Privacy Policy
Last updated: 2026-04-06
The controller responsible for your personal data is:
- Company: OÜ Digitechnology
- Registry code: 16586255
- Address: Seebi tn 1-703, Tallinn, Harjumaa
- Email: [email protected]
We process a limited set of data needed to operate {appName}.
2.1 Account and access data
- Email address used for authentication and account notices
- Password hash and authentication metadata
- Account creation date and locale preference
- Session metadata such as login times and IP address
2.2 Financial data
- Budgets, categories, transactions, and recurring items
- Investment and credit tracking records
- Exports and backups generated from your account data
Important: financial data is encrypted in your browser before it is stored on our servers. We are designed so that we do not routinely access your financial data in plain text.
2.3 Technical and browser-side data
- Request logs, user agent data, and security event metadata
- Browser cookies required for sessions and locale routing
- Optional theme preference stored locally in your browser
We use personal data only for the purposes necessary to operate, secure, and support the service.
| Purpose | Legal basis |
|---|---|
| Providing accounts, budgets, and encrypted data storage | |
| Authentication, session handling, and account recovery | |
| Abuse prevention, rate limiting, and security monitoring | |
| Replying to support, billing, or legal requests | |
| Meeting accounting, audit, and other statutory duties |
- Account records: kept while your account remains active and removed within 30 days after confirmed deletion, unless a longer period is required by law.
- Encrypted financial data: kept while your account is active and deleted within 30 days after account deletion.
- Security logs: kept for up to 90 days unless they must be retained longer for an active incident, fraud investigation, or legal obligation.
- Support records: typically kept for up to 3 years after resolution.
We do not sell personal data.
We may share limited data with infrastructure, hosting, security, backup, and email service providers that help us operate the service, as well as with authorities when required by law.
We aim to keep primary production infrastructure in the EU/EEA where practical. If a provider processes limited technical data outside the EU/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
Subject to the GDPR, you may request access, rectification, erasure, restriction, portability, or objection, and you may withdraw consent where consent is the basis for processing.
To exercise your rights, email [email protected]. We will respond within the applicable statutory deadline.
We use a small number of essential cookies and browser storage entries for authentication, locale routing, and theme preference.
See our Cookie Policy for the current list.
We use client-side encryption, TLS, password hashing, session controls, and operational safeguards to protect the service.
More detail is available in our Security Policy.
OÜ Digitechnology is not intended for children under 16. If you believe a child has provided personal data without proper authorization, contact us at [email protected].
You may also lodge a complaint with the competent supervisory authority in Estonia:
Authority: Andmekaitse Inspektsioon (AKI)
We may update this notice when the service, laws, or vendor setup changes. Material changes will be reflected on this page by updating the last-updated date.