← Home

Privacy Policy

Effective April 21, 2026

The Better Decision (“we”, “us”) is a personal finance application operated by Flamarion Jorge. We care about your privacy and keep what we collect to the minimum needed to run the service. This policy explains what we collect, why, how long we keep it, and your rights.

1. What we collect

When you create an account and use The Better Decision, we collect:

  • Identity: username, email, first/last name, optional phone and avatar URL.
  • Credentials: a bcrypt hash of your password (we never store the password itself). For Google sign-in, we store the verified email address Google provides. If you enable two-factor authentication, we store an encrypted TOTP secret and hashed recovery codes.
  • Financial data you enter: accounts you create, transactions you record or import, budgets, forecasts, recurring items, and categories. This data stays scoped to your organization and is never shared with other organizations.
  • Operational telemetry: request logs containing IP address, user agent, path, and timestamp for up to 30 days, used for debugging and abuse prevention.
  • Cookies: an HTTP-only refresh-token cookie to keep you logged in, a short-lived oauth_state cookie issued during Google sign-in (deleted within 10 minutes of the sign-in flow completing or being cancelled), a theme preference in local storage, and a bot-management cookie set by Cloudflare. We do not use analytics or advertising cookies.

2. Why we collect it

  • To authenticate you and protect your account.
  • To store and present the financial data you explicitly enter.
  • To send transactional emails: account verification, password reset, MFA codes, and trial/billing notices.
  • To debug errors, prevent abuse, and secure the service.

We do not sell your data. We do not train AI models on your data. We do not use your data for advertising.

3. Third parties we share with

We share data only with service providers strictly necessary to run The Better Decision:

  • DigitalOcean (hosting): stores your data at rest in managed MySQL in the ams3 region (EU).
  • Cloudflare (CDN / edge): handles TLS termination, DDoS protection, and edge routing.
  • Mailgun(EU region): sends transactional emails. We send only what’s needed (your email address, the subject line, and the email body).
  • Google(optional, if you choose “Sign in with Google”): we receive your email, name, and profile picture from Google after you authorize the sign-in.

4. How long we keep your data

  • Account and financial data are kept for the lifetime of your account.
  • If you close your account, we delete your data within 30 days. Backups are rotated within 90 days.
  • Request logs are kept for up to 30 days.
  • Email delivery records at Mailgun follow their retention policy (typically 3 days for logs).

5. Your rights (GDPR)

If you are in the EU/EEA, you have the following rights under the GDPR:

  • Access: request a copy of your data.
  • Rectification: fix anything inaccurate. Most of this is self-serve inside the app.
  • Erasure: delete your account and all data associated with your organization.
  • Portability: export your data in a machine-readable format.
  • Restriction / Objection: ask us to stop or limit specific processing.
  • Complaint: lodge a complaint with your national data-protection authority (in the Netherlands, the Autoriteit Persoonsgegevens).

To exercise any of these rights, email us at privacy@thebetterdecision.com. We respond within 30 days.

6. Security

Passwords are stored as bcrypt hashes. TOTP secrets are encrypted at rest. All traffic is served over HTTPS with HSTS. Session refresh tokens are cookies scoped to the refresh endpoint with the HttpOnly, Secure, and SameSite=Lax flags. We review the application regularly with static analysis and third-party security tools.

No system is perfectly secure. If you discover a vulnerability, please report it to security@thebetterdecision.com.

7. International transfers

Your data is stored in the EU (DigitalOcean ams3 region). Cloudflare may process requests at edge nodes globally as part of delivering the service. Mailgun operates in the EU region.

8. Children

The Better Decision is not intended for children under 16. We do not knowingly collect personal data from children.

9. Changes to this policy

When we make material changes we update the effective date and notify you by email before the changes take effect. The current version is always available at this page.

10. Contact

Privacy questions or requests: privacy@thebetterdecision.com. General contact: hello@thebetterdecision.com.