← Back to Buzzy
Privacy Policy
Last updated: 24 March 2026
Buzzy is designed with privacy at its core. Your financial data stays on your device by default. We don't sell, share, or monetise your personal information. Ever.
1. What we collect
Local mode (no account):
- We collect nothing. All your financial data is stored on your device only.
- No analytics, no tracking, no telemetry.
- The app works entirely offline.
Account mode (optional):
- Email address — for login and account recovery only.
- Financial data — encrypted with AES-256-GCM before being stored on our servers. We cannot read your data.
- Device info — anonymised device type for sync only.
- Authentication logs — IP address and browser type are logged for security monitoring (e.g. detecting unauthorised access). Logs are retained for 90 days.
Bank connection (optional, coming soon):
- Bank credentials — handled entirely by Basiq. Buzzy never sees your bank password.
- Transactions — fetched via Basiq and stored in your encrypted account.
2. How we use your information
- Email — authentication and password reset only.
- Financial data — syncing between your devices. Stored encrypted.
- Bank connection — fetching transactions automatically.
We never use your data for advertising, selling to third parties, training AI, credit scoring, or any purpose other than providing Buzzy to you.
3. Data storage and security
Local mode:
- Data stored on your device only.
- Auto-backup rotation keeps the last 7 copies.
- Atomic writes prevent corruption.
Cloud mode:
- Data encrypted with AES-256 before leaving your device.
- Stored on Supabase (PostgreSQL) hosted in Sydney, Australia.
- TLS 1.3 for all data in transit.
- We cannot decrypt your financial data.
4. Data retention
- Local mode: Delete the app and the data is gone.
- Cloud mode: Delete your account and all data is permanently removed within 30 days.
- Disconnecting a bank removes the connection. Imported transactions remain in your account.
5. Your rights
- Access — export your data anytime via Settings.
- Delete — reset locally or delete your cloud account.
- Disconnect bank connections at any time.
- Opt out of cloud sync — use local mode only.
- Request a copy of all data — email support@buzzyapp.com.au
Buzzy complies with the Australian Privacy Act 1988 and Australian Privacy Principles. If you believe we have breached your privacy, contact us. If unsatisfied, lodge a complaint with the OAIC at oaic.gov.au.
6. Third-party services and cross-border disclosure
- Supabase — authentication and encrypted database storage. Hosted in Sydney, Australia (AWS ap-southeast-2). Authentication emails may transit through international email infrastructure.
- Basiq — bank connections (AU-regulated, ACCC-accredited CDR participant).
- Apple — app distribution via the App Store.
- Vercel — web hosting. Static files (HTML, CSS, JS) are served from global edge locations. No user data is stored on Vercel.
- Cloudflare / jsDelivr — CDN for open-source libraries (Chart.js). Code only, no user data.
Your encrypted financial data is stored exclusively in Australia (Sydney). Authentication emails may be processed by international email providers. We do not use Google Analytics, Facebook Pixel, or any tracking services.
7. Children
Buzzy is not directed at children under 13. We do not knowingly collect personal information from children.
8. Changes
We may update this policy. Material changes will be communicated via an in-app notification.
9. Privacy complaints
If you believe we have breached your privacy, please contact our Privacy Officer at the details below. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
10. Contact
Entity: Buzzy Pty Ltd
Privacy Officer: support@buzzyapp.com.au
Location: Australia