Privacy Policy

Last updated: August 29, 2025

1. Introduction

This Privacy Policy explains how Attachments for YNAB (“we”, “our”, or “us”) collects, uses, and protects your personal information when you use our service.

2. Information We Collect

2.1 Account Information

  • Email address (for account creation and communication)
  • Username and password (encrypted and stored securely)
  • Account preferences and settings

2.2 YNAB Integration Data

  • YNAB account connection tokens (encrypted)
  • Transaction IDs, category IDs, payee IDs, and account IDs (for file attachment purposes)
  • We do NOT store your actual YNAB financial data (amounts, descriptions, etc.)

2.3 Cloud Storage Integration Data

  • Cloud storage connection tokens (encrypted) for Dropbox, Google Drive, etc.
  • File metadata references (names, sizes, attachment relationships)
  • We do NOT store your actual files - they remain in your chosen cloud storage

2.4 Usage Analytics

  • Service usage patterns and feature utilization
  • Error logs and performance metrics
  • IP addresses (for security and analytics)

2.5 Cookies and Tracking

  • Functional Cookies: Essential for service operation (authentication, preferences)
  • Analytics Cookies: To understand service usage and improve performance
  • No Marketing Cookies: We do not use cookies for advertising or marketing

3. How We Use Your Information

  • Service Provision: To facilitate file attachment connections between your YNAB data and your cloud storage
  • Security: To authenticate users and prevent unauthorized access
  • Cloud Integration: To connect securely with your chosen cloud storage providers
  • Improvement: To analyze usage patterns and improve the service
  • Communication: To send important service updates and security notifications
  • Support: To respond to your questions and provide customer support

4. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties.

We may share information only in these circumstances:

  • Service Providers: With trusted third-party services that help us operate (cloud storage, analytics)
  • Legal Requirements: When required by law or to protect our rights and users’ safety
  • Business Transfer: In the event of a merger, acquisition, or sale of assets

5. Data Security

  • All data is encrypted in transit (TLS/SSL) and at rest
  • Regular security audits and penetration testing
  • Limited employee access on a need-to-know basis
  • Secure cloud infrastructure with automated backups

6. Data Retention

  • Account data: Retained while your account is active plus 30 days after deletion
  • Cloud storage tokens: Securely deleted immediately upon account deletion
  • File metadata references: Retained while your account is active plus 30 days after deletion
  • Analytics data: Anonymized and retained for up to 2 years for service improvement

Note: Your actual files remain in your cloud storage and are controlled by your cloud provider’s retention policies.

7. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your file metadata and attachment references
  • Withdraw Consent: Revoke permissions for data processing

You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling functional cookies may affect service functionality.

9. Third-Party Services

9.1 YNAB API

We connect to YNAB’s API using your authorized tokens. We follow YNAB’s API terms and security requirements.

9.2 Analytics

We use privacy-focused analytics services that do not track users across websites.

10. International Data Transfers

Your data may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international transfers.

11. Children’s Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

12. Changes to This Policy

We will notify you of significant changes via email or through the service. Continued use after changes indicates acceptance of the updated policy.

13. Contact Us

For privacy-related questions or requests, contact us at:

  • Email: admin@a4y.app
  • Subject: “Privacy Policy Inquiry”

We will respond to privacy requests within 30 days.

This privacy policy was last updated on August 29, 2025.