Privacy Policy

Last updated: November 7, 2025

1. Introduction

Welcome to Budget Sprout ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal and financial data. This privacy policy explains how we collect, use, store, and protect your information when you use our financial management service, including our integration with third-party financial data providers.

By using Budget Sprout, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

  • Identity Data: First name, last name, username, date of birth
  • Contact Data: Email address, phone number, mailing address
  • Account Data: Username, password (encrypted), security questions
  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Information about how you interact with our service

2.2 Financial Information

With your explicit consent, we collect and process financial information through our integration with Plaid Inc., a third-party financial data aggregator:

  • Bank Account Information: Account numbers, routing numbers, account types, account balances
  • Transaction Data: Transaction history, amounts, dates, merchant names, categories
  • Financial Institution Data: Bank names, account holder names, linked accounts
  • Credit and Investment Data: Credit card balances, investment account values, loan information

Important: We never directly receive or store your online banking login credentials. When you connect your financial accounts, you provide your credentials directly to Plaid through their secure interface. Plaid then provides us with an access token to retrieve your financial data.

2.3 Automatically Collected Information

  • Cookies and tracking technologies
  • Log files and server data
  • Device identifiers and mobile analytics
  • Location data (with your permission)

3. How We Use Your Information

We use your personal and financial information for the following purposes:

3.1 Service Provision

  • Create and manage your Budget Sprout account
  • Aggregate and display your financial information from multiple accounts
  • Categorize and analyze your transactions
  • Generate budgets, financial insights, and spending reports
  • Provide personalized financial recommendations
  • Track your financial goals and progress
  • Send account notifications and service updates

3.2 Service Improvement

  • Improve and optimize our services and user experience
  • Develop new features and functionality
  • Conduct research and analytics
  • Detect, prevent, and address technical issues and bugs

3.3 Security and Compliance

  • Verify your identity and prevent fraud
  • Protect against unauthorized access and security threats
  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service

3.4 Communications

  • Send you service-related notifications (account alerts, security notifications)
  • Respond to your inquiries and provide customer support
  • Send marketing communications (with your consent, which you can withdraw at any time)

We will never: Sell your personal or financial information to third parties, use your data to advertise third-party products without your consent, or share your financial information with anyone except as described in this policy.

4. Financial Data Provider (Plaid)

Budget Sprout uses Plaid Inc. ("Plaid") to connect your financial accounts and retrieve your financial data. When you link a financial account, you authorize Plaid to access and retrieve your information from your financial institution.

4.1 How Plaid Works

  • You provide your financial institution login credentials directly to Plaid through their secure interface
  • Plaid verifies your credentials with your financial institution
  • Plaid retrieves your financial data and shares it with Budget Sprout through secure APIs
  • We receive an access token that allows us to request updated data from Plaid

4.2 Your Control Over Plaid Connection

You can disconnect your financial accounts from Plaid at any time through your Budget Sprout account settings. This will:

  • Revoke Budget Sprout's access to your financial data
  • Stop new data from being retrieved
  • Preserve your historical data unless you request deletion

4.3 Plaid's Privacy Policy

Plaid's data collection and use practices are governed by their own privacy policy, available at https://plaid.com/legal/#end-user-privacy-policy. We encourage you to review Plaid's privacy policy before connecting your accounts.

5. How We Share Your Information

We limit sharing of your information to the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

  • Plaid Inc.: Financial data aggregation and account connectivity
  • Cloud Infrastructure Providers: Data hosting and storage (e.g., AWS, Google Cloud)
  • Analytics Services: Usage analytics and service improvement
  • Customer Support Tools: Help desk and communication platforms
  • Security Services: Fraud detection and prevention services

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Budget Sprout, our users, or others
  • Investigate fraud, security issues, or technical problems
  • Respond to claims of illegal activity or policy violations

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement comprehensive security measures to protect your personal and financial information:

6.1 Encryption

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Data at Rest: Your financial data is encrypted using AES-256 encryption when stored in our databases
  • Password Protection: Your password is hashed and salted using industry-standard algorithms (bcrypt)

6.2 Access Controls

  • Multi-factor authentication available for user accounts
  • Role-based access controls for Budget Sprout employees
  • Regular access reviews and privilege audits
  • Minimal necessary access principle for all systems

6.3 Infrastructure Security

  • Secure cloud hosting with enterprise-grade security
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Continuous monitoring for suspicious activity
  • Regular security patches and updates

6.4 Organizational Security

  • Employee security training and awareness programs
  • Background checks for employees with data access
  • Confidentiality agreements with all employees and contractors
  • Incident response plan for security breaches

Important: While we implement strong security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Your data is retained while your account is active and for a reasonable period after closure to comply with legal requirements
  • Financial Data: Transaction history and financial data are retained to provide historical insights and comply with financial regulations
  • Deleted Accounts: After account deletion, we retain certain information for up to 7 years to comply with tax, legal, and accounting requirements
  • Backup Systems: Data may persist in backup systems for up to 90 days after deletion from production systems

You can request deletion of your data at any time by contacting us at privacy@budgetsprout.com. We will process your request within 30 days, subject to legal retention requirements.

8. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal information:

8.1 Access and Portability

  • Request a copy of your personal data
  • Export your data in a machine-readable format
  • Receive information about how we process your data

8.2 Correction and Updates

  • Update your personal information through your account settings
  • Request correction of inaccurate data

8.3 Deletion

  • Request deletion of your account and associated data
  • Disconnect financial accounts to stop data collection
  • Delete specific transactions or categories

8.4 Consent Management

  • Withdraw consent for data processing at any time
  • Opt out of marketing communications
  • Manage cookie preferences
  • Disconnect Plaid access to your financial accounts

8.5 Other Rights

  • Object to Processing: Object to our processing of your data for specific purposes
  • Restrict Processing: Request limitation of how we use your data
  • Lodge a Complaint: File a complaint with your local data protection authority
  • Non-Discrimination: Exercise your rights without discriminatory treatment

To exercise any of these rights, contact us at privacy@budgetsprout.com or through your account settings. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and collect usage data:

9.1 Types of Cookies We Use

  • Essential Cookies: Required for basic functionality and security (e.g., session management, authentication)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with our service
  • Marketing Cookies: Track advertising effectiveness (with your consent)

9.2 Managing Cookies

You can control cookies through your browser settings and our cookie preference center. Note that disabling certain cookies may limit functionality of our service.

10. Email Communications and Marketing Compliance

We comply with applicable email marketing laws, including the CAN-SPAM Act (United States) and Canada's Anti-Spam Legislation (CASL).

10.1 Types of Emails We Send

  • Transactional Emails: Account notifications, security alerts, password resets, account activity summaries (these are essential service emails and cannot be unsubscribed from while you have an active account)
  • Service Updates: Important changes to our Terms of Service, Privacy Policy, or service features
  • Marketing Emails: Product updates, tips, financial insights, promotional offers, newsletters (you can opt out at any time)

10.2 Your Email Preferences

You have control over the marketing emails you receive:

  • Opt-Out: Every marketing email includes an "unsubscribe" link at the bottom. We will process your opt-out request within 10 business days
  • Preference Center: Manage your email preferences through your account settings to choose which types of emails you want to receive
  • Contact Us: Email privacy@budgetsprout.com to update your preferences or opt out of marketing communications

10.3 CAN-SPAM Act Compliance (U.S.)

In compliance with the CAN-SPAM Act, we ensure:

  • Our emails clearly identify Budget Sprout as the sender
  • Subject lines accurately reflect the email content
  • All marketing emails are clearly identified as advertisements when required
  • Our physical business address is included in all emails
  • Unsubscribe requests are honored promptly (within 10 business days)
  • We monitor compliance by any third parties sending emails on our behalf

10.4 CASL Compliance (Canada)

In compliance with Canada's Anti-Spam Legislation (CASL), we:

  • Obtain express or implied consent before sending commercial electronic messages
  • Clearly identify Budget Sprout in all communications
  • Provide a functioning unsubscribe mechanism in every commercial message
  • Include our contact information in all commercial messages
  • Honour unsubscribe requests promptly (within 10 business days)
  • Maintain records of consent and unsubscribe requests

Note: Even if you opt out of marketing emails, you will continue to receive essential transactional emails related to your account activity, security, and service updates as these are necessary for providing our service.

11. International Data Transfers

Budget Sprout is based in Canada. If you access our service from outside Canada, your information may be transferred to, stored, and processed in Canada or other countries where our service providers operate.

We implement appropriate safeguards to ensure your data receives adequate protection, including Standard Contractual Clauses approved by regulatory authorities.

12. Children's Privacy

Budget Sprout is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@budgetsprout.com, and we will delete such information.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights
  • Right to correct inaccurate personal information

To exercise these rights, contact us at privacy@budgetsprout.com with "California Privacy Request" in the subject line.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including those outlined in Section 8. Our legal basis for processing your data includes:

  • Consent: You have given clear consent for specific processing activities
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal Obligation: Processing is required by law
  • Legitimate Interests: Processing is necessary for our legitimate business interests

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through a prominent notice on our website
  • For significant changes, request your renewed consent where required by law

We encourage you to review this policy periodically. Your continued use of Budget Sprout after changes become effective constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Budget Sprout Privacy Team

📧 Email: privacy@budgetsprout.com

🌐 Website: Contact Form

📮 Mailing Address: 72, 431B 41st Avenue NE, Calgary, AB T2E 2N4

⏱️ Response Time: We aim to respond to all privacy inquiries within 30 days

For data protection inquiries from the EEA or UK, you may also contact our Data Protection Officer at dpo@budgetsprout.com.

← Back to Home