NeroBudget AI Icon
Sign Up

Privacy Policy – Penningmeester.ai

Last updated: August 2025
Effective date: Effective immediately

  1. Who We Are

We are Penningmeester.ai B.V., a budgeting and financial insights platform. Our goal is to help you understand and manage your finances securely and transparently.

  • Company name: Penningmeester.ai B.V.
  • Chamber of Commerce (CoC): 96218886
  • Address: Professor van der Waalsstraat 32, 2014 EG Haarlem, Netherlands
  • Privacy contact: hallo@nerobudget.ai
  1. What Data We Collect

We collect only the information needed to provide and improve our services:

  • Account information: Email address, username, password.
  • Financial data: Income, expenses, transactions (if you enter them or connect a bank).
  • Optional household data: Family size, birthdays, insurance info, property details (if you provide them).
  • AI-generated insights: Based on financial data and optional inputs, processed by AI providers under strict agreements.
  • Location data: Only if you give permission (for localised advice).
  • Usage & technical data: App usage, crash reports, error logs, device type, browser.
  1. How We Use Your Data
  • Core services: Create budgets, generate financial insights, manage your account.
  • AI-driven insights: Provide recommendations tailored to your situation.
  • Customer support: Respond to questions and help resolve issues.
  • Service improvements: Analyse app usage, detect errors, improve features.
  • Marketing (opt-in): Send updates or newsletters if you consent.
  • Legal obligations: Comply with tax/accounting and regulatory requirements.

We never sell or rent personal data.

  1. Legal Basis for Processing (GDPR)

Under the GDPR, we process personal data only when a valid basis applies:

  • Contract necessity: To create accounts, process financial inputs, and deliver budgeting features.
  • Consent: Required for banking integrations, marketing, location tracking, and AI insights. You may withdraw consent at any time.
  • Legitimate interests: Improving platform reliability and basic communications.
  1. Data Retention
  • Active accounts: Data is retained as long as your account is active.
  • Account deletion: When you delete your account, all personal and financial data is deleted or anonymised.
  • Financial transactions: Retained up to 5 years for legal obligations, unless you request earlier deletion.
  • Backups: Retained briefly for disaster recovery, then deleted.
  1. Sharing Your Data

We share your data only with carefully selected service providers who act as processors on our behalf, or with independent controllers as required to deliver services.

Processors (acting on our behalf)

  • Hosting & Infrastructure: Google Cloud Platform (EU-based).
  • Payments & Billing: Stripe (payment processing), Chargebee (subscriptions), RevenueCat (in-app subscriptions).
  • Email & Notifications: Mailgun, MailKit.
  • Analytics: Google Analytics, Amplitude.
  • AI Insights: OpenAI, Google Gemini (consent-based).
  • Bank Integrations: Yapily (if you choose to connect a bank).
  • Monitoring & Logging: Sentry, Firebase Crashlytics.

Independent Controllers

  • Apple App Store and Google Play Store process payments and subscriptions under their own terms and privacy policies.

All vendors are contractually bound to protect your data in line with GDPR. Data outside the EU is transferred under Standard Contractual Clauses (SCCs) or equivalent safeguards.

  1. Cookies & Tracking
  • Essential cookies: Required for login and functionality.
  • Analytics cookies: Google Analytics and Amplitude (anonymised where possible).
  • Marketing cookies: Only if you opt in (e.g. Meta Pixel).
    You can manage cookies via your browser or our cookie banner.
  1. Security Measures

We take strong security measures to protect your information:

  • Encryption of data at rest and in transit.
  • Role-based access control, MFA for admin accounts.
  • Regular vulnerability scanning and audits.
  • Log reviews and incident response procedures.
  1. Internal Audits of Processing

We conduct annual audits of all personal data processing activities, reviewing:

  • Records of Processing (ROPA).
  • Lawful bases.
  • Retention periods.
  • DPIAs where required.
    Findings are documented and acted upon.
  1. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Fix inaccurate or incomplete data.
  • Deletion: Delete your data (“right to be forgotten”).
  • Restriction: Limit processing in specific cases.
  • Portability: Request data in a machine-readable format.
  • Objection: To processing based on legitimate interest or marketing.
  • Withdraw consent: For bank integrations, AI insights, marketing, or location tracking.

We respond within 7 days (always within GDPR’s one-month limit). Requests can be made in-app or by email to hallo@nerobudget.ai.

  1. International Users
  • Our servers are hosted in the EU.
  • If data is accessed outside the EU (e.g. by subprocessors), we use Standard Contractual Clauses (SCCs).
  • We do not transfer data to the US or other non-EU countries without safeguards.
  1. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children. If discovered, such data is deleted immediately.

  1. Changes to this Policy

We review this policy annually and update it if our practices change. Substantial changes will be communicated (e.g. email or app notice).

  1. Contact

If you have questions or requests regarding this Privacy Policy, contact us:

  • Email: hallo@nerobudget.ai
  • Address: Professor van der Waalsstraat 32, 2014 EG Haarlem, Netherlands

If you are not satisfied, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR).

 

NeroBudget AI Icon
Follow on us
Instagram
© 2025 Penningmeester