Back

Privacy Policy for Nomad Budget

Privacy Policy

Last updated: 18 June 2026

Nomad Budget ("we", "us", "our") is a multi-currency personal budgeting application. This policy explains what data we collect, why, who can access it, and the choices you have.

If anything here is unclear, email support@nomadbudget.io.

Who is responsible for your data

Nomad Budget is operated by Renato Mendoza (Lima, Peru). For the purposes of GDPR (where applicable) and similar regimes, we are the data controller for the information described below.

Contact for privacy questions or rights requests: support@nomadbudget.io.

What we collect

We only collect what we need to run the budgeting service you signed up for.

Account data

  • Email address
  • Password — stored only as an Argon2id hash; we never see your plaintext password
  • Optional display name

Financial data you enter

  • Accounts: name, currency, starting balance, tracking flag
  • Categories: names, parent grouping, preferred currency
  • Transactions: amount, currency, account, category, payee, date, memo, cleared flag, exchange rate at save time
  • Transfers between accounts
  • Budget assignments per month and category

Settings

  • Base currency
  • Timezone

Subscription data

  • Trial start date, subscription status, and renewal / expiry dates
  • Payments are processed by Apple. We never receive or store your card or payment-card details. Subscription status is managed through Apple and RevenueCat.

Operational data

  • Authentication tokens (issued on login, revoked on logout, password reset, or account deletion)
  • Standard HTTP request metadata captured by our hosting provider for debugging and abuse protection (IP address, user agent, timestamps). This data is not linked to your in-app records and is retained briefly.

What we do not collect

  • Location (GPS or otherwise)
  • Contacts, calendars, photos, microphone, or camera
  • Biometric data
  • Any data about your activity outside the Nomad Budget app
  • Bank or financial-institution credentials — Nomad Budget does not connect to banks; every transaction is entered by you
  • Marketing / advertising identifiers

How we use your data

  • To operate the budgeting features you use: storing, displaying, calculating, and converting your budget data
  • To authenticate you on each request
  • To send transactional emails: password-reset codes and account-deletion confirmations
  • To convert amounts between currencies using historical and current exchange rates from a third-party rates provider (no personal data is sent to that provider)
  • To manage your free trial and subscription status (via Apple and RevenueCat)
  • To monitor crashes and errors so we can keep the app working, and to prevent abuse

We do not sell your data, use it for advertising, or share it for purposes unrelated to operating the service.

Third parties that help us run the service

We share the minimum data necessary with the following processors. Each is bound by their own privacy and security commitments.

ProcessorPurposeData sharedRegion

Render (Render Services, Inc.)

Application hosting + managed Postgres database

All in-app records you create

United States

Cloudflare, Inc.

DNS, TLS, edge protection for our domain

Standard HTTP request metadata

Global

Resend (Resend, Inc.)

Transactional email delivery (password reset + account deletion confirmations)

Recipient email address, message subject, message body

United States

Frankfurter

Public currency-rates API

Currency-pair queries with no user identifier

European Union

Sentry (Functional Software, Inc.)

Crash + error monitoring

Diagnostic data: crash / error events, device and OS type, performance traces. Personal-data scrubbing is enabled; no plaintext financial data is sent.

United States

RevenueCat, Inc.

Subscription status management

An app-specific user identifier and your subscription / purchase status

United States

Apple, Inc.

iOS app distribution + in-app subscription payment processing

Subject to Apple's privacy policy. We receive your subscription status but never your card or payment-card details.

Global

If we add or change processors in a way that affects what data leaves our systems, we will update this policy and the "last updated" date above.

Security

  • Data in transit is protected with TLS 1.2+ (HTTPS) on all connections between the app and our backend.
  • Passwords are hashed with Argon2id; the original password is never stored or logged.
  • Authentication tokens on your device are stored in iOS Secure Enclave (expo-secure-store), not in AsyncStorage or local files.
  • Data at rest in our managed Postgres database is encrypted by the underlying storage layer (AES-256).
  • We follow least-privilege access for operational credentials.

No system is perfectly secure. If you become aware of a vulnerability, please email support@nomadbudget.io so we can address it.

How long we keep your data

  • While your account is active: we retain your data so you can use the app.
  • When you delete your account: every record we hold for you is removed from the live database immediately. A confirmation email is sent to the address on file.
  • Backups: our hosting provider retains nightly database snapshots for a short rolling window (currently 7 days). Deleted-account data still present in a backup is overwritten as those backups age out.
  • Operational logs: standard HTTP logs are retained on our hosting provider for up to 30 days for debugging and abuse protection.

Your rights

You have the following rights regardless of where you live; users in the EU/UK and California have these enshrined in law (GDPR, UK GDPR, CCPA).

  • Access: request a copy of the data we hold about you.
  • Correction: most fields are editable directly in the app. For anything else, contact us.
  • Deletion: delete your account in-app at any time via Profile → Security & Privacy → Delete Account. We do not require a reason.
  • Portability: request an export of your data in a machine-readable format.
  • Objection / restriction: contact us if you object to specific processing.

To exercise any right, email support@nomadbudget.io with the email address you signed up with. We aim to respond within 30 days.

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data-protection authority.

Children

Nomad Budget is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child has signed up, please contact us so we can remove the account.

International transfers

If you access the app from outside the United States, your data is transferred to and processed in the United States by our hosting, email, and other service providers listed above. We rely on these providers' standard contractual safeguards for international transfers.

Changes to this policy

If we change this policy in a material way, we will update the Last updated date above and notify you by email or in-app the next time you sign in. Continued use of the app after the effective date means you accept the updated policy.

Contact

Privacy Policy - Nomad Budget