Craft My Budget ← Back to home

Privacy Policy

Last updated: May 2026

Your data stays on your device and in your own Google Drive — we never see it.

Where Your Data Lives

Your financial data — envelopes, transactions, monthly budgets — lives in your own Google account, not on our servers. Specifically, it's stored in your Google Drive's hidden appDataFolder: a per-app folder that only Craft My Budget can read, invisible to you in the regular Drive UI, and counted against your own 15 GB Drive quota (typical use is < 100 KB). We never see it.

A copy is also kept on this device in your browser's local storage so the app works instantly and offline. The local copy and the Drive copy are kept in sync automatically when you're signed in.

The only data that reaches our servers is anonymous diagnostic events and any feedback you choose to send — both described below, both stored in Cloudflare D1 under our project. All traffic is encrypted in transit (TLS).

Google OAuth Scopes We Request

• openid, profile, email — your basic Google account information (id, name, email, photo) so the app can greet you and authorize Drive reads/writes. Cached on this device only; never sent to our servers except as the account id stamped on diagnostic events or attached to a feedback message you send.
• https://www.googleapis.com/auth/drive.appdata — read/write access to a single hidden folder in your own Google Drive (the appDataFolder). This scope cannot read, modify, or list any of your other Drive files. No other application can see this folder either — it's app-private by design.

What We Collect

• Google account info: your Google account id, email address, name, and profile photo. Used to greet you and to authorise reads/writes against your own Drive folder. Cached on this device only — never sent to our servers except as the account id stamped on diagnostic events or attached to a feedback message you send.
• Usage analytics (page views + web vitals): collected anonymously by Cloudflare Web Analytics. Cookieless. No personal data. No consent banner needed.
• Diagnostic events (opt-out — on by default; Settings → Privacy & Diagnostics turns it off): see "Diagnostics & Error Reports" below.
• Feedback you send: see "Feedback Submissions" below.

What Goes Where

In your own Google Drive (hidden appDataFolder; only Craft My Budget can read it):

• Envelope names, budgets, and tier assignments
• Transaction amounts, descriptions, and merchant names
• Monthly income and currency preference
• Salary date and budget month settings
• Learned categorization patterns

On this device only (your browser's local storage):

• A copy of everything in the Drive folder above (for instant + offline access)
• Theme preference (dark/light), consent choices, and which Settings sections you have open
• An anonymous device id used for diagnostic deduplication (rotated when you opt out of diagnostics)

On our Cloudflare project (the only place we have any of your data):

• Diagnostic events (only when diagnostics is on) — stored in a Cloudflare D1 database
• Feedback messages you choose to send (with the metadata listed below) — same D1 database
• Page views + web vitals — aggregated server-side by Cloudflare Web Analytics, no per-user records

What We Never Store

Craft My Budget never accesses or stores bank credentials, account numbers, UPI IDs, card numbers, or any financial login information. We have no access to your bank accounts.

Data Sharing

We do not sell, share, or transfer your financial data to any third party. Cloudflare Web Analytics collects anonymous page-view metrics — this data contains no personal financial information.

Diagnostics & Error Reports

To find and fix bugs, Craft My Budget sends anonymous diagnostic events to our Cloudflare backend when something goes wrong. You can turn this off any time in Settings → Privacy & Diagnostics.

What we send:

• Error names, codes, a one-way hash of the error message, and a scrubbed stack trace
• Anonymous device id (random uuid stored on this device only — rotated when you opt out)
• Your Google account id, only when signed in and only on diagnostic events
• Bucketed metadata: amount range (e.g. 100-1k), envelope tier (1–3), whether an envelope is custom, app version, online/offline state, viewport size, platform family
• Last 30 in-app actions (button clicks, screen changes) attached only when an error happens — never their content

What we never send:

• Your name, email, profile photo, phone number, or location
• Transaction descriptions, merchant names, or anything you type into the input box
• Envelope names you created, including custom names
• Exact transaction amounts (only buckets like <100, 100-1k)
• Page URLs containing ids — paths are normalised first

• Lawful basis: legitimate interest in keeping the app working correctly.
• Storage: Cloudflare D1 (serverless SQLite). Your financial data is not stored here — it's in your own Drive folder.
• Retention: diagnostic events are kept up to 30 days, then deleted.
• Opt-out: Settings → Privacy & Diagnostics. When you opt out, the pending queue is discarded immediately and your anonymous device id is rotated.

Feedback Submissions

When you send feedback via Settings → Send Feedback, the following is stored in our Cloudflare D1 database so the developer can read and reply:

• Your message (up to 2000 characters) and the type you picked (Bug / Idea / Other)
• Your account email and display name (so we can reply)
• Your Google account id, the page you were on, your browser user-agent, and viewport size (helps reproduce bugs)
• The app build version

• Storage: Cloudflare D1. Visible only to the developer.
• Retention: kept until you delete your account (Settings → Delete My Account also wipes all feedback you've sent), or you ask the developer to delete a specific message.
• Not shared: we never share your feedback or your contact details with anyone else.

Deleting Your Data

Settings → Reset All Data immediately wipes the copy on this device (envelopes, transactions, budgets, settings, learned patterns). If cloud sync is active, it also deletes your backup file on Google Drive so you can start fresh on the same account.

Settings → Delete My Account deletes the budget file from your Drive folder, clears all local copies on this device, revokes Craft My Budget's access to your Google account, and removes any feedback you've sent us. After this you would just need to sign in again and grant access to start fresh. This action cannot be undone.

You can also revoke Craft My Budget's access to your Google account at any time from myaccount.google.com/permissions.

Contact

The easiest way to reach the developer is from inside the app via Settings → Send Feedback. Your message is sent along with your account email and name so the developer can reply.