Skip to content
Legal

Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how Phrygian Labs LLC ("Phrygian Labs," "we," "us," or "our") collects, uses, and discloses information in connection with the Midas Budget application and related services (the "Service").

By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

1. Who We Are

Phrygian Labs LLC is a Florida limited liability company that operates Midas Budget, a personal finance and budgeting tool. We are the controller of the personal information described in this policy.

2. Information We Collect

Information you provide directly:

  • Account information such as your name, email address, and password (stored in hashed form).
  • Financial data you manually enter, including budgets, income, expenses, categories, and notes.
  • Communications you send to us, such as support requests.

Information from linked financial accounts:

If you choose to connect an external financial account, we collect financial information through a third-party data aggregation provider (our "data provider"). This may include account names and types, account and routing numbers, balances, and transaction history (amounts, dates, descriptions, and merchant information).

You enter your financial institution credentials directly with our data provider. We do not receive or store your bank login credentials. The data provider's handling of your information is governed by its own end-user privacy policy, which you should review.

Information collected automatically:

  • Device and usage information such as device type, operating system, app version, IP address, and interaction logs.
  • Cookies and similar technologies on our website, used for essential functionality and, where applicable, analytics. We honor privacy-preserving defaults and applicable opt-out signals.

3. How We Use Information

We use information to:

  1. Provide, operate, and maintain the Service, including displaying your accounts, transactions, and budgets.
  2. Authenticate you and secure your account.
  3. Retrieve and refresh transaction data from linked accounts that you have authorized.
  4. Respond to support requests and communicate with you about the Service.
  5. Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  6. Improve the Service, including through de-identified and aggregated analysis.
  7. Comply with legal obligations.

Your financial data is never sold or used for advertising. We do not sell your financial transaction data, account information, or budget data, and we do not use it for advertising or disclose it to advertisers or marketing partners, under any circumstances.

Advertising and analytics identifiers. We may use cookies, pixels, and similar technologies, and may share limited identifiers such as a hashed email address or device identifier with advertising and analytics providers, to measure and promote the Service (for example, to reach prospective users or understand how people find us). We never receive money in exchange for this, and it never involves your financial data. However, some state privacy laws define "sale" or "sharing" (including sharing for cross-context behavioral advertising) broadly enough to include these advertising and analytics activities. To the extent any such activity qualifies as a "sale" or "sharing" under applicable law, you have the right to opt out. See the California section below, or contact us using the details in Section 11, to exercise that right. We honor recognized browser-based opt-out preference signals (such as Global Privacy Control) where required by law.

4. How We Disclose Information

We disclose information only as follows:

  • Service providers (processors): We use third parties that process data on our behalf under contractual confidentiality and security obligations, including:
    • A financial data aggregation provider — financial account linking and data aggregation.
    • Supabase (cloud database and authentication infrastructure) — hosting and storage of your account and financial data.
    • A payment processor to handle subscription billing. We do not store full payment card numbers; these are handled by the processor.
    • Advertising and analytics providers — to measure usage and promote the Service, as described in Section 3. These parties receive only limited identifiers and usage data, never your financial data.
  • Legal and safety: We may disclose information if required by law, subpoena, or legal process, or to protect the rights, safety, or property of Phrygian Labs, our users, or others.
  • Business transfers: If Phrygian Labs is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.

Except as described in this policy, we do not disclose your personal information to third parties for their own independent purposes, and we never disclose your financial data for advertising.

5. Data Storage and Security

Your account and financial data are stored in a cloud database with row-level security controls that restrict access to your own data. We apply administrative, technical, and physical safeguards designed to protect your information, including encryption in transit, encryption of sensitive tokens at rest, and access controls limiting access to authorized purposes.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect your information and to respond promptly to any incident.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or de-identify your personal information within a reasonable period, except where retention is required for legal, accounting, fraud-prevention, or security purposes.

You can disconnect a linked financial account at any time, which stops future data retrieval. Previously imported transaction data remains until you delete it or close your account.

7. Your Choices and Rights

You can:

  • Access and update your account information within the Service.
  • Disconnect linked financial accounts at any time, which revokes the data provider's access; where the provider offers a self-service portal, you may also revoke access there.
  • Delete your account, which removes your associated data as described in Section 6.

California residents (CCPA/CPRA): If you are a California resident, you have specific rights regarding your personal information.

Categories of personal information we collect: identifiers (name, email, IP address); financial information (account, balance, and transaction data from linked accounts, and budget data you enter); commercial information (subscription and billing records); and internet or device activity (usage and device data). Sensitive personal information includes your account log-in credentials (stored hashed) and financial account information.

Sources: directly from you, automatically from your use of the Service, and from our data aggregation provider in connection with accounts you link.

Purposes: the operational purposes described in Section 3 of this policy.

Your rights: the right to know and access the personal information we hold about you, the right to request correction, the right to request deletion, and the right not to be discriminated against for exercising these rights. Because the only sensitive information we process is used solely to provide the Service you requested, you are not entitled to a separate limitation right beyond what is described here.

Sale and sharing: We do not sell or share your financial data for any purpose. We do not exchange any personal information for money. However, as described in Section 3, certain advertising and analytics activities involving identifiers such as a hashed email address or device identifier may be treated as a "sale" or as "sharing" for cross-context behavioral advertising under California law. To the extent they are, you have the right to opt out, which you may do by contacting us using the details in Section 11 or by using a recognized opt-out preference signal such as Global Privacy Control, which we honor as required by law.

Exercising your rights: Contact us using the details in Section 11. We will verify your identity before responding, typically by confirming control of the account email. You may use an authorized agent, who must provide proof of authorization. We will respond within the timeframes required by law.

Other U.S. state residents: Depending on your state of residence, you may have similar rights to access, correct, delete, or obtain a copy of your personal information. Contact us to exercise any applicable rights.

Users outside the United States: The Service is intended for U.S. users. If you access it from elsewhere, you understand your information will be processed in the United States. We do not target the Service to individuals in the European Economic Area or United Kingdom; if this changes, this policy will be updated to address applicable requirements.

8. Children's Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If we learn we have collected such information, we will delete it.

9. Third-Party Links and Services

The Service relies on and may link to third-party services, including our financial data aggregation provider. This policy does not cover the practices of those third parties. We encourage you to review their privacy policies, including that of our data provider.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, such as by posting the updated policy with a new "Last updated" date or notifying you in the Service. Your continued use after changes take effect constitutes acceptance.

11. Contact

Phrygian Labs LLC Email: privacy@phrygianlabs.ai Mailing address: 3005 W Lake Mary Blvd, Ste 111 #677, Lake Mary, FL 32746