Privacy Policy

Last Updated: February 19, 2026

Monavio ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance application at monavio.app and our mobile applications (the "Service").

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address
  • Password (encrypted)
  • Display name (optional)
  • Profile photo (optional)

Financial Data:

  • Bank and credit card statements you upload (PDF, CSV)
  • Transaction details extracted from statements
  • Account names and balances
  • Investment holdings and values
  • Manual entries (assets, liabilities, transactions)
  • Budget configurations
  • Custom categories and rules
  • Financial goals

1.2 Information Collected Automatically

Usage Data:

  • Features accessed and actions taken
  • Time spent in the application
  • Error logs and crash reports
  • Device information (type, operating system, browser)
  • IP address

Analytics:

  • Aggregated usage patterns
  • Feature adoption metrics
  • Performance metrics

1.3 Information from Third Parties

We may receive information from:

  • Payment processors (Stripe) regarding subscription status
  • Authentication providers (if using social login)

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process and categorize your financial transactions
  • Generate reports, charts, and insights
  • Calculate budgets, net worth, and projections
  • Provide customer support
  • Send service-related communications
  • Improve and optimize the Service
  • Prevent fraud and ensure security
  • Comply with legal obligations

AI-Powered Processing:

We use Google's Gemini AI to extract transaction data from your uploaded statements. This processing:

  • Occurs on secure Google Cloud infrastructure
  • Is used solely to provide the Service
  • Does not train AI models on your personal data
  • Is subject to Google Cloud's data processing agreements

3. How We Share Your Information

We do NOT sell your personal information. Ever.

We may share information with:

Service Providers:

  • Google Cloud Platform / Firebase (hosting, database, authentication)
  • Google Gemini (document processing and AI features)
  • Stripe (payment processing)
  • Analytics providers (aggregated, anonymized data only)

Legal Requirements:

  • When required by law, subpoena, or legal process
  • To protect our rights, privacy, safety, or property
  • To enforce our Terms of Service

Business Transfers:

  • In connection with a merger, acquisition, or sale of assets (you will be notified)

4. Data Storage and Security

Storage Location:

Your data is stored on Google Cloud Platform infrastructure, primarily in the United States. Data may be processed in other regions where Google Cloud operates.

Security Measures:

  • All data encrypted in transit (TLS 1.3)
  • All data encrypted at rest (AES-256)
  • Access controls and authentication
  • Regular security audits
  • Secure software development practices

Retention:

  • Account data: Retained while your account is active
  • Financial data: Retained until you delete it or your account
  • Usage logs: Retained for up to 12 months
  • Backups: Retained for up to 30 days after deletion

5. Your Rights and Choices

5.1 All Users

You have the right to:

  • Access your data (export via Settings)
  • Correct inaccurate data
  • Delete your account and all data
  • Opt out of marketing communications

5.2 European Economic Area (GDPR)

If you are in the EEA, you also have the right to:

  • Data portability
  • Restriction of processing
  • Object to processing
  • Lodge a complaint with a supervisory authority

Legal Basis for Processing:

  • Performance of contract (providing the Service)
  • Legitimate interests (security, improvement, analytics)
  • Consent (marketing communications)

5.3 California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Non-discrimination for exercising your rights

California Categories Collected:

  • Identifiers (email, IP address)
  • Financial information (transactions, accounts)
  • Internet activity (usage data)
  • Inferences (AI-derived categories)

We do NOT sell personal information as defined by CCPA.

6. Children's Privacy

Monavio is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

7. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

We use analytics cookies to:

  • Understand how users interact with the Service
  • Identify areas for improvement

You can control cookies through your browser settings.

8. International Transfers

Your data may be transferred to and processed in countries other than your country of residence. When transferring data outside the EEA, we use:

  • Standard Contractual Clauses
  • Data Processing Agreements with service providers

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification
  • In-app notification
  • Posting the updated policy on our website

Your continued use after changes constitutes acceptance.

10. Data Protection Officer

For privacy-related inquiries, contact our Data Protection Officer:

11. Contact Us

Questions about this Privacy Policy?

Monavio
Email: privacy@monavio.app
Website: monavio.app/privacy

This Privacy Policy is effective as of February 19, 2026.