CalmCents is a household budgeting application built by Anchored Development Co., a company based in Bedford, Nova Scotia, Canada. We created CalmCents to help families and couples understand and manage their finances with calm confidence.
We built CalmCents with privacy as a first principle. Your financial data is among the most sensitive information you hold, and we designed our architecture so that even we cannot read it. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have over your data.
By using CalmCents, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us to have your account deleted.
Account information (Firebase Authentication)
When you create a CalmCents account, Firebase Authentication (a Google service)
collects your email address and, if you use Google Sign-In, your name and Google
profile picture. We use this information solely to authenticate you and identify
your account within the app.
Budget data (Firebase Firestore)
Income entries, expense categories, transaction amounts, and other budget data
you enter are stored in Google Firebase Firestore. All budget data is encrypted
in your browser before it leaves your device. What is stored in Firestore is
ciphertext — encrypted data that neither we nor Google can read. See the
Zero-Knowledge Encryption section below for details.
Payment information (Freemius)
Subscription payments are processed by Freemius, an independent third-party
payment processor. We do not receive, store, or process your credit card number
or other payment details. Freemius operates under its own Privacy Policy and
PCI-DSS compliance program.
Web server logs (Cloudflare)
CalmCents is hosted on Cloudflare Pages. Cloudflare collects standard web server
log data including IP addresses, browser type, referring URLs, and request
timestamps. This data is used for security, performance, and infrastructure
purposes and is governed by Cloudflare's Privacy Policy.
CalmCents uses AES-256-GCM encryption to protect your budget data. Before any transaction, amount, or category label is transmitted to our servers, it is encrypted in your browser using a cryptographic key derived from your account credentials.
🔒 Your financial data is encrypted before it leaves your device. The data stored in our database is unreadable ciphertext. We — Anchored Development Co. — cannot decrypt or read your budget data, and neither can Google (Firebase).
This architecture is commonly called "zero-knowledge" because the service provider has zero knowledge of your unencrypted data. In practice this means:
The trade-off of this design is that if you lose access to your account credentials and we cannot verify your identity, recovery of encrypted budget data may not be possible. We recommend keeping a secure record of your login information.
We use the information we collect for the following purposes:
We do not sell your personal information. We do not use your data for advertising. We do not build profiles for third-party marketing. Your financial data is yours; CalmCents exists to serve you, not to monetize your information.
We share limited personal information only with the following service providers, and only to the extent necessary to operate CalmCents:
We do not share your data with advertising networks, social media platforms, data brokers, or any other third parties. If we are ever required by law to disclose your information, we will notify you to the extent permitted by law before complying.
We retain your account data for as long as your CalmCents account is active. If you request deletion of your account, we will delete your user record and associated household budget data from Firebase Firestore within 30 days of your request.
Please note that Firebase Authentication and Cloudflare may retain server-level logs for a period consistent with their own data retention policies. Freemius retains billing and subscription records as required for financial compliance.
To request account deletion, email us at [email protected].
Under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the following rights regarding your personal information:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Session cookies (Firebase Authentication)
CalmCents uses session cookies set by Firebase Authentication to keep you signed
in between visits. These are strictly necessary functional cookies. Under PIPEDA,
consent is implied for cookies that are essential to provide a service you have
explicitly requested.
Session analytics (Microsoft Clarity)
We use Microsoft Clarity to collect anonymized session analytics, including
heatmaps and interaction patterns. Clarity data is collected in aggregate and
cannot be used to identify individual users. No personally identifiable
financial data is captured by Clarity.
What we do not use
CalmCents does not use advertising cookies, third-party tracking pixels,
remarketing tags, or any cookies that track your behaviour across other websites.
CalmCents is not directed at or intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete that information from our systems.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by posting a notice within the CalmCents app, by sending an email to your registered address, or both. The "Effective Date" at the top of this page will always reflect the date of the most recent update.
Your continued use of CalmCents after changes take effect constitutes your acceptance of the updated policy. If you do not accept the updated terms, please discontinue use and contact us to delete your account.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:
We take privacy seriously and will respond to all enquiries within 30 days.