Privacy Policy

BeCleva is the controller for the processing of personal data in connection with the BeCleva service.

For privacy questions or this policy: Email mso@becleva.com. Company: BeCleva.

Identity and account: Email, username, and any name or profile details you provide, plus technical identifiers related to sign-in.

Budget and finances: Budgets, income and expenses you enter; subscriptions you register; receipts and related images or metadata; savings goals.

Payments: Payments are processed by Stripe. We do not store full card numbers on our servers; Stripe processes payment data in accordance with its privacy policy.

Optional bank connection: If you enable a supported bank connection, we may process transaction data, account information and related details needed for that feature.

Technical improvement: With your consent, error and performance data may be sent to Sentry. With consent, web analytics and performance may be collected via Vercel (Analytics and Speed Insights) to improve the service.

We do not make solely automated decisions with legal or similarly significant effects concerning you.

Providing the service and your user account is generally processed as necessary for the performance of our contract with you (Art. 6(1)(b)).

Optional features that require consent (e.g. certain analytics and error tools) are processed on the basis of consent (Art. 6(1)(a)), which you can withdraw via cookie settings.

We may process limited data on the basis of legitimate interests (Art. 6(1)(f)), such as security, operations and abuse prevention, where balanced against your rights.

We use selected providers for hosting and database (Supabase), payments (Stripe), email and authentication, error reporting (Sentry), web analytics (Vercel), and — when you use features that require it — AI processing (OpenAI). We do not sell your personal data.

We enter data processing agreements (DPAs) where required. You can read more about each provider’s processing at: Supabase (https://supabase.com/privacy), Stripe (https://stripe.com/privacy), OpenAI (https://openai.com/policies/privacy-policy), Sentry (https://sentry.io/privacy/), Vercel (https://vercel.com/legal/privacy-policy).

Some providers may process data outside the EU/EEA. Where that occurs, we rely on the EU Commission’s standard contractual clauses or other approved mechanisms under GDPR Chapter V, as described in the providers’ documentation.

We keep your data until you delete your account or request deletion, unless longer retention is required by law (e.g. accounting or tax obligations for us or for the payment provider).

When you use in-app account deletion, your data is removed from our application databases. Temporary retention in backups may occur for a short period thereafter.

Deleting the authentication user record (Supabase Auth) may require a separate technical or manual process. Contact us at mso@becleva.com if, after account deletion, you want confirmation of full deletion of login identifiers.

After account deletion we aim to delete personal data in our active systems within 30 days unless the law requires otherwise.

Under applicable law you have rights including access, rectification, erasure, restriction of processing, data portability, and objection to certain processing. You can download a data export and request account deletion in settings. You may also contact us at mso@becleva.com.

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet, www.datatilsynet.dk) if you consider that processing infringes the rules.

We use appropriate technical and organisational measures, including encryption in transit and access control. Database rows are protected with Row Level Security (RLS) so that, in principle, only you can access your own data through the application. No online service can be guaranteed 100% free of security incidents; we work continuously to reduce risk.

We use local storage and necessary cookies for sign-in and preferences (theme, language, currency, selected budget, cookie consent). These are necessary for the service.

With consent, Sentry (error reporting and performance) may load, and Vercel Analytics / Speed Insights may be used. You can change your choices via cookie settings in the footer.

The service is not directed at children under 16 without parental or guardian consent. Contact us if you believe we have processed a child’s data without a lawful basis.

We may update this privacy policy. Material changes may be communicated by email or in the application. The "Last updated" date changes when the policy is revised.