Privacy Policy

1. Introduction

Unveiled Budget ("we," "our," or "us"), operated by JNR Pomme LLC (dba Unveiled Software), provides a personal budgeting application. This Privacy Policy explains how we collect, use, and protect your information when you use our service at unveiledbudget.com.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication credentials managed through our identity provider (Keycloak).

Financial Data: When you connect your bank accounts through Plaid, we receive transaction history (up to 24 months), account balances, account details (name, type, last four digits), recurring transactions, and liability information. This data is used solely to provide budgeting features within the application.

Email Receipt Data (Google Gmail): If you connect your Gmail account through Google's OAuth flow, we use the https://www.googleapis.com/auth/gmail.readonly scope to read order-confirmation emails from a small allow-list of retailers (Amazon, Walmart, Sam's Club, Meijer). For each matching message we extract the order number, date, total, and line items, and store the resulting receipt record. We do not read, store, or process emails outside this allow-list. We never modify, send, or delete any messages on your behalf.

User-Created Data: Budget categories, goals, debt tracking entries, recurring rules, and other data you manually enter into the application.

Usage Data: We may collect basic usage information to improve the service, such as which features are used and error reports.

3. How We Use Your Information

• To provide and maintain the budgeting service
• To automatically categorize and organize your transactions
• To calculate budget progress, net worth, and financial insights
• To provide AI-powered financial recommendations (processed locally on our private servers — your data is never sent to external AI services)
• To detect recurring transactions and subscriptions
• To generate spending reports and forecasts

4. Data Security

We take the security of your financial data seriously:

• All data is transmitted over HTTPS (TLS 1.2+)
• Bank connection tokens are encrypted at rest using AES-256-GCM
• All AI processing runs on our private servers — your financial data never leaves our infrastructure
• Authentication is managed via Keycloak with multi-factor authentication (MFA) support
• Our infrastructure runs on a private Kubernetes cluster with role-based access controls

5. Third-Party Services

Plaid: We use Plaid to connect to your financial institutions. When you connect a bank account, Plaid accesses your financial data on your behalf. Plaid's use of your data is governed by Plaid's Privacy Policy.

Google (Gmail API): We use Google's Gmail API under the gmail.readonly scope to read order-confirmation emails when you connect your Gmail account. This is a read-only integration; we never compose, modify, or delete messages. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements (see Section 5a below).

Keycloak: We use a self-hosted Keycloak instance for authentication. Your credentials are managed securely on our own infrastructure.

5a. Google API Services Limited Use Disclosure

Unveiled Budget's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Gmail data only to provide the receipt-ingest feature explicitly requested by the user.
• We do not transfer Gmail data to third parties except as necessary to provide or improve the receipt-ingest feature, comply with applicable law, or in connection with a merger, acquisition, or sale of assets — and even then, only with the user's explicit consent.
• We do not use Gmail data for serving advertising, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Gmail data unless we have the user's affirmative agreement for specific messages, doing so is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or for our internal operations where the data has been aggregated and anonymized.

6. Data Sharing

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes. Your data is only shared with Plaid as necessary to provide the bank connection service, and only with your explicit consent when you connect an account.

7. Data Retention and Deletion

We retain your data for as long as your account is active. You may:

• Export your data at any time via CSV download
• Disconnect bank accounts to stop data syncing
• Request complete account deletion by contacting info@unveiledsoftware.com

Upon account deletion, all associated financial data, bank connection tokens, and personal information are permanently removed from our systems.

8. Your Rights

You have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at info@unveiledsoftware.com.

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the application or email.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

JNR Pomme LLC (dba Unveiled Software)
4666 Stewart Road
Lima, OH 45801
info@unveiledsoftware.com