Privacy Policy

Last updated: 16 May 2026

This Privacy Policy explains what data Schmidti Budget collects, why we collect it, who processes it on our behalf, and the rights you have under the EU General Data Protection Regulation (GDPR). It applies to the Schmidti Budget mobile application available on the Apple App Store.

1. Who we are

The controller responsible for processing your personal data is:

Johannes Schmidt
Zeisigweg 16a, 81827 München, Germany
Email: [email protected]

If you have any questions about this policy or your data, you can reach us at the email address above.

2. What we collect and why

Schmidti Budget is a household budgeting app. We only collect what we need to provide the service.

2.1 Account data

• Email address. Required to sign in and to recover your account.
• Display name (username). Optional. If you don't set one, your email is used as a fallback.
• Sign-in provider identifier. If you sign in with Google or Apple, we store the identifier the provider returns so we can recognize you on later sign-ins. We never receive your Google or Apple password.

Purpose: account creation, sign-in, account recovery.
Legal basis (GDPR Art. 6): performance of a contract (Art. 6(1)(b)).

2.2 Budget data you enter

• Buckets (names, emoji, balances, targets).
• Transactions (amounts, categories, dates, notes).
• Recurring transactions (amounts, frequencies).
• Monthly budgets and month-start allocations.

This is the content you actively enter into the app. It is stored in our hosted database so you can access it from your devices and so household members in a shared group can collaborate.

Purpose: providing the core budgeting features.
Legal basis: performance of a contract (Art. 6(1)(b)).

2.3 Group / household data

If you create or join a shared household group, we store:

• The group's name and membership list.
• Pending invitations (the email address of invited members until the invitation is accepted, declined, or revoked).

Purpose: enabling shared budgeting across household members.
Legal basis: performance of a contract (Art. 6(1)(b)).

2.4 Technical metadata

• Standard server-side request metadata such as timestamps. We do not collect IP addresses, device identifiers, or location data for our own use, and we do not operate any analytics, advertising, or cross-app tracking SDKs.

3. Processors we use

We use the following service providers ("processors" under GDPR Art. 28) to operate Schmidti Budget. Each processor is bound by a data-processing agreement and is committed to GDPR-grade safeguards.

If you sign in via Apple or Google, that provider also processes your authentication request directly under their own privacy policies.

4. Where your data is stored

Your budget data is stored in Cloud Firestore in eur3 (European multi-region: Netherlands and Belgium). Authentication credentials are managed by Firebase Authentication. We do not transfer your data to other third parties beyond the processors listed above.

5. How long we keep your data

We keep your data for as long as you have an account.

When you delete your account from within the app:

• Your personal data (profile, personal buckets, transactions, recurring transactions, monthly budgets, and templates) is deleted immediately.
• Data you contributed to a shared household group is transferred to the remaining group owner so the group can continue to function. If you were the sole member of a group, the group is deleted as well.
• Outstanding invitations you created or received are deleted.
• Routine Firebase backups may briefly retain copies of deleted data before they expire (typically within 30 days).

You can request deletion at any time directly inside the app via Account → Delete Account. You can also request deletion or any other rights below by emailing [email protected].

6. Your rights under the GDPR

You have the right to:

• Access (Art. 15) — request a copy of your personal data.
• Rectification (Art. 16) — ask us to correct inaccurate data.
• Erasure (Art. 17) — delete your data, either via the in-app Delete Account flow or by emailing us.
• Restriction of processing (Art. 18).
• Data portability (Art. 20) — export of your budget data.
• Object to processing (Art. 21).
• Lodge a complaint with a supervisory authority. In Germany, the competent authority is the data protection authority of the federal state in which the controller is based.

To exercise any of these rights, contact us at [email protected]. We respond within one month per Art. 12(3).

7. Encryption and security

Data in transit between your device and our processors is encrypted using HTTPS / TLS. Data at rest in Cloud Firestore is encrypted by Google's infrastructure. Access to the database is restricted by Firebase Security Rules so that you can only read and write data linked to your account or to a group you are a member of.

Schmidti Budget does not currently apply end-to-end encryption to your budget data. An optional client-side encryption feature is planned for a future release.

8. Children

Schmidti Budget is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

9. No tracking, advertising, or analytics

Schmidti Budget contains no advertising, no cross-app tracking, and no third-party analytics. We never sell or share your personal data with advertisers. The App Tracking Transparency prompt does not appear because the app does not track you across apps and websites.

10. Changes to this policy

If we change this Privacy Policy, we will update the "Last updated" date above and, where the changes are material, notify you in the app or by email before the changes take effect.

11. Contact

Questions about this Privacy Policy: [email protected]