Privacy policy

Who we are

PayBreakdown is a UK-focused salary, budgeting, bills, savings, mortgage, and debt planning website. For privacy questions, data requests, or deletion requests, contact support@paybreakdown.co.uk.

At-a-glance data map

The current code separates local planning data from server-side account access. Most planning workspace data is stored in the browser using IndexedDB where available, with browser-side encryption at rest where Web Crypto is available and a browser-storage fallback where it is not. Some tools work entirely in the browser and the salary calculation endpoint processes calculation inputs without saving them.

• Browser workspace by default: salary setup, people, jobs, bills, savings, spending insights, custom budgets, setup profiles, profile selection, cookie preferences, table open/closed state, and bank-import training context
• Server processed but not saved by the calculation endpoint: salary, pension, student-loan, tax-code, region, tax-year, bonus, other income, and savings-goal inputs sent to /api/calculate
• Server saved only if account login is enabled and used: email address, salted password hash, and session record
• Tester gate: access code is checked by hash; the browser receives a signed access cookie rather than storing the raw code
• Google tags: Analytics and AdSense scripts are loaded with Consent Mode defaults and ad privacy controls

Account and login

If account login is enabled and you register or sign in, the API receives your email address and password. Passwords are stored as salted scrypt hashes, not plain text. A server session token is stored in a HttpOnly cookie and matched to a server-side session. Salary, people, jobs, tax settings, recurring bills, savings plans, custom budget amounts, selected budget income IDs, spending insights, and bank-import learning are not sent to the account profile endpoint by the current client.

Salary calculator processing

Salary calculations are performed by the API. The browser sends the calculation fields needed for the estimate, including salary or hourly-derived annual pay, bonus, other income, pension amount or rate, savings goal, tax year, region, tax code, pension method, student loan plan, and postgraduate-loan selection. The calculation endpoint returns the result and does not save those calculation requests in the application database.

Browser-only planning data

Planning data is stored on your device using browser storage, with IndexedDB used for the local workspace where available. IndexedDB workspace records are encrypted at rest where the browser supports the Web Crypto API; older or restricted browsers may use the browser's default storage protection instead. This includes saved bills, savings, spending insights, setup profiles, the advanced salary model, custom budget values, budget income IDs, bill-group display preferences, cookie preferences, and the local bank-import training context. The active setup profile cookie stores a profile ID so the site can reopen the selected profile.

Local storage notice and choices

The site displays a cookie and browser-storage notice that explains the local workspace before or when a choice is needed. The notice and the fixed cookie/settings control identify the IndexedDB workspace, what categories of planning data can be stored there, whether browser-side encryption is available, and how to delete the local workspace from the current browser. Optional analytics, advertising, and partner tracking remain separate from the essential local workspace storage.

Bank file import and monthly spend import

Bank import files are read with browser file APIs. The code accepts CSV, TSV, TXT, and QIF-style text files up to 2 MB, checks for likely binary content, limits rows, columns, and cell length, and sanitises imported text for display. There is no API upload route for the original bank file. The file contents live in browser memory while you review them. Confirmed recurring bills are saved to the Bills area; non-bill rows from the bill import are saved to Spending Insights; and confirmed category choices are saved locally to improve future imports.

Exports and imported workspace files

Setup-profile and local-workspace import/export are handled in the browser. Export creates a readable JSON file from your saved local data so it can be moved between browsers; downloaded export files are not encrypted by PayBreakdown and should be kept somewhere private. PayBreakdown CSV and Excel-style exports are also generated in the browser using downloadable text/blob files. Importing a setup-profile or workspace JSON file reads that file in the browser and saves the imported data into the local browser workspace.

Cookies, storage, analytics, and ads

Essential cookies and storage are used for sessions, tester access, security, active profile selection, saved planning data, and cookie preferences. The main server cookies are paybreakdown_session and paybreakdown_prelaunch_access, both set as HttpOnly cookies by the API. Google Analytics and AdSense scripts are present on the site with Consent Mode defaults that deny ad and analytics storage until consent handling changes that state. AdSense may use cookies, local storage, device identifiers, and ad signals where Google consent and privacy controls allow it. The app does not send salary, bank-import, bills, savings, or spending rows to Google Analytics through custom event code.

Security and service operation

The API applies JSON body limits, rate limits for authentication, write, calculation, and tester-access requests, CORS origin checks, security headers, HttpOnly session cookies, SameSite cookie settings, and Secure cookies in production/HTTPS mode. Technical access logs may still be created by hosting, reverse proxy, database, and infrastructure services so the site can be operated and protected.

Retention, deletion, and local clearing

Account records, where account login is enabled and used, are kept while the account or testing record is active unless deletion is requested or retention is needed for security, legal, or operational reasons. Server sessions default to 7 days and prelaunch access cookies default to 14 days unless the server is configured differently. Local browser workspace data stays on the device until the user clears browser data, uses the local workspace delete control, imports over it, or the browser removes it.

Your rights and contact route

You can ask to access, correct, delete, restrict, object to, or export personal data where those rights apply. You can also complain to the UK Information Commissioner's Office if you are unhappy with how a request is handled.