Privacy Policy

1. Information We Collect

We collect information you provide directly when creating your account: your name, email address, and optional profile picture (via Google OAuth).

We collect financial transaction data that you manually enter into the platform — including amounts, categories, dates, and descriptions.

We automatically collect basic usage data such as login timestamps and feature usage for service improvement.

2. How We Use Your Information

• To provide, maintain, and improve the Monira platform
• To generate AI-powered financial insights, predictions, and health scores
• To process subscription payments through our payment partner Paddle
• To send essential service-related communications (e.g., billing, security alerts)
• We never sell your personal or financial data to third parties

3. Third-Party Services

We integrate with trusted third-party services to deliver our platform:

• Paddle — our Merchant of Record for payment processing, tax collection, and invoicing. Paddle processes your payment information directly; we never see or store your full card details.
• AI Providers (Gemini, OpenAI, Anthropic) — we send anonymized financial summaries to AI providers to generate insights. Raw transaction data with personally identifiable information is never sent.
• Google OAuth — if you choose to sign in with Google, we receive your name, email, and profile picture. We do not access any other Google data.
• Vercel — our hosting provider, which processes requests and may collect anonymized analytics.

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it.

• Passwords are hashed using bcrypt with salt rounds — we never store plaintext passwords
• Sensitive configuration data (AI API keys) is encrypted at rest using AES-256 encryption
• All data transmission is encrypted via HTTPS/TLS
• Database access is restricted and monitored
• JWT-based session management with secure, httpOnly cookies

5. Cookies

We use only essential cookies required for the service to function properly:

• Authentication session cookies — to keep you signed in
• CSRF protection tokens — to protect against cross-site request forgery
• We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across websites

6. Data Retention

Your data is retained for as long as your account remains active. If you delete your account, we will remove all your personal and financial data from our systems within 30 days.

Anonymized, aggregated data (which cannot be linked back to you) may be retained for service improvement purposes.

7. Your Rights

You have the right to:

• Access — view all personal and financial data we hold about you
• Export — download your data in CSV or PDF format at any time
• Correction — update or correct any inaccurate information
• Deletion — request complete deletion of your account and all associated data
• Portability — receive your data in a structured, commonly used format

8. Contact Us

If you have questions, concerns, or requests regarding your privacy or this policy, please reach out to us: