We do not verify the accuracy of manually entered data
  • Automated data imports may contain errors from source institutions
  • Users should regularly review and reconcile their financial data
  • We recommend comparing platform data with official bank statements

6.3 Service Availability Disclaimer

🔧 Service Availability

While we strive for high availability, we cannot guarantee uninterrupted service:

  • Scheduled maintenance may temporarily limit access
  • Technical issues may cause occasional outages
  • Third-party service disruptions may affect functionality
  • We are not liable for losses due to service interruptions

7. Compliance and Certifications

7.1 Regulatory Compliance

BudgetBetter maintains compliance with relevant financial data protection regulations:

  • Data protection laws (GDPR, CCPA, etc.)
  • Financial privacy regulations
  • Industry security standards
  • Regional financial services regulations

7.2 Security Standards

  • PCI DSS compliance for payment data handling
  • SOC 2 Type II certification (in progress)
  • OWASP security testing protocols
  • Regular third-party security assessments

8. Limitation of Liability

⚖️ Legal Limitations

To the maximum extent permitted by law, BudgetBetter's liability is limited as follows:

  • We are not liable for financial losses resulting from user decisions
  • Our liability for data breaches is limited to legal minimums
  • We are not responsible for third-party service failures
  • Users acknowledge they use the service at their own risk
  • Total liability is limited to fees paid in the preceding 12 months

9. Third-Party Integrations

9.1 Bank Connection Security

When connecting bank accounts through third-party providers:

  • We use read-only access to financial data
  • Connections are encrypted end-to-end
  • We do not store banking credentials
  • Users can revoke access at any time

9.2 Service Provider Security

All third-party service providers are required to:

  • Maintain appropriate security certifications
  • Sign data processing agreements
  • Undergo regular security assessments
  • Comply with our data protection standards

10. Reporting Security Issues

10.1 Vulnerability Disclosure

If you discover a security vulnerability, please:

  • Contact us immediately through secure channels
  • Provide detailed information about the issue
  • Do not publicly disclose the vulnerability
  • Allow reasonable time for investigation and remediation

10.2 Responsible Disclosure

We appreciate security researchers who follow responsible disclosure practices. We commit to:

  • Acknowledge receipt of vulnerability reports within 48 hours
  • Provide regular updates on investigation progress
  • Credit researchers appropriately (with permission)
  • Fix verified issues promptly and thoroughly

11. Updates and Changes

This document may be updated periodically to reflect:

  • Changes in security practices and technologies
  • New regulatory requirements
  • Improvements in data protection measures
  • User feedback and security recommendations

Material changes will be communicated through our platform and via email to registered users.

12. Contact Information

For security-related questions, vulnerability reports, or data protection inquiries, please contact us through the secure support channels provided in the application. Our security team monitors these channels continuously and will respond promptly to all legitimate inquiries.

Return to BudgetBetter