Privacy Policy
Brim is a budget app that keeps your financial data private. This policy explains what data we collect, why we need it, and how we protect it.
TL;DR: Your financial data stays on your device. We collect minimal analytics to improve the app. You have full control. We don't sell anything.
Data Controller: Lazare Kolebka
Email: hello@getbrim.app
Address: Rue Georges Rency, 28, 1200 Brussels, Belgium
What Data We Collect
Your Account
- Email and name from Apple/Google Sign-In
- User ID to sync your settings across devices
Your Financial Data
Stays on your device. We never see it.
Your transactions, budgets, and spending history are stored only on your iPhone/iPad using SwiftData. If you enable iCloud sync, Apple encrypts this data end-to-end—even Apple can't read it.
Usage Analytics
We collect anonymous data to fix bugs and improve the app:
- Which screens you visit
- Which features you use
- Crash reports
- Device type and iOS version
- Country/city (from IP address, not GPS)
We don't collect:
- Your transaction amounts
- Your budget numbers
- Your spending data
- Anything that identifies you personally
Analytics uses random device IDs that aren't linked to your account. We can see "someone opened the Budget screen" but not who you are or what numbers you're looking at.
Stored in: Frankfurt, Germany (EU only)
Deleted after: 1 year automatically
Subscriptions
- Purchase history and renewal dates
- Transaction IDs from Apple
- Device information
Apple handles all payments. We never see your credit card or payment details.
Why We Collect This Data
| What | Why | Legal Basis (GDPR) |
|---|---|---|
| Account info | Sign you in, sync settings | Contract Performance |
| Financial data | You need it to budget (stays on your device) | Contract Performance |
| Analytics | Fix bugs, improve features | Legitimate Interest |
| Subscriptions | Manage your access to premium features | Contract Performance |
| IP addresses | Prevent fraud, security monitoring | Legitimate Interest |
| Emails (optional) | Send product updates and tips | Consent |
About Analytics and Legitimate Interest
We use analytics to make Brim better—find bugs, see which features work, decide what to build next. Your privacy is protected because:
- No financial data in analytics
- Random IDs that can't identify you
- Stays in EU, deleted after 1 year
- Easy opt-out in Settings
You can object to analytics anytime (see Your Rights below).
Third-Party Services
We use these services to run Brim:
Firebase (Google) - Account authentication
Location: United States
Protection: EU-US Data Privacy Framework and Standard Contractual Clauses
Privacy policy: https://firebase.google.com/support/privacy
PostHog - Usage analytics
Location: Frankfurt, Germany (EU only)
Privacy policy: https://posthog.com/privacy
RevenueCat - Subscription management
Location: United States
Protection: EU-US Data Privacy Framework and Standard Contractual Clauses
Privacy policy: https://www.revenuecat.com/privacy
Apple iCloud - Optional sync (you control this)
Encryption: End-to-end encrypted, only you can access
Privacy policy: https://www.apple.com/legal/privacy/
All these services act as processors under GDPR-compliant agreements.
Your Rights
You can:
See your data - Settings → Data → Export
Fix incorrect data - Edit in-app or email us
Delete your account - Settings → Account → Delete Account
Turn off analytics - Settings → Privacy → Share Analytics
Stop emails - Click unsubscribe or email us
Object to processing - Email hello@getbrim.app
Important: Analytics uses random device IDs not linked to your account, so we can't delete your specific analytics data on request. But it auto-deletes after 1 year, and you can stop future collection anytime.
California and Other US States
If you're in California, Virginia, Colorado, Connecticut, or Utah, you have similar rights under state privacy laws. We don't sell your data.
File a Complaint
If you think we've violated your privacy rights:
Belgium: Commission for the Protection of Privacy
Website: https://www.privacycommission.be
Email: contact@apd-gba.be
UK: Information Commissioner's Office
Website: https://ico.org.uk
US: Your state attorney general
Response time: 30 days (GDPR), 45 days (US state laws)
How Long We Keep Data
| Data | How Long | Why |
|---|---|---|
| Financial data (your device) | Until you delete it | Your budgets |
| Account | Until you delete it | Sign you in |
| Analytics | 1 year | Improve the app |
| Subscriptions | 6 years after it ends | Belgian tax law |
| IP addresses | 30 days | Security |
| Crash logs | 90 days | Fix bugs |
When you delete your account:
- Device and iCloud data: gone immediately
- Account data: gone within 30 days
- Analytics: up to 1 year (can't be traced to you)
- Subscription records: kept 6 years (legal requirement)
Security
We protect your data with:
- Encryption for everything in transit
- End-to-end encryption for iCloud sync
- Secure OAuth authentication (no passwords stored)
- iOS app sandboxing
- Regular security updates
You should:
- Enable Face ID/Touch ID
- Keep iOS updated
- Use two-factor authentication on your Apple ID/Google account
- Don't share your login
If there's a breach: We'll notify you and the Belgian Data Protection Authority within 72 hours if your rights are at risk. Your financial data wouldn't be affected since it never reaches our servers.
Children's Privacy
You must be at least 13 years old to use Brim (or older if your country requires it). We verify age through Apple/Google accounts.
If we discover underage use without parental consent, we'll delete the account immediately.
International Transfers
Some services (Firebase, RevenueCat) are in the United States. Your data is protected by:
- EU-US Data Privacy Framework
- Standard Contractual Clauses
- Industry-standard encryption
PostHog stays in EU—analytics never leave Germany.
Your financial data never leaves your device and personal iCloud.
AI-Powered Insights
Apple Intelligence processes your financial data entirely on your device to provide insights like spending patterns and budget recommendations. Your data never leaves your device for AI processing. Apple cannot access this data, and neither can we.
You can disable AI-powered insights anytime in Settings → Privacy → AI Insights.
We do not use automated decision-making that produces legal or similarly significant effects on you. AI insights are purely informational and you retain full control over all financial decisions.
Changes to This Policy
We'll notify you of changes via:
- Email (30 days advance notice for material changes)
- In-app notification
Material changes include collecting new data types, sharing with new parties, moving data to new countries, or reducing security.
Continuing to use Brim after changes means you accept them. If you disagree, delete your account before the changes take effect.
What We Don't Do
- Sell your data
- Share your financial information
- Use your data for ads
- Track you across other apps
- Link analytics to your identity
- Store financial data on our servers
Contact
Email: hello@getbrim.app
Website: https://getbrim.app
Legal Compliance
This policy complies with GDPR (Regulation EU 2016/679), Belgian Law of 30 July 2018, ePrivacy Directive 2002/58/EC, UK GDPR, CCPA/CPRA, and other US state privacy laws.