Privacy Policy

MyWidgets operates as the data controller for the personal data processed through this Service. If you have any questions about how your data is handled, please contact us through the application's support channels.

We collect the following categories of personal data:

We process your personal data on the following legal bases under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)) — processing your account and financial data is necessary to provide the Service you have signed up for.
• Legitimate interests (Art. 6(1)(f)) — to maintain the security and integrity of the Service, and to prevent fraud or abuse.
• Consent (Art. 6(1)(a)) — where you have explicitly consented, such as linking a Google account for sign-in.

• To authenticate you and maintain your account.
• To store and display your financial data within the application.
• To calculate aggregated summaries (net worth, budget progress, goal tracking) shown in your dashboard.
• To provide currency conversion using exchange rate data.
• To ensure the security and proper functioning of the Service.

We do not use your data for advertising, profiling, or sale to third parties.

We do not sell, rent, or trade your personal data. We may share data with:

• Google OAuth — if you choose to sign in with Google, authentication is handled via Google's OAuth 2.0 service. Google's Privacy Policy applies to that interaction.
• Infrastructure providers — hosting and database services required to operate the application, bound by data processing agreements.
• Legal obligations — if required by law, regulation, or court order.

We retain your personal data for as long as your account is active. If you delete your account:

• Your account data and all associated financial data are permanently deleted within 30 days.
• Backups are purged on a rolling basis within the same period.

You may request deletion at any time — see your rights in Section 8 below.

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted data transmission (HTTPS/TLS).
• Passwords stored using industry-standard hashing algorithms.
• Authentication tokens with expiry to limit exposure from stolen tokens.
• Access controls limiting who can access production data.

However, no method of transmission or storage is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by the GDPR.

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

• Right of access (Art. 15) — you can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — you can correct inaccurate or incomplete data directly within the app or by contacting us.
• Right to erasure (Art. 17) — you can request deletion of your personal data. You may delete your account at any time from the account settings.
• Right to restriction of processing (Art. 18) — you can ask us to restrict processing in certain circumstances.
• Right to data portability (Art. 20) — you can export your financial data in JSON or CSV format from the Data Management section in Settings.
• Right to object (Art. 21) — you can object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent (e.g., Google sign-in), you can withdraw consent at any time via Settings.

To exercise any of these rights, contact us through the application. We will respond within 30 days.

You have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights have been violated. A list of EU supervisory authorities is available at edpb.europa.eu.

MyWidgets does not use tracking cookies. We use browser local storage solely to maintain your authentication session (auth token) and persist UI preferences (theme, display currency). No data is shared with advertisers or analytics platforms.

If your data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) as required by Chapter V of the GDPR.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you of material changes by updating the "Last Updated" date. We encourage you to review this policy regularly.

For questions, requests, or concerns about your personal data, please contact us through the in-app support channels or via the account settings page.