Privacy Policy for Streaks (For YNAB)

Last Updated: July 22, 2025

Beta Disclaimer

⚠️ Important Notice: Streaks (For YNAB) is currently in TestFlight Beta. As a beta application, features, functionality, and privacy practices may change between versions. While we strive to keep this privacy policy accurate and up-to-date, some information may be slightly outdated or subject to change as the app evolves.

What this means for you:

• Features described in this policy may be added, removed, or modified
• Privacy practices may be updated as we improve the app
• We will update this policy when significant changes occur
• The core privacy principles (local data processing, no cloud storage, etc.) remain unchanged

Future Considerations:

• Cloud syncing via CloudKit may be added in future versions (especially for Mac compatibility)
• Any cloud features will be opt-in and disabled by default
• Users will always retain the ability to clear their data completely
• Significant privacy changes will be communicated clearly before implementation

Introduction

Streaks (For YNAB) (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS application.

YNAB Affiliation Disclaimer

We are not affiliated, associated, or in any way officially connected with YNAB, or any of its subsidiaries or its affiliates. We are fans of YNAB and wanted to a way track our spending habits.

The official YNAB website can be found at https://www.ynab.com . The names YNAB and You Need A Budget as well as related names, marks, emblems and images are registered trademarks of YNAB.

Information The App Collects

YNAB Account Data

• YNAB Access Tokens: The app securely stores OAuth 2.0 access tokens in your device’s iOS Keychain
• Budget Information: The app accesses your YNAB budgets, categories, and transactions to provide habit tracking functionality
• Transaction Data: The app analyzes your spending transactions to help you build and track spending habits

App Usage Data

• Habit Definitions: Your custom spending habits and goals
• App Settings: Your preferences and configuration choices

Data Processing

Transaction Analysis

The app processes your YNAB transaction data locally on your device to:

• Habit Detection: Analyze spending patterns to identify when you’ve broken or maintained your defined habits
• Streak Calculation: Calculate consecutive days/periods where you’ve maintained your spending goals
• Category Matching: Match transactions to your defined habit categories for tracking purposes
• Trend Analysis: Identify spending patterns over time to help you understand your financial habits

Local Processing Methods

• Real-time Analysis: Transaction data is processed immediately when retrieved from YNAB
• Historical Review: Past transactions are analyzed to establish baseline spending patterns
• Pattern Recognition: Simple algorithms identify when spending exceeds or falls within your defined limits
• No Machine Learning: The app uses basic statistical analysis, not AI or machine learning algorithms

Data Security

Security Measures

• OAuth 2.0: Secure authentication with YNAB
• HTTPS Only: All API communications use TLS 1.2+
• Keychain Storage: Access tokens stored securely in iOS Keychain
• Local Processing: No data transmitted to external servers beyond authorizing with YNAB to retrieve your data
• Read Only Access: Access tokens do not have the ability to create or edit data in your YNAB account

Technical Implementation

• Data Encryption: All sensitive data is encrypted using iOS Keychain encryption
• Network Security: App Transport Security (ATS) enforces HTTPS and TLS 1.2+ requirements
• Input Validation: All API responses and user inputs are validated to prevent security vulnerabilities
• No Client Secrets: OAuth implementation uses Implicit Grant Flow without storing client secrets

Token Management

• Automatic Expiration: Tokens expire after 2 hours (YNAB limitation)
• Secure and Manual Refresh: Automatic token renewal when needed
• No Client Secrets: We use Implicit Grant Flow for enhanced security

Data Sharing

Third-Party Services

• YNAB API: We only share data with YNAB’s official API for the purpose of authentication
• CloudKit (Future): If enabled by the user, data may be synced via Apple’s CloudKit service for cross-device compatibility
• No Analytics: We do not use analytics services or tracking tools
• No Advertising: We do not share data with advertisers

Third-Party Dependencies

The app uses the following third-party components:

• Apple Frameworks: Standard iOS frameworks (SwiftUI, Foundation, Security, etc.)
• SwiftData: Apple’s local database framework for storing app data
• SafariServices: For OAuth authentication flow
• No External Libraries: The app does not include third-party analytics, crash reporting, or tracking libraries

Legal Requirements

If you share information with us via support channels, we may disclose this information if required by law or to protect our rights and safety.

These support channels may include:

• Support communications: Emails, GitHub issues, or other support requests you send to us
• Public feedback: Reviews, comments, or feedback you post publicly about the app
• Bug reports: Technical information you share when reporting issues

Example: If you contact us for support and include your email address or device information, we may be required to disclose that communication if legally compelled to do so. However, we cannot and will not disclose any of your YNAB data, personal habits, or locally stored app information, as we have no access to that data.

Error Handling & Logging

Error Processing

• API Failures: When YNAB API calls fail, the app logs basic error information (error codes, timestamps) for debugging purposes
• Network Issues: Connection problems are logged locally to help diagnose connectivity issues
• Authentication Errors: Token expiration and authentication failures are logged to trigger re-authentication flows

Debug Information

• Debug Builds Only: Detailed logging and error information is only available in Debug builds
• No Personal Data: Error logs do not contain personal information, YNAB data, or habit information
• Local Storage: All error logs are stored locally and not transmitted to external servers
• Automatic Cleanup: Debug logs are automatically cleared when the app is closed

Crash Reporting

• No Third-Party Crash Reporting: The app does not use external crash reporting services
• iOS System Logs: Standard iOS system crash logs may be generated and shared with Apple (controlled by iOS settings)
• No Custom Crash Data: We do not collect or transmit custom crash information

Data Access Limitations

We cannot access any data stored locally on your device. All data processing occurs locally on your device, and we have no ability to remotely access your personal information, habits, or YNAB data. The only data we can access is what you voluntarily share with us through support channels.

Your Rights

Access and Control

• View Your Data: Access your habit data within the app
• Delete Data: Remove habits and clear app data through iOS Settings
• Revoke Access: Disconnect from YNAB through the app’s settings

Data Portability

• Export: Your data remains in your YNAB account
• Backup: Use iOS backup features to preserve your app data

Data Retention

Data Storage

• Current Implementation: All app data is stored locally on your device
• Future Implementation: Cloud syncing via CloudKit may be added as an opt-in feature (disabled by default)
• YNAB Data: Controlled by your YNAB account settings
• Token Expiration: Access tokens automatically expire after 2 hours

Retention Periods

• Habit Data: Retained indefinitely until manually deleted or app is uninstalled
• Transaction Cache: Cached YNAB data is retained for 24 hours to reduce API calls
• App Settings: Retained until app is uninstalled or settings are reset
• Access Tokens: Automatically removed from Keychain after 2-hour expiration
• Debug Information: Only retained in Debug builds and cleared when app is closed

Deletion

• App Uninstall: Removing the app deletes all local data
• YNAB Disconnection: Revoking access removes the app’s ability to access your YNAB data
• Manual Cleanup: Users can clear all app data through the app’s Settings → Data Management → Clear All Data

Children’s Privacy

Our app is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the “Last Updated” date
• Posting the new policy in the app
• Notifying you through the app interface

Contact Information

If you have questions about this Privacy Policy, please contact us: support@streaksforynab.app

Compliance

This Privacy Policy complies with:

• iOS App Store Guidelines
• YNAB API Terms of Service
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)

Additional Information

Network Security

All network communications use HTTPS with TLS 1.2+ encryption to ensure secure connections to YNAB’s API. The app enforces App Transport Security (ATS) requirements that prevent insecure connections.

App Store Analytics

We may receive aggregated, anonymous usage statistics from Apple’s App Store Connect, including:

• Total download counts
• Geographic distribution of users
• Device types and iOS versions
• App crash reports (if enabled)

This information is provided by Apple and does not include any personal or financial data from your YNAB account or app usage.

Communication

We do not send unsolicited emails or notifications to users. Any communication will only occur if:

• You explicitly enable push notifications in the app
• You contact us first through support channels
• We respond to your direct inquiries or support requests

---

This Privacy Policy is effective as of the date listed above and applies to all versions of the Streaks (For YNAB) iOS application up to the version relating to the next policy change.