Cumplimiento y Privacidad
Cómo BudgetTracker maneja sus datos financieros y los marcos legales aplicables.
Introducción
BudgetTracker is self-hosted, open-source personal finance software. You install it on your own server and you are in complete control of your data at all times.
The developer of BudgetTracker has no access to your data, receives no telemetry, and operates no central server that could receive, store, or process your financial information. The only server your data ever touches is the one you choose to run.
Prácticas de Datos
Qué no hacemos
- Sin recopilación de datos por el desarrollador — La aplicación se ejecuta completamente en su servidor. No se envían estadísticas de uso, informes de errores ni análisis al desarrollador ni a ningún tercero.
- Sin venta de datos — Sus datos financieros nunca se comparten con, venden a, ni son accesibles por ningún tercero bajo ninguna circunstancia.
- Sin seguimiento de terceros — No hay SDKs publicitarios, píxeles de seguimiento, botones de redes sociales que envíen datos, ni servicios de análisis externos integrados en esta aplicación.
- Sin perfilado automatizado — La aplicación no toma decisiones automatizadas sobre usted ni construye perfiles de comportamiento.
Qué controla usted
- Usted es el responsable del tratamiento — La persona que instala y opera este software es totalmente responsable de los datos almacenados en su servidor. Usted decide quién tiene acceso, dónde está alojado el servidor y cuánto tiempo se retienen los datos.
- Derecho de supresión — Puede eliminar su cuenta y todos los datos financieros asociados en cualquier momento. No se retienen datos tras la eliminación.
- Portabilidad de datos — Sus datos pueden exportarse a Excel o respaldarse como un archivo .btbak cifrado en cualquier momento.
Cifrado
BudgetTracker uses a two-layer encryption system to protect your financial records at rest. Your passphrase never leaves your device, and there is no recovery path if it is lost — which means there is no backdoor.
Cifrado a nivel de campo (en reposo)
Every sensitive field — investment names, amounts, descriptions, and account details — is encrypted individually before being written to the database. The database therefore stores only ciphertext; a database breach alone is not enough to read your financial data.
Derivación de clave
Your encryption key is derived from your passphrase using a slow, memory-hard function. The passphrase itself is never stored — only the derived key is used, and only for the duration of your session.
Ciclo de vida de la clave de sesión
- La clave derivada se almacena solo en su sesión del lado del servidor durante la duración de una sola solicitud.
- Se elimina de la memoria inmediatamente después de que cada solicitud se completa.Se borra de la memoria inmediatamente después de que cada solicitud se completa.
- Nunca se escribe en disco, nunca se registra y nunca se transmite.Nunca se escribe en disco, nunca se registra en logs y nunca se transmite.
🇨🇴 Colombia — Normativa Aplicable
Colombia has one of Latin America's most comprehensive data protection frameworks, established by Ley 1581 de 2012 and its regulatory decrees.
Ley Estatutaria 1581 de 2012 — Protección de Datos Personales
Colombia's primary data protection statute, commonly known as the Habeas Data law. It establishes the rights of data subjects (access, rectification, deletion, objection), the obligations of data controllers (lawful basis, purpose limitation, security measures), and grants oversight authority to the Superintendencia de Industria y Comercio (SIC).
Cómo lo aborda BudgetTracker: Financial data is processed only for the user's own tracking purposes (no third-party processing); encrypted at rest; users can access, export, or delete all their data at any time; no automated profiling or decision-making.
Leer la LeyDecreto 1377 de 2013
The regulatory decree that operationalises Ley 1581. It establishes specific requirements for obtaining consent, drafting privacy notices, and implementing security measures for personal data processing.
Leer el DecretoSuperintendencia de Industria y Comercio (SIC)
The SIC is the Colombian data protection authority responsible for supervising compliance with Ley 1581, receiving complaints, and issuing sanctions. If you believe your data rights have been violated, you may file a complaint with the SIC.
Sitio Web de la SIC🇺🇸 Estados Unidos — Normativa Aplicable
The United States does not have a single federal privacy law, but several sector-specific laws and the California Consumer Privacy Act (CCPA) are relevant to personal financial data.
CCPA — Ley de Privacidad del Consumidor de California (2018)
The CCPA grants California residents the right to know what personal data is collected, to delete it, and to opt out of the sale of their personal information. Although it formally applies only to businesses meeting certain thresholds, it has become the de facto national privacy benchmark in the US.
Cómo lo aborda BudgetTracker: BudgetTracker does not sell personal information — the CCPA's primary concern. Users can access and delete all their data at any time.
Resumen de la CCPAGLBA — Ley Gramm-Leach-Bliley
The GLBA requires financial institutions to explain their information-sharing practices and to safeguard sensitive data. Its Safeguards Rule mandates encryption, access controls, and regular security assessments.
Nota: BudgetTracker is personal software, not a regulated financial institution; GLBA does not directly apply. However, the security practices described in this page — field-level encryption, no third-party data sharing — are consistent with and exceed the GLBA's Safeguards Rule intent.
GLBA — Guía de la FTCLey FTC — Sección 5
Section 5 of the Federal Trade Commission Act prohibits unfair or deceptive practices, including misleading privacy claims. This page exists precisely to ensure transparency about how data is handled.
Ley FTC🇪🇺 Unión Europea — Marco de Referencia
Although BudgetTracker is primarily designed for Colombian and US users, the GDPR is the global benchmark for privacy best practices. The principles applied here align with it.
RGPD — Reglamento General de Protección de Datos (UE) 2016/679
The GDPR establishes seven core principles for personal data processing: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability.
Cómo lo aborda BudgetTracker: Data is processed only for the user's explicit personal finance tracking purpose (purpose limitation); only data the user explicitly enters is stored (data minimisation); field-level encryption addresses integrity and confidentiality (Article 5(1)(f)); users can delete all data at any time (storage limitation).
Texto Completo del RGPDResponsable del Tratamiento
Because BudgetTracker is self-hosted, the data controller is the person or organisation that installed and operates this software — not the developer.
If you have questions about how your data is handled, how to exercise your data rights (access, rectification, deletion, portability), or if you believe your data rights have been violated, contact the administrator of the BudgetTracker installation you are using.
Aviso Legal
Esta página proporciona información factual, no asesoramiento legal.Esta página proporciona información objetiva, no asesoramiento jurídico.
The descriptions of applicable laws are summaries provided for informational purposes only. They do not constitute legal advice and should not be relied upon as such. Laws change over time and their applicability depends on specific facts and circumstances. If you need legal guidance about your data privacy obligations as an operator of this software, consult a qualified attorney in your jurisdiction.