Privacy policy
Last updated: 2026-04-03
This privacy policy explains how Buget (buget.lt) collects, uses, stores, and protects your personal data. By using our service, you agree to the practices described in this policy.
1. Data we collect
We collect three categories of data to provide the service:
Financial data
- Bank account balances
- Transaction history (amount, date, description, category)
- Metadata for connected accounts (bank name, account identifier)
Personal data
- Email address (at registration)
- Display name (if provided)
Technical data
- IP address
- Browser type and version
- Device type and operating system
- Anonymised page visit statistics
2. How we obtain data
Financial data is obtained through Open Banking API — a regulated, secure interface that allows reading your account information with your explicit consent. We never store your bank login credentials (passwords or PINs).
- You give consent through the Open Banking authorisation flow
- The Open Banking service provider (GoCardless / NUMBER2) transfers data to our platform
- Data is refreshed automatically according to the access you grant
- You can revoke access at any time from your bank settings or through our app
3. How we use your data
- Financial insights: Transaction analysis, spending categories, budget views, and AI-assisted suggestions.
- Product improvement: Understanding how people use features so we can improve the app.
- Technical operations: Error detection, security monitoring, and service stability.
- Email communication: Important account notices, security alerts, and updates you request.
We do not sell your personal data to third parties for advertising purposes.
4. Sharing data with third parties
Your data may be shared only with trusted partners, and only as much as needed to provide the service:
- Open Banking service provider (GoCardless / NUMBER2): To receive account data with your consent. They operate under EU financial regulation (PSD2).
- Analytics tools (e.g. ): Anonymised usage data may be shared with analytics providers for product improvement. This data does not identify you personally.
- Cloud infrastructure: Data is stored on secure cloud servers that meet GDPR requirements.
5. Data storage and security
Retention
- Financial data is kept while your account is active
- Transaction history — for up to 3 months after the last sync
- If you delete your account, all data is removed within 30 days
- Anonymised analytics data may be kept longer
Security measures
- All data is transferred using TLS/HTTPS encryption
- Bank login credentials are never stored on our servers
- Access to data is limited on a least-privilege basis
- Security reviews are performed regularly
6. Your rights (GDPR)
As an EU resident, under the General Data Protection Regulation (GDPR) you have the following rights:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to erasure: You can request deletion of your data (“right to be forgotten”). You can submit a request via account settings or email.
- Right to withdraw consent: You can withdraw consent for Open Banking access or other processing at any time. This does not affect processing that was lawful before withdrawal.
- Right to data portability: You can receive your data in a commonly used, machine-readable format.
- Right to lodge a complaint: You may lodge a complaint with State Data Protection Inspectorate (ada.lt) if you believe your rights have been violated.
These terms are governed by the laws of the Republic of Lithuania. Disputes are resolved in the courts of Lithuania. Questions: hello@buget.lt