Privacy policy
Last updated: July 3, 2026
Version informative — la version française fait foi.(Informative translation — the French version prevails.)
Sereno is a budgeting app: privacy isn't fine print here, it's the product. This page states exactly what is collected (very little), where it goes, and how to exercise your rights.
Data controller
Raphaël (publisher of Sereno, private individual) —raphael@plumservices.co.
Without an account: nothing leaves your device
In guest mode (the default), all your data — transactions, accounts, budgets, categories, receipts — is storedonly in your browser's local storage (IndexedDB), on your device. It is transmitted to no server. We can't see it, and neither can anyone else.
Clearing the site's data in your browser (or uninstalling the PWA) erases it permanently — export a backup first.
With an account: the minimum, in the European Union
If you create an account (optional and free), the following is processed:
| Data | Purpose | Legal basis |
|---|---|---|
| Email address (and Google identifier if you choose Google sign-in) | Creating and securing your account, signing you back in | Performance of the contract (Terms) |
| Your budgeting data (transactions, accounts, budgets, categories, recurring rules, receipts) | Providing sync across your devices | Performance of the contract (Terms) |
This data is stored with Supabase (processor), in a database located in the European Union (AWS region eu-west-1, Ireland), partitioned per user (row-level security): each account can only read its own rows. Supabase, Inc. is a foreign company; any transfers outside the EU (e.g. for technical support) are governed by standard contractual clauses.
The website and application files are served byCloudflare (CDN), which processes your IP address in its technical logs for security and routing purposes (legitimate interest).
What Sereno does not do
- No bank connection — no banking credentials exist on our side.
- No ads, no selling or commercial sharing of data.
- No tracking cookies; no audience analytics to date. If a respectful tool (anonymized data, EU hosting) is ever added, this policy will be updated before it is switched on.
- No profiling, no automated decision-making.
Technical local storage
The app uses browser local storage (localStorage/IndexedDB) to function: your guest-mode data, your preferences (theme, sorting…), and the session token if you have an account. This strictly necessary storage is exempt from consent requirements; it is not used for any tracking.
Retention
- Guest mode: your data stays with you, for as long as you keep it.
- Account: data is kept while the account exists, then deleted when the account is deleted.
Your rights
Under the GDPR you have the rights of access, rectification, erasure, portability, restriction and objection. To exercise them — includingdeleting your account and all its data — write toraphael@plumservices.co from the email address of the account concerned. Answered within 30 days at most.
Exporting your data is also available directly in the app (Settings → full backup / CSV export), no need to ask anyone.
If you believe your rights are not being respected, you can lodge a complaint with the French supervisory authority, the CNIL (cnil.fr).