PRIVACY POLICY
PiggyPlanr — Budget Planning Tool
Effective Date: 15 March 2026 | Last Updated: 6 July 2026
1. Introduction
This Privacy Policy explains how Omnilya Group Ltd ("we", "us", "our"), operating PiggyPlanr, collects, uses, stores, and protects your personal data when you use our budget planning service at https://piggyplanr.eu.
We are committed to protecting your privacy and complying with both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR — Regulation 2016/679), as well as all other applicable data protection legislation.
2. Data Controller
The data controller responsible for your personal data is:
Omnilya Group Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Company Number: 16796204
Privacy Contact: info@piggyplanr.com
2.1 EU Representative (Article 27 EU GDPR)
As Omnilya Group Ltd is established outside the European Union but offers services to individuals within the EU, we are required to appoint a representative in the EU in accordance with Article 27 of the EU GDPR. Details of our EU representative will be published here once appointed. In the meantime, you may contact us directly at info@piggyplanr.com.
3. What Personal Data We Collect
We collect the following categories of personal data:
| Category | Data Collected | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed) | Account creation, authentication, communication |
| Location Data | Residential address, country | Localisation of features (e.g., meal voucher integration), legal compliance |
| Authentication Data | Third-party authentication tokens (Google, Apple) | Secure sign-in via third-party providers |
| Budgeting Data | Income, expenses, budget categories, savings goals, loan information | Provision of the core budgeting service |
| Payment Data | Subscription status, billing history (processed by our payment provider) | Subscription management and billing. No payment card data is stored by PiggyPlanr. |
| Transaction Images (optional feature) | Images of bank statements or receipts that you upload voluntarily | Automatic reading of transaction details (amount, date, supplier) to prefill your bulk transaction table. Images are processed transiently and are never stored. |
4. Legal Basis for Processing
We process your personal data on the following legal bases under Article 6(1) of the GDPR:
-
Contract performance (Art. 6(1)(b)): Processing necessary to provide the PiggyPlanr service, manage your account, and process your subscription.
-
Legitimate interests (Art. 6(1)(f)): Processing necessary for service improvement, security, and fraud prevention.
-
Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, including tax and accounting obligations.
-
Consent (Art. 6(1)(a)): Where applicable, for any optional features or future services (e.g., bank account integration) that require separate consent. This includes the optional automatic image processing feature described in Section 6, which is disabled by default and only works after you explicitly enable it in your settings. You can withdraw this consent at any time by disabling the feature in your settings.
5. How We Use Your Data
We use your personal data exclusively for the following purposes:
-
Providing and operating the PiggyPlanr budgeting service.
-
Managing your account, subscription, and billing.
-
Sending transactional emails (trial expiration notices, subscription reminders, payment confirmations).
-
Localising features based on your country (e.g., meal voucher terminology).
-
Reading transaction details from images that you upload, if you have enabled the optional automatic image processing feature.
-
Ensuring the security and integrity of the Service.
We do not use your data for marketing purposes. We do not send newsletters or promotional emails. We do not sell, rent, or trade your personal data to third parties.
6. Data Sharing and Third Parties
We share your data only with the following categories of service providers, and only to the extent necessary to provide the Service. On request, we will provide up-to-date details of the specific providers we use (see Section 15 for contact details).
-
Payment service provider: Processes subscription payments. Your payment information is handled directly by this provider, which operates as an independent data controller for payment data. No payment card data ever reaches PiggyPlanr.
-
Database and infrastructure provider: Stores your data on servers located within the European Union (EU) and acts as a data processor on our behalf.
-
Authentication Providers (Google, Apple): If you choose to sign in via Google or Apple, limited authentication data is exchanged with these providers as necessary for the sign-in process.
-
Image processing service: Used for the optional automatic image processing feature. If you enable this feature in your settings and upload images of bank statements or receipts, those images are transmitted to this provider to read the transaction details, together with the names of your budget posts and your own note history, which are needed to propose the right category for each transaction. The images are processed for this purpose only and are never stored. Under the provider's commercial terms, your data is not used to train their models. The provider acts as a data processor on our behalf. This feature is disabled by default and requires your explicit consent.
-
Email delivery service: Sends transactional emails on our behalf (such as verification links and subscription notices) and processes your email address and the message content for that purpose.
-
Error monitoring service: Receives technical crash and error data (such as IP address, browser type, and the error itself) so we can find and fix problems.
-
Hosting and security infrastructure: Serve the application and protect it against abuse. These providers see IP addresses and technical request data in server logs and rate limiting.
-
Future: Open Banking Provider: If and when bank integration is introduced, a licensed third-party open banking provider will be used. You will be asked for explicit consent before any bank data is accessed. Separate terms and privacy information will be provided at that time.
7. International Data Transfers
Your data is primarily stored within the European Union (on the EU servers of our infrastructure provider). However, some data may be transferred outside the EU/EEA in connection with our use of third-party services (e.g., our payment provider, Google, Apple, and our image processing service).
Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:
-
EU Commission adequacy decisions.
-
Standard Contractual Clauses (SCCs) approved by the European Commission.
-
Certification mechanisms such as the EU-U.S. Data Privacy Framework, where applicable.
8. Data Retention
We retain your personal data as follows:
-
Active accounts: Data is retained for as long as your account is active and your subscription is current.
-
Expired subscriptions: Account and data are retained for one (1) year after expiration, then automatically deleted.
-
Account deletion: Upon your request, all data is permanently deleted immediately.
-
Data reset: If you reset your data, all budgeting data is permanently deleted while your account remains active.
-
Legal obligations: Certain data (e.g., billing records) may be retained for longer periods to comply with tax and accounting laws.
9. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:
-
Encryption of data in transit (TLS/SSL) and at rest.
-
Password hashing using industry-standard algorithms.
-
Optional two-factor authentication (2FA) and biometric login.
-
Row-Level Security (RLS) policies on our database to ensure users can only access their own data.
-
Regular security reviews and updates.
10. Your Rights Under the GDPR
Under the EU GDPR and UK GDPR, you have the following rights regarding your personal data:
-
Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you.
-
Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete data.
-
Right to Erasure (Art. 17): You may request deletion of your personal data. You can exercise this right directly through the account deletion feature in your settings.
-
Right to Restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
-
Right to Data Portability (Art. 20): You have the right to receive your data in a structured, commonly used, machine-readable format.
-
Right to Object (Art. 21): You may object to processing based on legitimate interests.
-
Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us at info@piggyplanr.com. We will respond within 30 days of receiving your request.
11. Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:
-
UK: Information Commissioner's Office (ICO) — ico.org.uk
-
EU: The data protection authority in your country of residence. A list of EU data protection authorities is available at edpb.europa.eu.
12. Children's Privacy
PiggyPlanr is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that data promptly.
13. Automated Decision-Making and Profiling
PiggyPlanr does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
The optional automatic image processing feature only suggests values for your review. It never saves anything on its own. You check, adjust, and save every record yourself.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or in-app notification and update the "Last Updated" date. We encourage you to review this policy periodically.
15. Contact Information
For any privacy-related questions or to exercise your data rights, please contact us:
Omnilya Group Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Email: info@piggyplanr.com