← Back

Privacy Policy

Last updated: April 2026

1. About this policy

Brian (“we”, “us”, “our”) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what information we collect, how we use it, and your rights in relation to it.

By creating an account and using Brian, you agree to the practices described in this policy.

2. What information we collect

We collect only what is necessary to provide the service:

  • Account information — your email address and password (stored securely via Supabase Auth)
  • Transaction data — CSV files you upload containing your bank transaction history, including dates, amounts, descriptions, and account details
  • Categorisation data — categories, subcategories, and custom rules you create within the app
  • Usage data — basic technical information such as browser type and session activity, collected automatically

We do not collect your bank login credentials, card numbers, or any payment information.

3. How we use your information

Your information is used solely to:

  • Provide, operate, and improve the Brian service
  • Authenticate your account and maintain your session
  • Store and display your transaction history and categorisation rules
  • Send account-related communications (e.g. password reset emails)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. How your data is stored

Brian uses Supabase to store your account and transaction data. Supabase stores data on infrastructure hosted in Australia or the United States depending on the region configuration. All data is encrypted at rest and in transit using industry-standard TLS encryption.

Row-level security is enforced at the database level, meaning your data is only accessible to your authenticated account.

5. Overseas disclosure

Some of our infrastructure providers (including Supabase and Vercel) may store or process data outside Australia, including in the United States. We take reasonable steps to ensure these providers maintain appropriate data protection standards consistent with the APPs.

6. Your rights

Under the Privacy Act 1988 and the APPs, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or out-of-date information
  • Request deletion of your account and associated data
  • Make a complaint about how we handle your personal information

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

7. Data retention

We retain your data for as long as your account is active. If you delete your account, your personal information and transaction data will be permanently deleted from our systems within 30 days.

8. Cookies and tracking

Brian uses session cookies to maintain your authenticated state. We do not use tracking cookies or third-party advertising cookies. We do not use analytics platforms that share your data with third parties.

9. Children

Brian is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page. Continued use of Brian after changes are posted constitutes acceptance of the updated policy.

11. Contact and complaints

For privacy-related enquiries, requests, or complaints, contact us at:

jlglasgow123@gmail.com

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.