Security is a core design principle of OpenBudget. OpenBudget handles sensitive financial information, so the app is designed to minimize unnecessary access, avoid long-lived credentials, and clearly communicate data confidence.
OpenBudget is built around a simple principle: pull data only when needed, store only what is necessary, reconcile periodically, and always show how confident the app is in its answer.
OpenBudget is not designed as a real-time financial aggregator. OpenBudget does not use Plaid, does not store bank login credentials, does not continuously sync your bank accounts, and does not require persistent Gmail access.
OpenBudget uses a pull-based data model. Financial data is refreshed only when you explicitly start a refresh. A typical refresh involves signing into OpenBudget, choosing to refresh financial data, authorizing temporary Gmail access through Google OAuth, allowing OpenBudget to search for finance-related emails or statements, extracting structured financial information, updating your spending insights, and discarding or revoking temporary Gmail access when possible.
This approach reduces the risk of long-lived access to your email or financial data.
OpenBudget separates normal app access from Gmail data import. Normal app access may be handled through your OpenBudget login session. Gmail data refresh requires a separate Google OAuth authorization.
This means your app login lets you view and use OpenBudget, while Gmail OAuth is only used when you explicitly refresh financial data. Gmail access is not intended to run continuously in the background.
OpenBudget is designed so Gmail access tokens are used only during the refresh process, kept server-side, not sent to the frontend, not intentionally logged, not stored as long-lived credentials, and discarded or revoked after the refresh process when possible.
OpenBudget is designed not to store Gmail refresh tokens for ongoing background access.
OpenBudget aims to store extracted financial facts instead of raw sensitive content. For example, OpenBudget may store transaction amount, transaction date, merchant, category, institution, statement period, reconciliation status, and confidence level.
OpenBudget should avoid storing full raw email bodies or raw statement files longer than necessary unless required for a specific feature, user review, debugging, or security investigation.
OpenBudget is not a real-time source of truth. Financial data may be incomplete, delayed, or unreconciled. OpenBudget may show confidence and freshness indicators such as “Reconciled through Apr 30,” “Current month based on email alerts,” “Confidence: Medium,” or “Missing latest statement.”
These indicators are part of the security and trust model. OpenBudget should not pretend incomplete data is complete.
OpenBudget may use modern cloud infrastructure and service providers to operate the app. Security practices may include HTTPS encryption in transit, encryption at rest where appropriate, server-side handling of sensitive tokens, environment-based secret management, restricted access to production systems, logging controls to avoid sensitive data exposure, secure authentication through a trusted provider, monitoring for errors and abuse, and least-privilege access where practical.
OpenBudget may use AI services to help summarize, classify, or explain financial information. AI is used to assist with interpretation, not to replace deterministic financial calculations. OpenBudget should avoid sending unnecessary raw sensitive data to AI providers. OpenBudget does not use your personal financial data to train generalized AI models.
You can help keep your OpenBudget account secure by using a strong authentication method, protecting your email account, reviewing Google OAuth consent screens before authorizing access, revoking access if something looks suspicious, keeping your devices secure, and reporting suspicious activity.
You can revoke OpenBudget’s access to your Google account through your Google Account permissions page. After access is revoked, OpenBudget will not be able to refresh Gmail data unless you authorize it again.
If you believe you found a security vulnerability or your account may have been compromised, contact security@openbudget.fyi. Please include a description of the issue, steps to reproduce if applicable, affected URLs or features, potential impact, and your contact information.
Please do not access, modify, delete, or share data that does not belong to you.
No system is perfectly secure. OpenBudget is designed to reduce unnecessary exposure of sensitive financial and email data, but it cannot guarantee absolute security. If a security incident affects your data, OpenBudget will take appropriate steps to investigate, mitigate, and notify affected users where required.