Privacy Notice

What Data is Stored

When you deploy and use PiggyBack, the following data is stored in your own Supabase database:

• Account data: Email, display name, and authentication credentials (managed by Supabase Auth)
• Up Bank API tokens: Your personal access tokens, encrypted and stored with Supabase Row Level Security (RLS) enforced
• Transaction data: Synced from Up Bank via their official API
• Budget and goal data: Your budgets, savings goals, categories, and financial plans
• Partner linkage: If you connect with a partner, a relationship record linking two accounts

Up Bank Token Handling

Your Up Bank personal access token is required to sync transactions. Here’s how it’s handled:

• Stored in your Supabase database with Row Level Security
• Only accessible by your authenticated session
• Used server-side only to make API calls to Up Bank
• Never sent to any third-party service
• You can revoke it at any time from your Up Bank app

Analytics and Tracking

PiggyBack does not include any analytics, tracking, or telemetry by default. The application makes no external network requests other than to Up Bank’s API (for transaction syncing) and any AI providers you configure. If you add analytics to your deployment, that is your responsibility as the deployer.

AI Features

If you enable the AI chat assistant, your financial data may be sent to the AI provider you configure (Anthropic, OpenAI, or Google) as part of the chat context. This is controlled by your environment variables and your choice of AI provider. Review your chosen provider’s privacy policy for how they handle API inputs.

Data Deletion

Since you control the database, you can delete any or all data at any time through Supabase’s dashboard or SQL editor. Deleting your Supabase project will remove all PiggyBack data permanently.

Open Source

PiggyBack is MIT licensed and open source. You can audit the entire codebase on GitHub to verify exactly how your data is handled.