Privacy Policy
Last updated: 2026-07-06
This app helps you convert foreign-currency transactions in your YNAB plan to your plan's currency. This policy explains what data it handles, how that data is stored and secured, and the choices you have. It applies to data obtained through the YNAB API as well as the account you create here.
What we store
- Your account. Your email address and a salted hash of your password (never the password itself).
- Your YNAB connection. The OAuth access and refresh tokens issued to this app when you click “Connect to YNAB”. These let the app read your transactions and write back converted amounts on your behalf.
- Your conversion settings. The YNAB plan and account you chose, the source currency, and the start date — the configuration needed to build a preview.
What we do not store
The app does not keep a copy of your transactions. When you request a preview, it fetches the relevant transactions from YNAB, computes the converted amounts in memory, and shows them to you. Nothing is written to YNAB until you explicitly approve, and the proposed changes are carried through your browser (in the form you submit) rather than saved on the server. Once a request finishes, that transaction data is gone from the app.
Data obtained through the YNAB API
Access to your YNAB data is used solely to display previews and to apply the conversions you approve. It is never sold, shared with third parties, or used for advertising or profiling. Exchange rates are retrieved from the Frankfurter API (European Central Bank data); this request contains only currency codes and dates — none of your YNAB or account data is sent to it.
How it is secured
- All traffic is served over HTTPS.
- Data is held in a private database on the server that runs this app and is not exposed publicly.
- Passwords are stored only as salted hashes.
- Access requires logging in; each user can see only their own account, connection, and conversions.
How long we keep it
Your account, YNAB connection, and conversion settings are kept only for as long as you keep your account. Transaction data is never retained — it lives only in memory for the duration of a single request (see “What we do not store” above). When you disconnect YNAB from the Settings page, the stored access and refresh tokens are deleted immediately. When you ask us to delete your account (see below), your account and all associated data are removed.
Changes to this policy
If we change what YNAB data we access or how we use it, we will update this policy, revise the “Last updated” date above, and ask you to re-authorize before the new access takes effect.
Your choices
- You can disconnect your YNAB account at any time from the Settings page, which removes the stored tokens. You may also revoke this app's access directly in your YNAB account settings.
- To delete your account and associated data, email davidgrant@gmail.com.
Contact
Questions about this policy or your data can be directed to davidgrant@gmail.com.