Privacy Policy
Last updated: June 23, 2026 · Geifon LLC
1. Who we are
UniBudget is operated by Geifon LLC, a company registered in the United States. References to "we", "us", or "our" in this policy mean Geifon LLC.
For privacy enquiries: admin@geifon.com
2. What data we collect and why
Account information
When you create an account we collect your email address and optionally your name. This is used to sign you in, send you security notifications, and respond to support requests. Legal basis: contract performance.
Budget and category data
The monthly budget amounts, spending categories, and labels you configure inside the app. This data exists only to provide the service to you. Legal basis: contract performance.
Bank transaction data
When you connect a bank account, we receive read-only transaction data from your financial institution via regulated third-party providers (see Section 4). This includes: merchant name, transaction amount, date, and category. We use this data solely to calculate and display your remaining budget. We do not use transaction data for advertising, profiling, or sale to third parties. Legal basis: contract performance / legitimate interest.
Usage analytics
With your consent (via the cookie banner), we may collect anonymised usage events (e.g. which screens are visited, feature usage frequency) to improve the app. No financial data is included in analytics events. Legal basis: consent.
3. Data we never collect
- Your online banking username or password
- Your bank account number or sort code / routing number
- Your Social Security Number or National Insurance Number
- Payment card numbers
- Any ability to initiate payments or transfers on your behalf
4. Third-party service providers
Plaid (United States)
For US bank connections we use Plaid Inc. to retrieve transaction data. Plaid connects directly to your bank using your consent, retrieves data on our behalf, and returns it to us. Plaid never shares your credentials with us. Plaid is subject to its ownEnd User Privacy Policy. By connecting a US bank account you also agree to Plaid's terms.
TrueLayer (United Kingdom & Ireland)
For UK and Irish bank connections we use TrueLayer Limited, an FCA-authorised Account Information Service Provider. TrueLayer connects to your bank via Open Banking, retrieves read-only transaction data, and returns it to us. TrueLayer's privacy policy is available attruelayer.com/privacy-policy.
Supabase (Infrastructure)
All data is stored and processed on infrastructure provided by Supabase Inc.Supabase is our data processor and acts only on our instructions. Data is stored in EU-region servers for users in the EU and UK. Supabase is SOC 2 Type II certified.
5. How we protect your data
- Encryption in transit: All data between the app and our servers is transmitted over TLS 1.3.
- Encryption at rest: Bank access tokens (the credentials that allow us to pull your transactions) are stored encrypted using AES-256 via Supabase Vault. They are never stored in plaintext and are never transmitted to the app.
- Least-privilege access: The app can only read your own data. Bank token storage is isolated in a server-side private schema with no client access — only our back-end servers can read them.
- No password storage: We use Supabase Auth. Passwords are hashed using bcrypt. We never see your plaintext password.
6. Data retention
We retain your data for as long as your account is active. If you delete your account, we permanently delete all your personal data, budget data, and transaction history within 30 days. Bank access tokens are revoked and deleted immediately upon account deletion or when you disconnect a bank account.
We may retain anonymised, aggregated data (e.g. total number of users per country) with no link to your identity for product improvement purposes indefinitely.
7. Your rights
Depending on where you live, you have the following rights:
All users
- Access: Request a copy of the data we hold about you.
- Correction: Ask us to correct inaccurate data.
- Deletion: Request permanent deletion of your account and data.
- Disconnect bank: Disconnect a linked bank at any time inside the app. This immediately revokes access and stops future transaction syncs.
EU and UK users (GDPR / UK GDPR)
- Portability: Request your data in a machine-readable format.
- Restriction: Ask us to restrict processing while a dispute is resolved.
- Object: Object to processing based on legitimate interest.
- Withdraw consent: Withdraw analytics consent at any time via app settings.
- You have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK).
California users (CCPA)
We do not sell personal information as defined by the CCPA. California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (which is not applicable as we do not sell data).
To exercise any right, email admin@geifon.com from the address associated with your account.
8. Cookies
The marketing website (unibudgit.com) uses a cookie consent banner. We set no tracking cookies without your explicit consent. Strictly necessary cookies (session management) are set regardless of consent as they are required for the site to function.
The UniBudget mobile app does not use cookies.
9. Children's privacy
UniBudget is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at admin@geifon.com and we will delete it promptly.
10. Changes to this policy
We may update this policy as the product evolves. Material changes will be notified via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Geifon LLC
Privacy enquiries: admin@geifon.com