Learn

Security & Data Handling

Effective Date: February 15, 2026

This page describes how Big Beautiful Budget protects your data and what steps you can take to use the Service securely. We encourage all users to read this information carefully.

1. Use Nicknames, Not Account Numbers

Big Beautiful Budget is designed around short, user-chosen labels. When you create an account in the app, you should use a recognizable nickname such as “Main Checking,” “Savings,” or “Credit Card.”

  • Do not enter bank account numbers, routing numbers, Social Security numbers, or other sensitive identifiers. The Service does not need this information and is not designed to store it.
  • The dollar amounts and transaction titles you enter are stored without any link to external bank accounts or financial institutions. A numeric value in our system has no external meaning on its own and cannot be used to identify or access any real account.
  • By following this guidance, you significantly reduce the sensitivity of the data stored in your account.

2. Encryption in Transit

All communication between your browser and our servers is encrypted using HTTPS with TLS (Transport Layer Security). This ensures that data you send and receive—including login credentials, account data, and API requests—cannot be read or tampered with during transmission.

3. Authentication and Access Controls

  • Passwords are hashed using industry-standard algorithms and are never stored in plain text.
  • Session tokens are cryptographically signed and validated on every request.
  • Server infrastructure access is restricted to authorized personnel only, protected by key-based authentication and network-level controls.
  • Each user can only access their own data. All API endpoints verify the authenticated user's identity and subscription status before returning any information.

4. Payment Security

Subscription payments are processed entirely by Stripe, Inc. Your credit or debit card number is transmitted directly from your browser to Stripe's servers and is never sent to or stored on our systems. We receive only a payment confirmation, customer identifier, and subscription identifier from Stripe.

5. Data Minimization

We collect and store only the data necessary to provide the Service: your email address, hashed authentication credentials, subscription status, and the budgeting data you voluntarily enter (account nicknames, transaction titles, amounts, dates, and frequencies). We do not collect or store data beyond what is needed to operate your account.

6. Incident Reality and Breach Disclaimer

No system can guarantee absolute security. While we implement industry-standard safeguards including encryption, access controls, and secure authentication, no method of electronic storage or transmission is completely immune to risk. Unauthorized access, data breaches, or other security incidents may occur despite our best efforts.

In the event of a security incident that affects your data, we will notify affected users as required by applicable law and take immediate steps to contain and remediate the issue.

This is one reason we strongly recommend using only nicknames and avoiding sensitive identifiers in the Service. If the data stored in your account consists only of nicknames, dollar amounts, and dates, a breach would expose information that is not meaningful or actionable without additional external context.

7. Your Role in Security

  • Choose a strong, unique password for your account.
  • Do not share your login credentials with others.
  • Use nicknames instead of real account numbers or sensitive identifiers.
  • If you believe your account has been compromised, contact us immediately at [email protected].

8. Contact

If you have questions or concerns about our security practices, please contact us at [email protected].