How Your Data Stays Yours
The short version
- ✓ Your data is encrypted on your phone with AES-256.
- ✓ Your password is the only key. We never see it.
- ✓ Nothing is sent to a server. There is no Budget Lock backend.
- ✓ Cloud backup is optional and the file is encrypted before it leaves your phone.
- ✓ Forget your password and recovery key → data is gone. We can’t help. By design.
Contents
1. What we protect
Your money data — transactions, budgets, accounts, goals — is encrypted on your phone. If someone takes your phone, opens the file, intercepts a backup, or breaks into your Google Drive, all they get is unreadable ciphertext.
We can’t protect against malware that reads your screen, someone forcing you to unlock the app, or you losing your phone with no backup. Keep your phone clean and take backups.
2. How encryption works
In plain English:
- Your password is stretched 100,000 times before it becomes an encryption key. This makes guessing slow even with stolen devices.
- Your data is encrypted with AES-256. Each save uses a fresh random value so the same data never produces the same encrypted file twice.
- Every saved file carries a tamper signature. If anyone changes a single byte, the app rejects the file before reading it.
- Encryption keys live in your phone’s secure storage (Android Keystore or iOS Keychain). They never leave the device.
For technical details, email support@budgetlock.app.
3. Local-only by design
Budget Lock has no backend server. That means:
- No account to create.
- No login.
- No bank linking.
- No customer database.
If anyone asks for your data, there is nothing on our side to hand over.
4. Cloud backup
Cloud backup is off by default. When you turn it on:
- You sign into your own Google account.
- Budget Lock can only see one private folder on your Drive — not your photos, documents, or anything else.
- Your file is encrypted on your phone before it uploads.
- Up to 30 versions are kept; older ones are pruned automatically.
Google sees an encrypted file. Without your password, it’s unreadable.
You can sign out, delete every backup, or revoke the link any time from Settings → Cloud Backup.
5. Recovery key
When you create a vault, Budget Lock generates a 24-character recovery key. Save it somewhere safe — a password manager, a fireproof box, or written down at home.
Important: If you forget your password and lose your recovery key, your data is permanently unrecoverable. There is no admin override and no reset link. We don’t have one because there’s no server where one could exist.
6. What we don’t do
- No bank linking.
- No SMS reading. The app doesn’t request the permission.
- No location, contacts, or camera-roll access. Camera is asked only when you pick a profile photo. Microphone is asked only when you use voice entry — processed on your device.
- No third-party analytics on your money.
- No background sync of financial data.
Questions or reports
Security questions, vulnerability reports, or export-compliance queries: support@budgetlock.app