Legal

Privacy Policy

Effective date: April 19, 2026 · The Path Out LLC

TPO Budget is a privacy-first personal finance app. This policy explains what the app does and does not do with your data.

TPO Budget is local-first. Your financial data lives on your device.
We operate no servers that receive, store, or process your financial data.
We do not sell, rent, share, or monetize your data. Ever.
We do not use your data to train machine-learning models.
We have no advertising, no trackers, and no third-party analytics SDKs.

Data we collect

None, by default. The app does not transmit your financial information to us or to any third party.

All transactions, accounts, budgets, categories, merchants, recurring schedules, and assistant history are stored locally on your device in an encrypted SQLite database (SQLCipher, AES-256). The database is unlocked using a device-bound key protected by the iOS Secure Enclave / Android Keystore and your device biometrics or passcode.

Permissions and why we ask

The app only requests permissions it needs for features you use:

Face ID / Touch ID / device biometrics — to unlock the app and decrypt your local database.
Camera — to scan QR codes for Household Sync pairing. No images are uploaded or retained.
Photo Library — to save exported CSV reports you request.
Microphone + Speech Recognition — only if you use voice input. Audio is processed by the platform speech API and is not retained by TPO Budget.
Local Network — only if you opt in to Household Sync, which pairs two devices on the same Wi-Fi using an end-to-end encrypted peer connection. No sync data leaves your local network.
iCloud — only if you opt in to encrypted iCloud backup. Backup blobs are encrypted on your device before upload; Apple receives only ciphertext.

You can revoke any permission at any time in your iOS or Android system settings.

Optional integrations

Some features are opt-in and, if enabled, cause data to leave your device through Apple- or vendor-provided channels. They are off by default.

Apple FinanceKit (iOS 17.4+, when available): read-only access to transactions and balances you explicitly authorize in the Wallet app. Data is delivered by Apple directly to the app on your device and stored locally. TPO Budget does not send this data anywhere else.
Bring-your-own-key AI providers (optional): if you configure an API key for a third-party model to power the in-app assistant, requests you initiate are sent directly from your device to that provider under your account and their privacy policy. TPO Budget does not proxy, log, or store these requests on our side. You can remove the key at any time.
Live investment pricing (optional): if enabled, only ticker symbols are transmitted to pricing providers — no account details, balances, or personal information.

Crash reports and diagnostics

TPO Budget does not ship a third-party analytics or crash-reporting SDK. If Apple TestFlight or the App Store sends anonymized crash diagnostics, those reports are controlled by Apple and your device settings (Settings → Privacy & Security → Analytics & Improvements). They do not contain your financial data.

Children

TPO Budget is not directed to children under 13 and does not knowingly collect information from them.

Waitlist

If you join the waitlist on this website, we store only your email address — solely to send you one notification when TPO Budget launches. When you sign up you will receive a confirmation email containing a one-click unsubscribe link. Clicking it permanently deletes your email address from our system. You may also request removal at any time by emailing privacy@thepathout.com and we will process your request within 30 days.

Your rights and controls

Because your data stays on your device, you control it directly:

Export all data to CSV or an encrypted backup at any time (Settings → Data).
Delete all data by uninstalling the app or tapping "Erase all data" in Settings.
Disconnect optional integrations (FinanceKit, iCloud backup, Household Sync) at any time.

If you have an encrypted iCloud backup and want it removed, delete the app from all your devices and remove its iCloud data in iOS Settings → Apple ID → iCloud → Manage Storage → TPO Budget.

Security

Database encryption: SQLCipher, AES-256-CBC with HMAC-SHA512 page authentication.
Key storage: iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly / Android Keystore, bound to device biometrics.
Transport: Any optional network traffic (BYOK AI providers, iCloud) uses TLS 1.2+.
Household Sync: End-to-end encrypted peer channel over the local network; no relay server.

No system is perfectly secure, but because we store nothing ourselves, there is no server-side breach surface for your financial data.

Changes to this policy

If this policy changes in a way that affects how your data is handled, we will update the effective date above and note the change in the app's release notes. Because we do not collect your contact information, please re-check this page before major app updates.

Contact

Questions or privacy requests: contact@thepathout.com