Legal
Privacy Policy
Version 0.1 (draft) · Effective 18 July 2026 · Pending legal review before launch
1. Who we are
Lumbung is operated by Banua Coder (Indonesia). For any privacy request, contact contact@banuacoder.com.
2. Data we collect
Account data (email, name), device and usage data, and the financial data you enter yourself — transactions, budgets, receipts you attach, and bank data only via providers you explicitly consent to. We never scrape banks and never ask for your bank password.
3. How we use it — and how we don’t
Your financial data is used solely to provide the product: storing, syncing, and analyzing your own money for you. Marketing and analytics use only privacy-safe derived events — never raw amounts, payees, or balances. We do not sell your data.
4. Sharing
Workspace data is shared only with members you invite, according to their role. Sub-processors (cloud hosting, messaging, analytics) are listed and bound by data-processing agreements. Partner offers, if any, are opt-in.
5. Security
Encryption at rest and in transit, passkey and biometric authentication, and device trust. Your local database is encrypted on-device.
6. Retention & your rights
Data is retained while your account is active. You can access, export (full portability), correct, or delete your data at any time, and withdraw any consent — honored globally. Deleting your account deletes your data after a short recovery window.
7. International transfers & regional law
Indonesia-first: we comply with UU PDP, and honor GDPR and CCPA rights for users in those regions. Transfers outside your region use appropriate safeguards.
8. Children
Lumbung is not directed at children under the minimum age in your jurisdiction; child members of a Family workspace require guardian consent.
9. Changes
We version this policy with an effective date and notify you of material changes; continued use after re-acceptance constitutes agreement.