Privacy Policy

How EB App LLC collects, uses, and protects your data.

Effective Date: February 1, 2026

By creating an account or using the Service, you agree to this Privacy Policy and our Terms of Service. If you do not agree, do not use the Service.

EB App LLC ("EB.app," "we," "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

At a Glance

  • Age: 18+ only
  • Free tier: Local AI budget creation (Bring Your Own AI); Picks tab visible with optional AI analysis
  • Premium: Bank linking via Plaid; Picks tab hidden by default; Plaid data never used for Picks
  • Data sales: We do not sell or share your personal information under CPRA
  • Marketing: Google Ads conversion tracking (opt out via footer link or Google Ad Settings)
  • Control: Export or delete your data anytime; withdraw consent by deleting your account

1. Definitions

  • "Service" – The EB.app application and related services
  • "Personal Information" – Information identifying an individual (name, email)
  • "Budget Data" – Financial information you enter (income, expenses, categories, AI-derived data)
  • "Picks" – In-app affiliate/partner recommendations in the Picks tab
  • "Authorized Financial Account Holder" – A person legally authorized to grant read-only access to a financial account via Plaid
  • "Community Content" – Data explicitly published to Community features (Themes, Icons, Public Budgets)

Service Tiers

Free Tier

  • AI Budget Creation: Bring Your Own AI (local processing)
  • Bank Linking: Not available
  • Public Budgets: Not available
  • Shared Budgets: Not available
  • Picks Tab: Visible by default
  • Picks AI Analysis: Optional (non-Plaid budgets only)

Premium ($11.99/month)

  • AI Budget Creation: Plaid or file upload via Google AI
  • Bank Linking: Available via Plaid
  • Public Budgets: Shareable via link (read-only, unlimited viewers)
  • Shared Budgets: Invite up to 5 others with permissions
  • Picks Tab: Hidden by default (enable in Settings)
  • Picks AI Analysis: Optional (non-Plaid budgets only)
  • AI theme generation and publishing
  • First-time subscribers receive complimentary icon generation credits

Icon Generation Credits (see Pricing)

  • One-time purchase for AI-generated icons (tiered pricing available)
  • Available to both Free and Premium users

2. Information We Collect

Account Information (via Google Sign-In)

  • Email address, name, and profile picture
  • Timezone (detected from browser for correct date/time display; not used for tracking)

Budget Data

  • Income, expenses, categories, and transaction resolution status you enter
  • AI-derived budget items (Premium: from Plaid or uploaded files)
  • AI processing metadata (job IDs, timestamps) retained up to 30 days, then deleted

Community & Public Content

Information you explicitly choose to publish is visible to other users. This includes:

  • Profiles: Public Username and Avatar. (Note: We do not support user uploads for avatars; they must be generated via AI or selected from defaults)
  • Public Budgets: Budget data you explicitly publish (accessible via link or your profile)
  • Themes & Icons: Names, color palettes (JSON), and vector data (SVG) of assets you publish to the Community. Theme publishing requires Premium. Publishing is permanent.
  • Moderation Data: We process text (names/titles) and images (icons) using Google Cloud AI to detect safety violations. This data is processed ephemerally

Marketing Data

  • Google Ads conversion tracking and UTM parameters (aggregated, not linked to your identity)
  • Email marketing data (if subscribed): email, first name, engagement metrics via MailerLite

What We Do Not Collect

  • Bank account numbers, routing numbers, or login credentials
  • Credit card numbers (payments handled by Paddle)
  • Phone number or government IDs

3. Bank Linking (Premium Feature)

Bank linking via Plaid is optional and available only to premium subscribers. Default configuration is maximum privacy with no bank connections.

How It Works

  • Plaid handles authentication; we never receive your bank credentials
  • We receive only transaction data you authorize
  • Transaction data is sent to Google AI (Gemini API) for budget creation and reconciliation
  • You can disconnect anytime, immediately stopping all data access

Plaid Data Usage

  • AI Budget Creation: Generate budget items from transactions
  • Reconciliation: Match transactions to scheduled budget events
  • Historical Reporting: Balance history and trends

Plaid Data Restrictions

  • We do not sell, rent, or share Plaid data for advertising or profiling
  • Plaid data is never used for Picks or affiliate recommendations
  • Used solely for budgeting functionality

Downgrade Protection

If you cancel premium, budgets containing Plaid data are permanently flagged. These budgets are never eligible for Picks AI Analysis, even as a free-tier user. This protection persists even if you disconnect Plaid or edit items.

You may link only accounts for which you are an Authorized Financial Account Holder. See Terms of Service.

4. How We Use Your Information

Email

  • Account management and security notifications
  • Policy update notifications
  • Service-related updates and important announcements (you may opt out)
  • Feature updates and educational announcements (you may opt out)
  • Marketing emails, including tips, promotions, and special offers (off by default; opt-in required)

Budget Data

  • Display budgets, generate reports and forecasts
  • Enable data export
  • Customer support (only when you request it)
  • Public Budgets: If you choose to publish a budget, we use that data to display it to other users in Community features

Marketing Data

  • Measure advertising campaign effectiveness
  • Optimize marketing strategy
  • Not used to serve you personalized ads within our app

Marketing analytics are enabled by default to help us improve our service. You can disable tracking anytime via 'Your Privacy Choices' in the footer.

What We Never Do

  • Sell or share your personal information (as defined under CPRA)
  • Use Budget Data for third-party advertising
  • Allow staff access to Budget Data except for support, legal compliance, or fraud prevention

5. Picks & Affiliate Program

As an Amazon Associate, we earn from qualifying purchases.

How Picks Work

  • Picks are matched to your Budget Data using in-app analysis
  • Your financial data is not shared with Amazon or any third party
  • No tracking occurs until you click a link and leave our app

Optional AI Analysis

Users may click "Try AI Analysis" to send a budget summary (item names, amounts, categories, balances, not transaction history) to Google AI for personalized recommendations.

  • A confirmation modal explains exactly what data will be sent
  • No data is sent until you explicitly confirm
  • This feature is permanently disabled for any budget containing Plaid data (see Downgrade Protection)

When You Click an Affiliate Link

You leave our app and are directed to Amazon.com. Amazon may collect browser/device information, IP address, cookies, and purchase activity under their Privacy Notice. We do not receive your Amazon browsing or purchase history.

Your Controls

  • You are never required to click affiliate links
  • Premium users can hide the Picks tab in Settings
  • Manage Amazon privacy at amazon.com/privacyprefs

6. Third-Party Services

We use third-party services to operate our application. Each processes data according to their privacy policies under agreements requiring them to protect your data.

Google Cloud & Firebase

Google AI (Gemini API)

  • Purpose: AI Budget Creation (Premium) and Picks AI Analysis (optional)
  • Data: Transaction data (Premium) or budget summary (Picks AI)
  • Your Control: Processing occurs only when you explicitly submit/confirm
  • Retention: We do not retain AI inputs/outputs; only technical metadata (job IDs) for up to 30 days
  • Policy: Per the Gemini API Terms of Service, Google does not sell your data or use it to train AI models

Google Cloud Natural Language API

  • Purpose: Automated text moderation for Public Budgets, Themes, and Icon Sets
  • Data: Text content you explicitly publish to the Community
  • Policy: Google Cloud Privacy Notice

Google Cloud Vision API

  • Purpose: Automated safety checks for generated Icon Sets
  • Data: Image data associated with your Icon Sets
  • Policy: Google Cloud Privacy Notice

Plaid

  • Purpose: Bank account linking (Premium only)
  • Data: Transaction data you authorize
  • Policy: Plaid Privacy Policy

Paddle (Payment Processor)

  • Purpose: Payment processing, invoicing, tax remittance
  • Data: Payment and billing information (we do not receive full card details)
  • Policy: Paddle Privacy Policy

MailerLite (Email Marketing)

  • Purpose: Newsletter and lead magnet delivery
  • Data: Email, first name (if provided), engagement metrics
  • Your Control: Unsubscribe link in every email; request deletion at legal@eb.app
  • Policy: MailerLite Privacy Policy

Amazon Associates

  • Purpose: Affiliate commission attribution
  • Data: Collected by Amazon only after you click an affiliate link
  • Policy: Amazon Privacy Notice

Google Ads

  • Purpose: Conversion tracking and marketing attribution
  • Data: Aggregated, anonymous conversion data
  • Your Control: Use "Your Privacy Choices" in footer or Google Ad Settings
  • Policy: Google Privacy Policy

7. How We Share Information

We do not sell or share your personal information as defined under CPRA. We share data only with service providers listed in Section 6 for the purposes described, and:

  • To comply with legal obligations or court orders
  • To protect our rights, property, and safety
  • In connection with a business transfer (merger, acquisition)

If we ever introduce an optional feature qualifying as a "sale" or "sharing" under CPRA, it will be strictly opt-in with clear disclosures and a "Do Not Sell or Share" control.

8. Data Storage & Security

Storage Location

All data is stored in the United States using Google Cloud infrastructure.

Security Measures

  • SSL/TLS encryption for all data transmission
  • Encryption at rest for all stored data
  • Google Sign-In with OAuth 2.0 (supports 2-Step Verification)
  • No passwords stored by our application

Data Retention

  • Active accounts: Data retained while account is active
  • Inactive accounts: Deleted after 12 months of no login (no active subscription); email reminder sent before deletion
  • Deleted accounts: Personal information and all Budget Data (including Public Budgets) removed within 72 hours; may persist in encrypted backups up to 90 days. Shared budgets with other owners remain accessible to those owners. Active subscriptions are automatically cancelled. Audit logs (e.g., consent records) retained for legal compliance.
  • Published Themes & Icons: Retained indefinitely as public domain content; anonymized (dissociated from your identity) upon account deletion
  • AI metadata: Technical logs (job IDs, timestamps) deleted after 30 days
  • Service discontinuation: All data deleted after 30 days notice to allow export

Breach Notification

In the event of a data breach, we will notify you and applicable authorities in accordance with law, without undue delay and within 72 hours where required.

9. Your Rights & Controls

Access & Export

  • View all your data in the app
  • Export as JSON or CSV anytime

Update & Delete

  • Modify budget data anytime
  • Update email in account settings
  • Delete specific entries or your entire account (Settings or email legal@eb.app)

Communication Preferences

  • Manage email preferences via unsubscribe links in emails
  • Security emails (verification, password reset) cannot be disabled

Marketing Opt-Out

  • Opt out of advertising and analytics tracking using the "Your Privacy Choices" link in the footer
  • Unsubscribe from marketing emails via the link in each email

10. State Privacy Laws

CCPA/CPRA (California)

California residents have the right to:

  • Know what personal information we collect
  • Access and receive a copy of your data
  • Request deletion
  • Non-discrimination for exercising rights
  • Opt-out of data sales (we do not sell; any future opt-in feature will include a "Do Not Sell or Share" control)

We do not engage in cross-context behavioral advertising. Affiliate link clicks transfer you to Amazon where their CPRA obligations apply separately.

Response Time: 45 days (extendable by 45 days with notice). Contact legal@eb.app or use account settings.

Other States (CO, CT, UT, VA)

Residents may access, correct, delete, and obtain copies of personal information, and opt out of certain processing. Appeal denied requests by contacting legal@eb.app.

11. Children's Privacy

Our Service is for individuals 18 years or older. We do not knowingly collect information from anyone under 18. By using the Service, you represent you are 18+. If we learn an account belongs to someone under 18, we will promptly delete it.

Report suspected underage use to legal@eb.app.

12. International Users

Our Service is hosted in the United States and intended for U.S. residents. By accessing the Service from other locations, you consent to data transfer, storage, and processing in the United States.

13. Support Communications

When contacting support (support@eb.app), do not include sensitive information (account numbers, passwords, government IDs, tax documents). We cannot securely receive such data and may delete messages containing it. Support communications are used only to respond to your request.

14. Contact Information

Policy Updates

  • December 31, 2025 – Icon Generation Credits, theme publishing, budget limits
  • January 17, 2026 – Renamed "Offers" to "Picks"
  • January 19, 2026 – Policy refined
  • January 28, 2026 – Icon Generation Credits tiered pricing
  • February 1, 2026 – Email preferences and marketing disclosures clarified

This policy complies with applicable U.S. state and federal privacy regulations. For questions, contact us at legal@eb.app.