Privacy Policy

Last updated: December 2025

This Privacy Policy explains how Benjis ("we", "us", "our") collects, uses, and protects your personal data when you use our finance tracking application and website.

Who We Are

Benjis operates a finance tracking service accessible at benjis.app. For privacy inquiries, contact us at hello@benjis.app.

Data We Collect

Account Information

  • Email address (required for authentication)
  • Name and username
  • Locale and currency preferences

Technical Data

  • IP address and browser user agent (for security and session management)
  • Device type for passkey authentication

Financial Data

  • Transaction data you input into the app
  • Budget and category information you create

Payment Information

  • Billing details processed by Polar (we don't store card numbers)
  • Subscription status and purchase history

Usage Data

  • How you interact with our app (via PostHog analytics)
  • Feedback and bug reports you submit

Why We Process Your Data

  • Provide our service — Contract performance
  • Process payments — Contract performance
  • Send transactional emails — Contract performance
  • Improve our product — Legitimate interest
  • Analytics — Legitimate interest (with opt-out)
  • Security and fraud prevention — Legitimate interest

Third-Party Services

We share data with these providers to operate our service:

  • Supabase — Database & storage (account data, app data)
  • Vercel — Hosting (technical logs)
  • Polar — Payments (billing info)
  • Resend — Email delivery (email address, name)
  • PostHog — Product analytics (usage patterns, device info)

All providers have Data Processing Agreements in place.

International Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States. We rely on:

  • EU-US Data Privacy Framework certifications
  • Standard Contractual Clauses
  • Adequacy decisions where applicable

Data Retention

  • Account data: Kept while your account is active, deleted immediately upon account deletion
  • Payment records: Retained for 7 years for legal/tax compliance
  • Analytics data: Aggregated and anonymised after 24 months
  • Session logs: Deleted after 90 days

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a portable format
  • Object to processing based on legitimate interest
  • Withdraw consent where applicable

To exercise these rights, email hello@benjis.app. We respond within 30 days.

Cookies

We use:

  • Essential cookies: Session management, authentication (required)
  • Analytics cookies: PostHog for product improvement (can be disabled)

You can manage cookie preferences in your browser settings.

Security

We protect your data with:

  • Encryption in transit (TLS) and at rest
  • Secure authentication (magic links, passkeys, 2FA)
  • Access controls and audit logging
  • Regular security reviews

Children

Our service is not intended for users under 16. We do not knowingly collect data from children.

Changes

We may update this policy and will notify you of significant changes via email or in-app notice.

Contact

For privacy questions or to exercise your rights:

  • Email: hello@benjis.app
  • You may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk