Privacy Policy

How FlexiBudget handles your personal data.

Last modified: 18 April 2026 · Imprint · Terms of Service

In this policy, we explain what personal information we handle when you use FlexiBudget — our marketing website at flexibudget.app, the application at my.flexibudget.app, and the services behind them (we'll just call all of this "FlexiBudget" or "the Service" from here on).

FlexiBudget is designed to be offline-first: the content (budgets, transactions, vehicle records, etc.) you create lives primarily in your own browser, on your own device. We sync it to our server so the same data is available when you open the app somewhere else — but we do not inspect their contents, sell them to anyone, share them with advertisers, or use them to train models. Your data is for your use, not ours.

This policy is written to comply with Polish and EU data-protection law, in particular the General Data Protection Regulation (GDPR). If you have any questions, concerns or requests relating to this Privacy Policy, please contact us at contact@flexibudget.app (our "Contact Information").

Who we are

FlexiBudget is operated by Sergei Krylov, a sole proprietor registered in the Polish CEIDG business register. Under GDPR we are the data controller for the information described below. Full legal and postal details are on our Imprint. Given our scale, we are not required to appoint a formal Data Protection Officer; privacy requests are handled directly using our Contact Information.

The information we collect, and how

Information you provide to us

Account information. When you create a FlexiBudget account, we ask for information that allows us to identify you and manage your account, such as your email address and a password. You may optionally provide additional information such as your name. We also generate a small amount of account-related information automatically, such as short-lived tokens used to confirm your email address or reset your password.

Content you create in the Service. As part of using FlexiBudget, you create content such as records of transactions, budgets, accounts, categories, vehicles, and related settings. This content is stored on your device and synced to our servers so that you can access it across devices. We treat this content as belonging to you and process it only to provide the Service to you.

Information you provide through interactive features. From time to time we may make available features that rely on software provided by third parties. For instance, if we offer you the opportunity to engage with certain software (such as a payment processor when you purchase a subscription to our Service) and you provide information about yourself while engaging with that software, your information may be shared with that third-party software and us.

Communications. If you contact us (for example by email) or respond to a message from us, we collect your contact details, the content of your message, and any other information you choose to include.

Information we collect automatically

Device and log information. When you use FlexiBudget, our servers automatically record certain information associated with your visit or use of the Service. This may include, for example, the type of device or browser you are using, approximate location, the pages you view, and the time of your activity. We use this information to operate, secure, and improve the Service.

Cookies and similar technologies. Our marketing website uses cookies and similar technologies to remember your preferences and to measure how visitors use the site. What we use, and the choices you have, is described in more detail in Cookies and similar technologies below.

Bot protection. Certain forms on our Service (such as account sign-up and login) use automated bot-protection tools to prevent abuse. These tools may briefly collect information about your browser and connection at the moment of submission.

Information from third parties

We may also receive information about you from third parties that provide services to us. For example, a payment processor may share subscription-related information (such as subscription status and identifiers) back to us so that we can reflect it in your account. These third parties are described further in Who we share your information with.

How we use this information

We use the information we collect about you for various purposes in our legitimate business interests, including:

1. To provide, maintain, improve, and develop the Service — including syncing your content across your devices, enabling features you have chosen to use, and adding new functionality over time.
2. To communicate with you about your account and the Service — for example, to confirm your sign-up, help you reset a forgotten password, notify you of important changes to our policies or subscription, and respond to your support requests.
3. To manage subscriptions and process payments — if you choose a paid plan, we use your information (and that of our payment processor) to manage your subscription and to ensure it renews or cancels as you have directed.
4. To keep the Service secure — we use the information we collect to prevent, detect and respond to fraud, abuse, unauthorised access, and other security issues.
5. To comply with legal obligations — for example, retaining invoices as required by Polish tax law, or responding to lawful requests from authorities.
6. To establish, exercise, or defend legal claims — where necessary to protect our rights, your rights, or those of a third party.
7. To understand how our website is used — on an aggregated, non-identifying basis and only where you have given consent, so that we can improve our website and the content it offers.
8. For other purposes described at the time of collection or with your consent — for example, if we ask you to participate in a survey or a beta test.

Under GDPR, the lawful bases we rely on for the above are performance of a contract (running your account, syncing, billing), legitimate interests (security, preventing abuse, responding to enquiries, defending claims), legal obligation (tax and similar record-keeping), and consent (for website analytics and any other optional processing you have explicitly agreed to). You can withdraw consent at any time without affecting the lawfulness of processing that took place before withdrawal.

Who we share your information with

We only share your information in the circumstances described below.

With your consent. We may share your information when you explicitly direct us to do so — for example, when you choose to use an interactive feature or sign up for an optional service that is provided by, or integrates with, a third party.

For business purposes. We provide information to vendors and service providers to help us provide the Service to you. These service providers are only permitted to use your information on our behalf and for the specific purposes we have instructed, and they are bound by appropriate confidentiality and data-protection obligations. Examples of our service providers include hosting and infrastructure providers, email providers, payment processors, and other service providers we use to run the Service.

For legal reasons. We may disclose your information if we believe in good faith that doing so is necessary to comply with a law, regulation, legal process, or a lawful request from a public authority; to enforce our Terms of Service; to protect the rights, property, or safety of FlexiBudget, our users, or others; or to investigate or prevent fraud, abuse, or security issues.

In connection with a business transfer. If FlexiBudget is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction. If this happens, we will notify you and ensure that any new controller is bound to treat your information in a manner consistent with this policy.

Aggregated or de-identified information. We may share information that has been aggregated or de-identified in such a way that it can no longer reasonably be used to identify you — for example, general usage statistics about the Service.

Where your data lives

We primarily store and process your information inside the European Economic Area (EEA), and we choose service providers that offer EEA-based hosting wherever reasonably possible. By using our Service or providing your information to us, you agree to us processing, transferring, or storing your information in other countries.

Some of our service providers are based outside the EEA (for example, in the United States) or may access or transfer data internationally as part of providing their services. Where that happens, we rely on the safeguards that the GDPR recognises for international transfers, including the European Commission's Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework.

How long we keep your data

We retain your personal information for as long as is necessary to provide the Service to you and to fulfil the purposes described in this Privacy Policy. When you close your account or request deletion of your data, we remove your account information from our active systems within 30 days. Copies of your information may remain in routine encrypted backups for up to a further 90 days before those backups are overwritten in the normal course of rotation.

Some information is retained for longer where we are required or entitled to do so by law, or where it is necessary to establish, exercise, or defend legal claims. In particular:

• Billing and tax records relating to paid subscriptions are retained for the period required by Polish tax law (currently five years from the end of the relevant tax year);
• Operational server logs are retained by our infrastructure providers for a limited period (typically up to one month) to allow diagnosis and investigation of technical issues;
• Correspondence (for example, email exchanges with support) is retained for as long as is reasonably necessary to handle the matter and any related follow-up.

Account deletion is currently carried out on request using our Contact Information. A self-service deletion option is planned for a future release of the Service, and this section will be updated when it becomes available.

Your rights over your data

Regardless of where you are located, we will respond to any request you make in relation to the personal information we hold about you. The specific rights that apply to you depend on the privacy laws that govern our relationship with you, as described below.

If European privacy laws apply to our relationship with you

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (or its local equivalent) applies to the processing of your personal information. Under those laws, you may exercise your right to:

• access the personal information we hold about you and request a copy;
• rectify personal information that is inaccurate or incomplete;
• erase your personal information (the "right to be forgotten"), subject to the limited retention obligations described above;
• restrict the processing of your personal information in certain circumstances;
• receive a portable copy of your personal information in a structured, commonly used, and machine-readable format, where technically feasible;
• object to processing of your personal information, including processing based on our legitimate interests or for direct marketing purposes;
• withdraw your consent where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal.

If you believe that we have not handled your personal information in accordance with applicable law, you also have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns directly — please contact us using our Contact Information.

If you are located outside Europe

You can contact us to exercise any of the rights described above regardless of where you are located — we apply the standards of the GDPR as a baseline worldwide. Depending on your jurisdiction, local privacy laws may grant you additional or different rights. If you believe such a law applies to our relationship with you and you wish to exercise your rights under it, please contact us and we will handle your request in line with the applicable law. For clarity, we do not sell your personal information and we do not share it for cross-context behavioural advertising.

How to exercise your rights

To submit a request, please contact us using our Contact Information. We will acknowledge your request within a reasonable period and will respond fully within 30 days. For particularly complex or numerous requests, applicable law may allow us to extend this period by up to two further months; where this applies, we will inform you of the extension and the reasons for it within the initial 30-day window.

Before acting on certain requests, we may ask you to provide information reasonably necessary to verify your identity and the scope of your request. This is a safeguard to prevent personal information being disclosed to someone other than the individual it concerns.

Cookies and similar technologies

Our Service uses cookies and similar local storage technologies on your device. This section explains what they are, why we use them, and how you can control them.

A cookie is a small text file that a website or application stores on your device when you interact with it. "Similar technologies" are other mechanisms that perform comparable functions, such as local storage in your browser. Depending on their purpose and duration, these technologies may be strictly necessary, functional, or optional.

The categories we use.

• Strictly necessary. Required for the Service to function — for example, keeping you signed in, remembering your cookie-banner choices, and, in the application, holding a local copy of your content so the Service works offline. These cannot be disabled without affecting core functionality of the Service.
• Security. Set by third-party tools we use to protect our forms (for example, on sign-up and login) from automated abuse. These are active only at the moment of submission.
• Analytics. On our marketing website only, these help us understand how visitors find and use the site so that we can improve it. They are set only with your consent.

When you first visit our marketing website, you can accept, refuse, or customise optional cookies through our cookie banner. You can change your decision at any time by reopening the banner. All modern browsers also let you view, delete, or block cookies at any time; instructions are available in the help pages of your browser. In the application, the Settings area lets you clear all locally stored content on the current device.

Security

We apply reasonable technical and organisational measures designed to protect the personal information we hold from unauthorised access, disclosure, alteration, or destruction. These include encryption of data in transit, secure storage of credentials, restricted access to systems, and safeguards to prevent sensitive information from being captured in operational logs.

In any case, and despite our efforts, using the Internet is never risk-free. As a result, we cannot guarantee the security of your information, and ultimately you use the Internet at your own risk. If you believe an incident has affected your information, please contact us using our Contact Information. Where required by law, we will investigate and notify you and the relevant supervisory authority within the timelines set by the GDPR.

Children

The Service is not directed to children and we do not knowingly collect personal information from anyone under the age of 16. If you believe that a child has provided us with personal information, the associated account can be closed and the information deleted as described above.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the Service, our practices, or applicable law. Whenever we make changes, we will update the "Last modified" date at the top of the page. For material changes, we will also notify registered users by email before the changes take effect.

We encourage you to review this page periodically. Your continued use of the Service after an updated Privacy Policy takes effect constitutes your acceptance of it. If you do not agree with a change, you may close your account as described above.