Trust & security

Your data lives in Frankfurt, Germany. Application servers and database storage both run on a DigitalOcean Droplet (fra1); transactional email goes through Brevo (France). All within the EU/EEA — covered by GDPR by default. DigitalOcean is US-headquartered; for beta this gives us EU data residency at a low operational cost, with the Schrems II / US Cloud Act sovereignty gap accepted on a beta-scale risk basis. Before GA we migrate the application tier to an EU-headquartered provider (OVH or Hetzner candidate set) to close that gap.

Every connection between your browser and BudgetHQ uses TLS 1.3 — automatic via Let's Encrypt managed certificates. The same applies between BudgetHQ services and our database provider. No plaintext traffic on the open internet.

Your rights as a data subject under GDPR are baked into the product:

• →Access — request a copy of everything we store about you.
• →Rectification — fix anything that's wrong.
• →Erasure — delete your account + all associated data on request.
• →Portability — export your data in machine-readable formats (CSV, JSON).

We use a small, focused set of third parties — each chosen for EU compliance posture:

• •Brevo (email delivery) — French company, EU data residency.
• •Better Stack (uptime monitoring) — minimal metadata only (HTTP probe results + alert emails).