Privacy Policy

Last updated: July 17, 2026

Stuffie is a digital cash-envelope budgeting tool built around a simple idea: your financial life is nobody's business but yours. This policy explains what data we collect, what we deliberately don't collect, and what we do with it. We've tried to write it in plain English, because a privacy policy you can't understand isn't much of a policy.

1. What we collect

We collect only what we need to run your account:

  • Your email address, used to sign you in, send account-related messages (like password resets or billing receipts), and nothing else unless you opt in.
  • A hashed version of your password. We store a one-way cryptographic hash, never the password itself. We could not read your password even if we wanted to.
  • The budget data you enter yourself — envelope names, amounts, transactions, and notes. You type it in; we store it so it's there when you come back.

2. What we deliberately don't collect

This is the part we're proudest of. Stuffie never connects to your bank account. We do not ask for, receive, or store bank credentials, account numbers, or transaction feeds from any financial institution. There is no bank-linking integration to breach, because there is no bank-linking integration at all.

We also never see or store your payment card number. Subscription payments are handled entirely by Creem (see Section 5). Card details go directly to them and never touch our servers.

3. How we use your data

We use your data to:

  • Provide the service — storing and syncing your envelopes and transactions.
  • Authenticate you when you sign in.
  • Send transactional emails: password resets, billing notices, and important changes to the service or these policies.
  • Respond when you contact us for support.

We do not sell your data. We do not rent it, trade it, or share it with advertisers. We do not build advertising profiles. Your budget data is used to show you your budget, full stop.

4. Where your data lives

Your data is stored in our database, hosted with reputable cloud infrastructure providers in the United States. Data is encrypted in transit (TLS) and at rest. Access within our team is limited to what is strictly necessary to operate and support the service.

5. Third parties we work with

We keep our list of third parties short:

  • Creem (creem.io) acts as our Merchant of Record and processes all subscription payments. When you subscribe, your payment details are handled by Creem under their own privacy policy. We receive only confirmation of your subscription status — never your card details.
  • Hosting and infrastructure providers that run our servers and database. They process data on our behalf under agreements that restrict how it may be used.

That's the whole list. No analytics brokers, no ad networks, no data resellers.

6. Cookies

We use a single essential cookie to keep you signed in to your account. That's it. No tracking cookies, no third-party cookies, no cross-site anything. Because we only use a strictly necessary session cookie, you won't see a cookie consent banner nagging you on every visit.

7. Export and deletion — your data is yours

At any time, you can export all of your budget data as a CSV file from your account settings. It's your data; you should be able to take it with you.

You can also delete your account at any time, directly from settings, without emailing anyone or talking to a retention specialist. When you delete your account, your data is permanently removed from our systems within 30 days, except where we are legally required to retain limited records (for example, billing records for tax purposes).

8. Your rights (GDPR and CCPA)

If you are in the European Economic Area or the United Kingdom, you have rights under the GDPR, including the right to access, correct, export, and delete your personal data, and the right to object to or restrict certain processing.

If you are a California resident, the CCPA gives you the right to know what personal information we collect, to request its deletion, and to not be discriminated against for exercising those rights. For the record: we do not sell or share personal information as defined by the CCPA, so there is nothing to opt out of.

Most of these rights you can exercise yourself through the export and delete tools in your account. For anything else, email us and we'll help.

9. Data retention

We keep your data for as long as your account is active. If you delete your account, we delete your data as described in Section 7. If your subscription lapses, your data remains stored so you can pick up where you left off — until you tell us to delete it.

10. Children's privacy

Stuffie is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has created an account, please contact us and we will delete it.

11. Changes to this policy

If we make material changes to this policy, we will notify you by email or by a prominent notice in the app before the changes take effect. The "Last updated" date at the top always reflects the current version.

12. Contact us

Questions, concerns, or requests about your privacy? Email us at hello@stuffie.money. A human will read it.