Privacy Policy
Last updated: 2026-05-07
1. About this service
This service ("the Service") is a personal, self-hosted tool operated by Mart Rang (Estonia) for the sole purpose of importing the operator's own bank-account transactions from Enable Banking into the operator's own self-hosted Actual Budget instance.
The Service is not offered to third parties. There are no end-users other than the operator. No accounts can be created. No data belonging to anyone other than the operator is processed, stored or transmitted.
2. Data collected and processed
The Service connects, via the operator's own Enable Banking application credentials and consents, to the operator's own bank accounts and downloads:
- Account metadata (account name, IBAN, currency).
- Transaction records (date, amount, counterparty name, payment reference, transaction status).
- Enable Banking session identifiers and consent expiry timestamps.
This data is downloaded under PSD2 access granted by the operator at their bank, with their explicit consent.
3. Where data is stored
- A local SQLite database on the server hosting the Service. It contains the items listed in section 2 plus internal sync logs.
- The operator's self-hosted Actual Budget instance, where mapped transactions are written via Actual's API.
No data is sent to any third-party analytics service, advertising network, or external backend. The Service has no telemetry. Data leaves the server only to (a) Enable Banking when fetching transactions, and (b) the operator's own Actual Budget instance when importing them.
4. Authentication
Access to the Service's web UI is gated by the operator's Actual Budget server password. The password is validated against the operator's Actual server on each login and is held in process memory only for the duration of the session. It is not written to disk.
5. Retention
Transaction data is retained on the server until the operator deletes the corresponding bank connection in the Service's UI or removes the underlying database file. Sync logs follow the same lifecycle.
6. Sharing
No data is shared with anyone. The Service has no concept of other users. The operator may, at their discretion, disconnect their bank accounts at any time via the bank's online banking portal or this Service's "Delete" action, which also calls Enable Banking to revoke the underlying session.
7. Security
The Service runs on infrastructure controlled by the operator. The operator is solely responsible for the security of that infrastructure (transport security, access controls, backups, etc.). No representations are made about the suitability of the Service's security measures for any other use case.
8. Contact
Operator contact: rang501@gmail.com