Citrafort
Sign in
← Back to Citrafort

Privacy Policy

Last updated: 17 February 2026

Citrafort is an Australian household budgeting app built and operated by Robert Sheahan, an individual developer based in Australia. This Privacy Policy explains what data we collect, why we collect it, and how we keep it safe.

We respect your privacy and are committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What Data We Collect

Account information

When you create an account, we collect:

  • Email address and password (managed securely by Supabase Auth)

Profile information

You may optionally provide:

  • Your name
  • Country
  • Household size

Financial data

When you use the app, you enter financial information including:

  • Income details (salary, tax information, superannuation rates)
  • Expenses, bills, and subscriptions
  • Savings goals
  • Transaction records
  • Budget names and sharing preferences

2. How We Use Your Data

We only use your data to provide and improve the budgeting service. Specifically, we use it to:

  • Authenticate your account and keep it secure
  • Calculate your take-home pay using Australian tax rates
  • Generate budget summaries, spending breakdowns, and savings progress
  • Enable budget sharing between household members
  • Send essential service notifications (such as budget invitations)

We do not sell, rent, or share your data with advertisers or data brokers. We do not use third-party analytics or advertising trackers.

3. How We Store and Protect Your Data

All data is stored in Supabase, which is hosted on Amazon Web Services (AWS) in the Australia (Sydney) region. This means your data stays in Australia.

Security measures include:

  • Encryption in transit (TLS/SSL) and at rest
  • Passwords are hashed and never stored in plain text
  • Row Level Security (RLS) policies on the database, so you can only access your own data and budgets you have been invited to

While no system is 100% secure, we take reasonable steps to protect your information from unauthorised access, loss, or misuse.

4. Third-Party Services

We use one third-party service to run Citrafort:

  • Supabase -- provides authentication and database hosting. Your account information and financial data are stored in Supabase. Supabase's privacy policy is available at supabase.com/privacy.

We do not use any third-party analytics services, advertising networks, or tracking tools.

5. Budget Sharing

When you share a budget with household members, invited users can view and edit the income, expenses, and transactions within that budget. They can also see the names and email addresses of other members. You can remove members from a shared budget at any time. Budget invitations expire after 7 days.

6. Cookies and Local Storage

We use cookies and browser local storage only for essential purposes:

  • Keeping you signed in (authentication session)
  • Remembering your display preferences

We do not use tracking cookies, advertising cookies, or any third-party cookies.

7. Your Rights

You have the right to:

  • Access your data -- request a copy of the personal information we hold about you
  • Correct your data -- update or fix any inaccurate information via your account settings
  • Delete your data -- delete your account and all associated data from within the app. Deletion is permanent and cannot be undone
  • Stop using the service -- you can stop using Citrafort at any time with no obligation

To exercise any of these rights, you can use the settings within the app or contact us at support@citrafort.com.

8. Data Retention

We keep your data for as long as your account is active. When you delete your account:

  • Your personal information and any budgets you own are permanently deleted
  • Shared budgets you were a member of (but did not own) will remain available to their other members

9. Children's Privacy

Citrafort is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Australian Privacy Act Compliance

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). In particular:

  • We only collect personal information that is reasonably necessary to provide the budgeting service
  • We are transparent about how we handle your data (this policy)
  • We store your data in Australia and take reasonable steps to keep it secure
  • You can access, correct, or delete your personal information at any time

If you believe we have breached your privacy, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact: