Legal

Privacy Policy

Version 0.1 (draft) · Effective 18 July 2026 · Pending legal review before launch

1. Who we are

Lumbung is operated by Banua Coder (Indonesia). For any privacy request, contact contact@banuacoder.com.

2. Data we collect

Account data (email, name), device and usage data, and the financial data you enter yourself — transactions, budgets, receipts you attach, and bank data only via providers you explicitly consent to. We never scrape banks and never ask for your bank password.

3. How we use it — and how we don’t

Your financial data is used solely to provide the product: storing, syncing, and analyzing your own money for you. Marketing and analytics use only privacy-safe derived events — never raw amounts, payees, or balances. We do not sell your data.

4. Sharing

Workspace data is shared only with members you invite, according to their role. Sub-processors (cloud hosting, messaging, analytics) are listed and bound by data-processing agreements. Partner offers, if any, are opt-in.

5. Security

Encryption at rest and in transit, passkey and biometric authentication, and device trust. Your local database is encrypted on-device.

6. Retention & your rights

Data is retained while your account is active. You can access, export (full portability), correct, or delete your data at any time, and withdraw any consent — honored globally. Deleting your account deletes your data after a short recovery window.

7. International transfers & regional law

Indonesia-first: we comply with UU PDP, and honor GDPR and CCPA rights for users in those regions. Transfers outside your region use appropriate safeguards.

8. Children

Lumbung is not directed at children under the minimum age in your jurisdiction; child members of a Family workspace require guardian consent.

9. Changes

We version this policy with an effective date and notify you of material changes; continued use after re-acceptance constitutes agreement.