Privacy Policy

At Moniepot, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance management platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and password when you create an account
• Profile Data: Display name, preferred currency, and other profile preferences
• Financial Data: Budget information, transaction details, category limits, spending patterns, savings goals, and recurring transactions you manually input
• Budget Context: Budget type (Personal, Household, Business, Family, Other) to help organize your finances
• Subscription Data: Trial status, subscription tier, payment history (via Stripe - we never store credit card numbers)
• Group Membership: Email addresses for group subscription invitations (up to 3 additional members)
• Receipt Images: Photos of receipts you upload for OCR scanning (see Receipt Image Processing section below)

Automatically Collected Information

When you access our service, we may automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Basic application usage for security and performance monitoring
• Authentication Data: Firebase authentication tokens stored in browser storage (not HTTP cookies)
• Essential Storage: Minimal cookie for consent preferences only
• Audit Logs: IP addresses and user agents for security monitoring (90-day retention)
• Trial Analytics: Feature usage and engagement scores for service improvement (only during trial period)
• Product Analytics: Feature usage events (e.g. budget created, transaction added) collected via PostHog to understand how users interact with the app and improve the product. No financial data is included in these events.
• Import Sessions: CSV upload metadata (filename, row count, processing status - no file content stored)
• Consent Records: Timestamps and versions of Terms of Service and Privacy Policy you accepted at signup (see Consent Tracking section below)

Google Analytics

We use Google Analytics to understand how visitors use our website and to improve our service:

• Data Collected: Pages visited, session duration, device type, browser type, referral source, and general geographic location (country/city level)
• Purpose: Analyze website traffic patterns, identify popular features, and optimize user experience
• Personally Identifiable Information: Google Analytics does NOT collect personally identifiable information (names, email addresses, or financial data)
• Privacy: Data is anonymized and aggregated - we cannot identify individual users
• Opt-Out: You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on

PostHog Product Analytics

We use PostHog to understand how users interact with the Moniepot application and to improve the product experience:

• Data Collected: Feature usage events (e.g. budget created, transaction added, subscription upgraded), session identifiers, and device/browser type
• Purpose: Understand which features are used, identify friction points, and improve the product
• Personally Identifiable Information: We associate events with your user ID for product improvement purposes. We do NOT include financial data (amounts, transactions, budgets) in PostHog events.
• Data Residency: PostHog data is stored on servers in the United States
• Production Only: PostHog only collects data in the production environment — no data is sent during development or staging

Consent Tracking

When you create an account, we record your consent to our Terms of Service and Privacy Policy to comply with legal requirements under GDPR, PIPEDA, and CCPA:

• Consent Timestamps: The date and time you accepted our Terms of Service and Privacy Policy
• Policy Versions: The specific version of each policy you agreed to (e.g., "2026-03-07")
• Purpose: To demonstrate that you provided informed consent as required by privacy regulations
• Your Rights: You can request your consent history at any time by contacting privacy@moniepot.com
• Deletion: When you delete your account, all consent records are permanently deleted

Receipt Image Processing

When you upload receipt images for OCR (Optical Character Recognition) scanning:

1. Temporary Processing: Images are sent to Google Cloud Vision API for text extraction
2. No Permanent Storage: Receipt images are NOT stored in our database
3. Immediate Deletion: Images are deleted immediately after processing
4. Extracted Data Only: Only text data (amount, date, merchant name) is stored in your account
5. User Control: You can delete extracted transactions at any time

How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: Process transactions, manage budgets, generate financial insights and alerts
• Account Management: Create and maintain your account, authenticate users, and provide customer support
• Improve Our Platform: Analyze usage patterns to enhance features and user experience
• Trial Conversion Optimization: Track engagement scores during trial period to provide personalized conversion reminders and improve onboarding experience
• Communication: Send important updates about your account, budgets, spending alerts, and subscription status
• Security: Monitor for fraudulent activity, prevent abuse, protect user data, and maintain audit logs for security investigations
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

Cookies and Data Storage

What We Use

• Firebase Authentication: Secure tokens stored in browser storage for login sessions
• Essential Cookie: One cookie to remember your cookie consent preferences
• Security Headers: HTTP headers for protection (no data stored on your device)

Moniepot has a minimal data storage footprint and prioritizes your privacy:

What We Don't Use

• Advertising Cookies: No ad networks, retargeting, or marketing cookies
• Social Media Tracking: No social media pixels or sharing buttons that track you
• Third-Party Tracking: No external tracking services or data brokers

Your Privacy Matters: We believe personal finance data should stay private. For detailed information about our minimal cookie usage, see our Cookie Policy.

Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Firebase Authentication: Secure authentication powered by Google Firebase with multi-factor authentication support
• Database Security: PostgreSQL databases with role-based access controls and regular security audits
• Access Controls: Strict internal access policies ensuring only authorized personnel can access user data
• Regular Backups: Automated daily backups to prevent data loss

Note: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

• Service Providers: Third-party vendors (hosting, analytics, OCR processing) who assist in operating our platform, bound by strict confidentiality agreements
• Budget Sharing: When you explicitly choose to share a budget with other users (family members, household partners)
• Legal Requirements: When required by law, court order, or governmental request
• Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)
• Protection of Rights: To protect our rights, property, safety, or that of our users

Third-Party Services

We use the following trusted third-party services to provide our platform. All third-party services are bound by data processing agreements and comply with GDPR, PIPEDA, and CCPA requirements.

Group Subscriptions

Moniepot offers group subscriptions where one owner can provide access to up to 3 additional members:

Data Collection

• Email addresses of invited group members
• Group membership status and roles
• Invitation acceptance/decline status

Data Sharing

• Group members get full app access but maintain separate budgets
• No financial data is shared between group members
• Each member's budgets and transactions remain private
• Owner pays for subscription; members get free access

When Owner Cancels or Deletes Account

• Immediate Access Loss: Group members immediately lose access when the owner cancels their subscription or deletes their account
• Email Notification: All group members are notified via email
• Data Retention: Each member's data remains in our system and can be accessed if they start their own subscription
• No Grace Period: There is currently no grace period for group members after owner cancellation

Privacy Protection

• Group members cannot see each other's financial data
• Only explicitly shared budgets are visible to invited users
• Budget sharing is separate from group subscription membership
• Members can leave the group at any time

Your Rights and Choices

You have the following rights regarding your personal data:

Privacy Compliance

Moniepot complies with the following privacy regulations:

Data Retention

We retain your data according to the following schedule:

Children's Privacy

Moniepot is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using Moniepot, you consent to the transfer of your information to our facilities and service providers globally.

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses approved by relevant authorities.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice within the application

Your continued use of Moniepot after changes become effective constitutes acceptance of the revised Privacy Policy.