Information Origins and Acquisition Methods

Our relationship with your data begins at different moments depending on how you engage with Shelter Onyx. These aren't abstract categories—they represent genuine interaction points where information moves from your sphere into ours.

Registration and Account Creation

When you decide our budget monitoring service fits your needs and establish an account, you provide identifying elements: full name, email address, and phone number. These three pieces anchor your presence on our platform. We ask for them because our service model requires bidirectional communication—you need to receive budget alerts, password resets, and occasional system updates, while we need a reliable way to verify your identity when you contact our support team.

Active Platform Usage

Once you're inside the system, different types of information emerge naturally from your activity. You create budget categories specific to your financial situation—maybe "grocery spending," "transportation costs," or "entertainment budget." You set thresholds that trigger alerts when spending approaches limits. You might add notes explaining why a particular month deviated from your typical pattern.

This operational data represents the heart of our service value. Without it, we're just a login screen. With it, we become a functional tool that adapts to your actual financial behavior. We retain this information for as long as your account remains active because deleting it would render the service meaningless—your budget monitoring history informs future projections and pattern recognition.

Technical Infrastructure Requirements

Behind every interaction with our platform sits a layer of technical necessity. Your device announces certain characteristics automatically: what browser you're using, what operating system, screen resolution, the IP address your internet provider assigned. These aren't details you consciously choose to share—they emerge from the basic mechanics of internet connectivity.

We capture this technical layer for two distinct purposes. First, security monitoring—unusual access patterns might indicate someone attempting unauthorized entry to your account. Second, service optimization—understanding which devices and browsers our users prefer helps us allocate development resources effectively.

Operational Purpose and Data Application

Information without purpose is just digital clutter. Everything we obtain from you serves specific operational functions within our budget monitoring ecosystem.

Service Delivery Mechanics

Your budget thresholds and spending categories directly power the alert system. When you approach a limit you've defined, our infrastructure compares your current input against your stated threshold and generates a notification if the condition triggers. That comparison requires accessing both your historical spending data and your current session information.

Similarly, the monthly summary reports we generate—showing spending patterns across categories, identifying unusual variations, highlighting potential areas for budget adjustment—depend entirely on analyzing the financial information you've entered over time. These aren't generic reports; they're personalized assessments constructed from your specific data.

Communication Necessities

Your email address and phone number enable several critical communication channels. Password reset requests need a destination. Budget alert notifications require delivery coordinates. If we detect suspicious activity on your account—say, login attempts from an unfamiliar location—we need a way to verify whether that access is legitimate.

We also use these contact paths for occasional operational announcements: planned maintenance windows that might temporarily interrupt service, new features we've added that could enhance your budget monitoring, critical security updates requiring your attention. These aren't marketing messages disguised as service communications—they're genuine operational necessities.

Service Enhancement Through Analysis

In aggregate form, user interaction data helps us understand how people actually use our platform versus how we assumed they would. We might discover that 70% of users create budget categories for specific expense types we hadn't anticipated, suggesting we should add preset templates for those categories. Or we notice that users typically abandon the setup process at a particular step, indicating that step contains confusing language or unnecessary complexity.

This analytical work happens on anonymized, aggregated data. We're not scrutinizing individual behavior patterns—we're identifying collective trends that inform product development decisions.

Information Movement Beyond Our Boundaries

Most of your data stays within our operational environment. But certain circumstances require or permit information to move outside our direct control.

Service Infrastructure Dependencies

Our platform operates on cloud infrastructure provided by a hosting service with data centers located in South Africa. That hosting company maintains the servers where your information physically resides, though they're contractually prohibited from accessing or using the data for any purpose beyond providing infrastructure services to us.

We also employ an email delivery service to send notifications and alerts. When you receive a budget warning or monthly summary, that message passes through their systems. They see the destination address and message content but operate under strict agreements limiting their ability to retain or utilize that information.

Legal Compulsion Scenarios

South African law creates circumstances where we lack discretion to withhold information. A court order demanding account details for a specific user requires compliance. Regulatory inquiries from the South African Revenue Service regarding financial monitoring platforms might necessitate providing aggregated usage data. Law enforcement investigations involving suspected criminal activity could compel disclosure of relevant account information.

We don't proactively offer user data to authorities. We respond to lawful demands following proper legal channels. Where legally permissible, we notify affected users before disclosure occurs, though certain court orders prohibit such notification.

Business Continuity Situations

Should Shelter Onyx undergo acquisition by another company, merge with a competitor, or experience significant restructuring, your information would likely transfer as part of that business transition. Budget monitoring services without user accounts and historical data have limited value, so such information typically constitutes a core asset in any business transfer scenario.

In such circumstances, we would require the acquiring entity to honor the commitments made in this policy or provide you clear notice of any changes along with opportunity to close your account before the transfer completes.

Your Control Mechanisms and Available Actions

Your information doesn't become our permanent property once provided. Multiple avenues exist for you to influence what we retain, correct inaccuracies, or terminate the relationship entirely.

Access and Correction Rights

You can view and modify most account information directly through your platform dashboard. Name misspelled during registration? Update it in your profile settings. Email address changed? Swap it out yourself. Budget categories need restructuring? Delete old ones and create new structures that better reflect your current financial organization.

For information you can't directly access through the interface—like technical logs showing your login history or system-level metadata about your account—submit a formal access request to our team. We'll compile the relevant data and provide it in a readable format within thirty days.

Data Limitation and Objection Options

If you find certain data collection aspects problematic, you can limit them within the constraints of service functionality. Don't want monthly summary emails? Disable that notification type in your preferences. Uncomfortable with us retaining detailed interaction logs? Request we purge logs older than the minimum retention period required for security purposes.

However, some data collection is non-negotiable while maintaining an active account. We can't operate your budget monitoring without storing your budget categories and spending inputs. We can't secure your account without logging authentication attempts. These represent service fundamentals rather than optional enhancements.

Account Closure and Data Deletion

You can close your account at any time through the settings panel or by contacting our support team directly. Account closure triggers a systematic removal process, though certain information persists for defined periods based on operational or legal requirements.

Your budget data, spending history, and category structures disappear immediately upon account closure—we have no reason to retain that information once you're no longer a user. Contact details and basic account metadata remain in our systems for twelve months to prevent immediate account recreation (a common fraud pattern) and to maintain financial records required by South African business regulations. After twelve months, even those remnants get purged from our active systems, though backup archives might retain traces for an additional eighteen months before those backups themselves age out of our rotation cycle.

Security Approach and Inherent Limitations

We implement multiple protective layers around your information, though absolute security remains impossible in networked environments. Understanding our approach—and its boundaries—helps you make informed decisions about what information you're comfortable providing.

Technical Safeguards

All data transmission between your device and our servers occurs through encrypted channels using current TLS standards. Someone intercepting network traffic between you and our platform would capture only encrypted gibberish rather than readable information.

Within our database infrastructure, sensitive fields receive additional encryption at rest. Your password never exists in readable form in our systems—we store only cryptographic hashes that allow us to verify password correctness without actually knowing what your password is. Access to our production servers requires multi-factor authentication, and different team members can reach only the specific systems their roles require.

Operational Procedures

We maintain separation between production data and development environments. Software testing and feature development happen against anonymized datasets rather than real user information. Database backups travel to geographically separate facilities to protect against site-level disasters. We conduct regular security assessments examining our infrastructure for vulnerabilities, though we don't publicly disclose assessment timing or specific findings.

Realistic Risk Acknowledgment

Despite these measures, residual risks persist. A determined attacker with sufficient resources might breach our defenses through zero-day exploits we haven't yet patched. A team member with legitimate access could potentially abuse their privileges despite our monitoring. A sophisticated social engineering attack might trick someone into providing access credentials. Natural disasters or infrastructure failures could disrupt service availability even if they don't expose data.

We work continuously to minimize these risks, but we can't eliminate them entirely. That's not legal hedging—it's factual acknowledgment of security realities in connected systems. If you're uncomfortable with this baseline risk level, you shouldn't use our service or any similar platform.