Privacy Policy
Last Updated: March 2025
At halmistavora, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our budget categorization services. We're committed to transparency and ensuring you understand exactly what happens with your data.
Information We Collect
When you use halmistavora, we collect information that helps us provide and improve our budget categorization services. Here's what we gather and why:
Personal Information
- Your name, email address, and contact details when you create an account
- Payment information for subscription processing (handled securely through third-party processors)
- Communication preferences and support ticket history
- Profile information you choose to add, such as financial goals or household size
Financial Data
To categorize your budget effectively, we collect transaction data you provide. This includes transaction descriptions, amounts, dates, and merchant information. We never store your full banking credentials or account numbers.
- Transaction details you upload or sync from connected accounts
- Category assignments and custom budget rules you create
- Spending patterns and budget alerts you set up
- Notes or tags you add to transactions
Technical Information
Like most online services, we automatically collect certain technical data:
- IP address, browser type, and device information
- Usage patterns, feature interactions, and session duration
- Error logs and performance data to improve our service
- Cookie data for authentication and preferences (see our Cookie Policy)
How We Use Your Information
Your data serves specific purposes that directly benefit your experience with halmistavora. We don't use your information for unrelated purposes without your consent.
| Purpose | Legal Basis |
|---|---|
| Providing budget categorization services | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Sending service updates and support responses | Legitimate interest |
| Improving our algorithms and features | Legitimate interest |
| Detecting fraud and ensuring security | Legal obligation |
| Complying with Australian financial regulations | Legal obligation |
Important: We will never sell your personal or financial data to third parties. Your transaction details remain confidential and are used solely to provide the services you signed up for.
Data Storage and Security
We store your data on secure servers located in Australia, ensuring compliance with Australian Privacy Principles under the Privacy Act 1988.
Security Measures
- 256-bit AES encryption for data at rest
- TLS 1.3 encryption for all data transmission
- Regular security audits and penetration testing
- Multi-factor authentication options for account access
- Automated backup systems with encrypted storage
- Staff access controls with role-based permissions
Data Retention
We keep your data for different periods depending on its type:
- Active account data: Stored while your account remains active
- Transaction history: Retained for 7 years to comply with Australian tax record requirements
- Support communications: Kept for 3 years after resolution
- Marketing preferences: Maintained until you opt out or close your account
- Technical logs: Deleted after 90 days unless needed for security investigations
Sharing and Disclosure
We limit data sharing to essential service providers and legal requirements. Here's who might access your information:
Service Providers
We work with trusted third parties who help us operate halmistavora:
- Cloud hosting providers for secure data storage
- Payment processors for subscription billing (they never see your transaction data)
- Email service providers for account notifications
- Analytics platforms for aggregated usage insights (personal identifiers removed)
All service providers sign strict confidentiality agreements and are prohibited from using your data for their own purposes.
Legal Disclosures
We may disclose your information when legally required to:
- Comply with Australian court orders or subpoenas
- Respond to lawful requests from government authorities
- Protect our legal rights or defend against claims
- Prevent fraud or investigate suspected illegal activity
- Protect the safety of our users or the public
No Data Sales: We will never sell, rent, or trade your personal information to marketers, data brokers, or advertisers. Your financial data is particularly sensitive, and we treat it with the highest level of protection.
Your Rights Under Australian Privacy Law
The Privacy Act 1988 and Australian Privacy Principles give you specific rights regarding your personal information. Here's what you can do:
Access Your Data
You can request a copy of all personal information we hold about you. We'll provide this in a portable format within 30 days. To request access, email us at support@halmistavora.com with "Data Access Request" in the subject line.
Correct Inaccurate Information
If any personal details we store are incorrect or outdated, you can update them directly in your account settings or contact us for assistance. We'll make corrections within 5 business days.
Delete Your Data
You can request deletion of your account and associated data at any time. Some transaction records may be retained for 7 years to comply with Australian tax law, but they'll be isolated from your active profile. To delete your account, go to Settings > Account > Delete Account, or email support@halmistavora.com.
Object to Processing
You can object to how we use your data for purposes beyond providing the core service. For example, you can opt out of analytics tracking or marketing communications while continuing to use halmistavora's budget tools.
Lodge a Complaint
If you believe we've mishandled your personal information, you can lodge a complaint with us first. If you're not satisfied with our response, you have the right to contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
International Data Transfers
Your data is primarily stored on Australian servers. However, some service providers we use have infrastructure in other countries. When data leaves Australia, we ensure adequate protections:
- Transfers only occur to countries with privacy laws comparable to Australia's
- Service providers sign Standard Contractual Clauses approved by Australian authorities
- Data remains encrypted during transfer and storage abroad
- We conduct regular audits of international service providers' security practices
If you have concerns about international transfers, you can request that we restrict your data to Australian servers only by contacting our support team.
Children's Privacy
halmistavora is not intended for use by individuals under 18 years of age. We don't knowingly collect personal information from children. If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@halmistavora.com, and we'll delete it within 48 hours.
Cookies and Tracking
We use cookies and similar technologies to make halmistavora work properly and to understand how you use our service. Here's a breakdown:
Essential Cookies
These are necessary for halmistavora to function. They handle login sessions, security, and basic functionality. You can't opt out of these if you want to use our service.
Analytics Cookies
We use these to understand which features are most useful and where users encounter problems. Data is aggregated and doesn't identify you personally. You can disable these in your account settings under Privacy Preferences.
Preference Cookies
These remember your settings like dark mode, currency display, and notification preferences. Disabling them means you'll need to reset preferences each session.
You can control cookies through your browser settings, but this may limit some functionality. For detailed information, see our separate Cookie Policy.
Changes to This Policy
We update this policy occasionally to reflect new features, legal requirements, or feedback from users. When we make significant changes, we'll notify you via email and display a prominent notice in the app for 30 days.
Minor clarifications or updates that don't affect your rights won't trigger notifications, but we'll always update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically, especially before providing new types of personal information.
Continued use of halmistavora after policy changes means you accept the updated terms. If you disagree with changes, you can close your account before they take effect.
Contact Us About Privacy
If you have questions about this privacy policy, want to exercise your rights, or have concerns about how we handle your data, we're here to help:
Email: support@halmistavora.com (use subject line "Privacy Inquiry")
Phone: +61 3 9344 1100 (Monday to Friday, 9am-5pm AEST)
Mail: Privacy Officer, halmistavora
461 Hunter St
Newcastle NSW 2300
Australia
We aim to respond to all privacy inquiries within 5 business days. For data access or deletion requests, we'll confirm receipt immediately and complete the request within 30 days as required by Australian privacy law.