Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Authentication provider information (Google, GitHub, X)
• Account creation date

1.2 Financial Data

When you use our service, you may provide:

• Account names and balances
• Transaction records (amounts, dates, descriptions)
• Budget configurations
• Wishlist items and savings goals

1.3 Usage Data

We automatically collect certain information about your device and usage of the Service, including IP address, browser type, pages visited, and time spent on the platform. This data helps us improve the Service.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Process and store your financial data
• Generate financial reports and insights
• Improve and personalize user experience
• Communicate with you about service updates
• Prevent fraud and ensure security

3. Data Storage and Security

3.1 Data Storage

Your data is stored securely using Supabase (PostgreSQL), which provides industry-standard encryption at rest and in transit. We implement Row Level Security (RLS) to ensure your data is only accessible by you.

3.2 Security Measures

We employ appropriate technical and organizational measures to protect your data, including encryption, secure authentication, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

4. AI and Data Processing

For Pro users who opt into AI-powered features (such as intelligent bill import), transaction descriptions may be sent to third-party AI services for categorization. We never send complete financial details (amounts, dates, account balances) to AI services. You can choose to use local rule-based categorization instead at any time.

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• Service Providers: We may share data with trusted providers who assist in operating the Service (e.g., Supabase for database hosting, Vercel for hosting).
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.

6. Data Controller Information

Mona Cash is the data controller responsible for processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. If you have questions about how we handle your data, please contact our DPO using the email above.

7. Your Rights (GDPR)

Under GDPR and similar privacy laws, you have the following rights regarding your personal data:

To exercise any of these rights, you can use the self-service options in the app or contact us at support@mona.cash. We will respond to all requests within 30 days.

8. Data Retention

We retain your data only for as long as necessary:

• Active Accounts: Your data is retained while your account is active.
• Deleted Accounts: When you delete your account, all personal data is permanently removed within 30 days. Backups are purged within 90 days.
• Audit Logs: Security and audit logs are retained for 2 years for compliance and security purposes, then automatically deleted.
• Financial Records: If required by applicable tax or financial regulations, anonymized transaction data may be retained for the legally required period.

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and maintain authentication sessions. You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect the functionality of the Service.

10. Third-Party Processors

We use the following third-party service providers to process your data:

All third-party processors are GDPR-compliant and have signed Data Processing Agreements (DPAs) with us. We only share the minimum data necessary for each service to function.

11. Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: