Privacy Policy

This Privacy Policy explains how Budgetwise Limited (“we”, “us”, “our”) collects, uses, stores, discloses, and otherwise processes personal data when you use the Isaac application and related services (“the Service”). It is issued in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

Our appointed Data Controller is Budgetwise Limited (company number 15344334), Highview New Road, Broad Oak, Sturminster Newton, England, DT10 2HF. For data protection enquiries please contact our dedicated data protection email at privacy@isaacmoney.com.

1. Data We Collect

1.1 Data You Provide

When you use the Service, you may provide:

• Account registration data: email address, password (stored in hashed form);
• Financial planning data: pension pot values, salary, retirement age, contribution rates, investment assumptions — entered at your discretion;
• Correspondence: messages sent to us via support channels;
• Subscription and billing data: managed by Apple App Store or Google Play — we receive only confirmation of entitlement, not full payment card details.

1.2 Data We Collect Automatically

When you use the Service we may collect:

• Device identifiers and platform information (iOS/Android version);
• Crash reports and diagnostic logs (anonymised where possible);
• Subscription status from RevenueCat (entitlement status only); and
• App usage analytics (where enabled — see Cookie Policy for details).

1.3 Data We Do Not Collect

We do not collect:

• Full payment card or bank account details;
• Government-issued identity documents;
• Sensitive personal data (health, biometric, etc.) — the Service is not designed to process such data.

2. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

Performance of contract (Article 6(1)(b) UK GDPR)

• Creating and managing your account;
• Delivering the Service, including Premium Features for subscribers;
• Processing and verifying subscription entitlements;
• Restoring purchases;
• Responding to support requests.

Legitimate interests (Article 6(1)(f) UK GDPR)

• Improving the Service and fixing bugs (using anonymised diagnostic data);
• Detecting and preventing fraud, abuse, or security threats;
• Defending legal claims;
• Conducting anonymised aggregate analytics.

Compliance with legal obligations (Article 6(1)(c) UK GDPR)

• Retaining transaction records for tax and accounting purposes;
• Responding to requests from regulatory or law enforcement authorities.

Consent (Article 6(1)(a) UK GDPR)

• Sending marketing communications (where you have opted in);
• Setting non-essential cookies or similar technologies (see Cookie Policy).

3. Data Storage

3.1 On-Device Storage

Your financial planning data (scenarios, assumptions, calculations) is stored on your device using local storage (AsyncStorage) for fast, offline access. This local copy:

• enables the app to work without an internet connection;
• is deleted when you uninstall the app or clear app data; and
• may be lost if your device is lost, stolen, or factory reset.

3.2 Server-Side Storage

When you create an account, your financial planning data is also stored on our servers (a PostgreSQL database hosted by our cloud infrastructure provider) to enable:

• syncing your data across multiple devices;
• restoring your data if you reinstall the app or switch devices;
• account-level features such as employer benefits and referral programmes.

Server-stored data is associated with your user account and is protected by the security measures described in Section 8. Your data is never shared with other users or made publicly accessible.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

Service providers (data processors acting on our instructions)

• RevenueCat Inc. — subscription management (entitlement status only), processed on the lawful basis of contract performance (Article 6(1)(b) UK GDPR) as it is necessary to deliver and verify your Premium subscription;
• Apple Inc. / Google LLC — app distribution platforms;
• Crash reporting and analytics providers (anonymised data only);
• Cloud hosting and database providers (for server-side data storage and syncing).

Legal and regulatory disclosure

We may disclose personal data where required by law, court order, or regulatory authority, or to protect our rights, property, or safety.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: retained for as long as your account is active. Upon account deletion, your personal data (email, name, password) is anonymised and your scenarios, preferences, and other user data are permanently deleted from our servers within 30 days;
• Subscription records: retained for up to 7 years after cancellation to comply with tax and accounting obligations;
• Support correspondence: retained for up to 2 years after resolution;
• Anonymised analytics data: may be retained indefinitely as it no longer constitutes personal data.

On-device data (scenarios, assumptions) is retained on your device until you uninstall the app or clear app data. Deleting your account removes server-stored data but does not automatically remove data cached on your device — uninstalling the app will clear all local data.

6. International Data Transfers

Your data may be processed outside the United Kingdom where our service providers operate. Where this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the ICO;
• adequacy decisions by the Secretary of State; or
• other lawful transfer mechanisms recognised under UK GDPR.

For further details on international transfers, please contact us at support@isaacmoney.com.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you;
• Right to rectification: to request correction of inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”): to request deletion of your data, subject to legal obligations;
• Right to restriction of processing: to ask us to pause processing in certain circumstances;
• Right to data portability: to receive your data in a structured, commonly-used format;
• Right to object: to object to processing based on legitimate interests or for direct marketing;
• Rights in relation to automated decision-making: we do not make solely automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, contact us at support@isaacmoney.com. We will respond within one calendar month. We may require proof of identity before fulfilling a request.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) at ico.org.uk or by telephone on 0303 123 1113.

8. How to Delete Your Account

You can delete your account at any time directly from the app:

• Open Isaac and go to the Account tab;
• Scroll to the bottom and tap Delete Account;
• Confirm the deletion when prompted.

When you delete your account:

• Your personal information (email address, name, password) is permanently anonymised on our servers;
• All your scenarios, preferences, and user data are permanently deleted from our servers;
• Your anonymised record is retained for aggregate analytics only and cannot be linked back to you;
• Any active Premium subscription should be cancelled separately through Apple App Store or Google Play to avoid continued billing.

Account deletion is immediate and cannot be reversed. If you need assistance or wish to request deletion by email, contact us at support@isaacmoney.com.

Data stored locally on your device (cached scenarios) is not automatically removed when you delete your account. To remove all local data, uninstall the app from your device.

9. Data Security

We implement appropriate technical and organisational security measures to protect your data, including:

• encryption of data in transit (TLS);
• hashed storage of passwords;
• access controls and least-privilege principles;
• regular security reviews; and
• device-level security for locally-stored data (dependent on your device settings).

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

10. Children’s Privacy

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at support@isaacmoney.com and we will delete it promptly.

11. Marketing Communications

We will only send you marketing communications if you have opted in to receive them. You can withdraw consent at any time by clicking “unsubscribe” in any marketing email or contacting us at support@isaacmoney.com. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notice or email. The “Last updated” date at the top of this policy reflects the most recent revision. Continued use of the Service after a change constitutes acceptance of the updated policy.

13. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (“DPIAs”) where processing is likely to result in a high risk to individuals’ rights and freedoms, as required by Article 35 of the UK GDPR. A DPIA has been conducted for the core processing activities of the Service, including the processing of financial planning data. DPIAs are reviewed and updated periodically or when processing activities change materially.

14. Record of Processing Activities

In accordance with Article 30 of the UK GDPR, Budgetwise Limited maintains a Record of Processing Activities (“ROPA”) documenting all personal data processing carried out in connection with the Service. The ROPA is maintained internally and is available to the Information Commissioner’s Office on request.

15. Contact and Complaints

For any privacy-related questions, requests, or complaints, please contact:

Budgetwise Limited (company number 15344334)
Data Controller
Highview New Road, Broad Oak, Sturminster Newton, England, DT10 2HF
Data protection enquiries: privacy@isaacmoney.com
General enquiries: support@isaacmoney.com
Website: www.isaacmoney.com

You have the right to escalate any unresolved complaint to the ICO (ico.org.uk).