MyMoney Privacy Policy

Effective Date: 2026-05-06 Last Updated: 2026-05-06

Note: This policy is drafted in plain English to satisfy GDPR (EU/UK), CCPA (California), and U.S. financial-services norms. It will be reviewed by counsel before public launch.

1. Summary (read-this-first)

We aggregate your bank, credit card, brokerage, and crypto data via Plaid, SnapTrade, and Coinbase. We never see your bank passwords.
We use Anthropic's Claude API for AI features. Some of your transaction descriptions, merchant names, balances, and categories are sent to Anthropic per query. You can turn this off in Settings.
We do not sell your data, ever.
You can download everything we have about you and delete your account at any time from Settings → Danger zone.
Account deletion has a 30-day grace period during which you can cancel; after that, deletion is permanent and we revoke connections at Plaid and SnapTrade on your behalf.

2. Who we are

MyMoney ("we," "us," "our," "the Service") is a personal financial management application operated by Andrew Walsh as a sole proprietor.

Contact for privacy matters: andrewdanawalsh@gmail.com.

We are the data controller for the personal information described in this policy. The third-party services listed in Section 6 are data processors acting on our behalf.

3. Information we collect

3.1 Information you give us directly

Account information: Display name, email address, password (stored hashed by Supabase Auth), TOTP authenticator metadata for multi-factor authentication.
Phone number (optional): If you opt into SMS alerts, you provide a mobile number which is verified via Twilio Verify (one-time SMS code). Used only for SMS messages described in our Messaging Policy.
Connection credentials: When you connect Plaid, SnapTrade, or Coinbase, we store encrypted access tokens issued by those services. We never receive your bank, brokerage, or exchange passwords.
Manual entries: Accounts, transactions, budgets, goals, bills, income sources, reimbursements, trips, tax history, and notes you create or edit in the app.
Tax documents: Files (W-2s, 1099s, receipts, etc.) you upload to the Document Vault.
Profile preferences: Display name, theme, tax filing status, notification routing, alert subscriptions, AI on/off, household membership, signup-code if applicable.
Legal acceptances: When you accept the Terms of Service, Privacy Policy, or AI Disclosure, we record the document version, your user ID, the timestamp, and the IP address of the request.

3.2 Information collected automatically

Usage data: Pages visited, features used, session timestamps.
Device information: Browser, OS, screen size, locale.
Log data: Server error logs, API request logs, security events, retained for 90 days.

3.3 Information from third parties

Plaid: Account balances, transaction history (up to 24 months), account names, institution names, account types, holdings (if Investments product is enabled).
SnapTrade: Brokerage account balances, holdings, activity, account metadata.
Coinbase (CDP): Crypto holdings, trade history, balances, via a read-only API key you create at portal.cdp.coinbase.com.

4. How we use your information

We process your data on the following lawful bases (GDPR Art. 6):

Purpose	Lawful basis
Operating your account, displaying balances, transactions, dashboards	Contract (Art. 6(1)(b)) — to perform the Service you signed up for
Multi-factor authentication, breach detection, audit logs	Legitimate interests (Art. 6(1)(f)) — securing your account
AI features (recategorizer, advisor, anomaly detection, etc.)	Consent (Art. 6(1)(a)) — togglable per-user; opt-out at any time
Email + SMS alerts and digests	Consent (Art. 6(1)(a)) — opt-in per channel + per type
Account-security email (verification, password reset, MFA reset)	Contract — required to operate your account
Compliance (responding to lawful requests, fraud prevention)	Legal obligation (Art. 6(1)(c))

We do not use your financial data for advertising, marketing to third parties, profiling for anyone outside MyMoney, or any decisional algorithm with legal effect on you.

This is important enough to call out separately. See the AI Disclosure for full details.

What we send to Anthropic per query:

Per-query: a slice of your transactions, account balances, budgets, goals, holdings, recent bills, income totals, with raw merchant names and dollar amounts.
We do not send: your name, email, phone, address, account numbers, login credentials, or government IDs.

What Anthropic does with it: Anthropic's API does not retain prompts beyond ephemeral processing required to generate the response, per their data usage terms. We do not train any model on your data and Anthropic does not train on API traffic by default.

You can disable all AI processing in Settings → Preferences → AI features. With AI off, no further data is sent to Anthropic and the AI surfaces in the app are hidden.

6. Service providers (sub-processors)

We share the minimum data necessary with each of the following processors:

Provider	Purpose	Data shared
Plaid	Bank / credit card / brokerage connectivity	Encrypted access tokens, occasional account-meta refreshes; Plaid is also the data source we read from
SnapTrade	Brokerage connectivity (esp. Fidelity, Schwab)	Encrypted user secret, authorization IDs
Coinbase (CDP)	Crypto portfolio data	Read-only API key you provide
Anthropic	AI features	Per-query slice of your financial data; no PII; opt-out via Settings
Supabase	Database, auth, storage	All app data (encrypted at rest, RLS-isolated)
Vercel	Application hosting	Request logs, environment configuration
Twilio	SMS verification + alert SMS	Phone number, message bodies (if you opt in)
Resend	Transactional + alert email	Email address, message bodies

All providers are bound by Data Processing Agreements (see Section 11). Each handles your data per their own published privacy policies, which we link from Settings → Legal.

7. How we protect your information

All data in transit is protected by TLS 1.2 or higher.
All data at rest is encrypted by Supabase's underlying infrastructure (AES-256, AWS KMS).
Access tokens for Plaid, SnapTrade, and Coinbase are additionally encrypted at the application layer using AES-256-GCM with a key separate from the database (ENCRYPTION_KEY env var). Even a database leak would not expose plaintext tokens.
Row-Level Security is enabled on every user-keyed table; queries enforce auth.uid() = user_id server-side. No user can read another user's rows.
Multi-factor authentication (TOTP) is mandatory for every account.
Tax documents are stored in a private Supabase Storage bucket with time-limited signed URLs for access.
See our Information Security Policy for the full operational view.

8. Data retention

Data type	Retention
Account profile + financial data	Life of account, then deleted on day-30 of grace
Transaction history	Life of account; you may delete individual rows
Tax documents	Until you delete them or close the account
Advisor conversation history	12 months, then automatically deleted
Server log data	90 days
Alerts	30 days (180 days for critical-severity); auto-purged
`alert_deliveries` (delivery audit)	90 days
Pending SMS deliveries (sent / failed)	30 days
Phone verifications	7 days
Expense-anomaly feedback	365 days
Legal acceptances	Life of account + 7 years (for compliance proof)
Data export request log	Life of account (signed URLs expire after 7 days)

When you delete your account, the 30-day grace begins. On day 30 we hard-delete every database row, every storage object, and we revoke connections at Plaid and SnapTrade on your behalf. Server-side log lines containing your user ID are aged out under the 90-day log retention.

9. Your rights

You have the following rights regardless of jurisdiction; specific local laws (GDPR, UK GDPR, CCPA) may give you additional ones.

Right	How to exercise it
Access — see what we hold about you	Settings → Danger zone → "Download my data"
Portability — receive your data in a machine-readable format	Same — JSON archive emailed to you
Correct — fix wrong data	Edit profile, transactions, budgets, etc. directly in the app
Delete — erase your data	Settings → Danger zone → "Delete account" (30-day grace, then permanent)
Restrict / object — pause processing	Disconnect Plaid / SnapTrade / Coinbase from Accounts; turn off AI in Preferences
Withdraw consent — for AI, alerts, etc.	Toggle off per-channel / per-type in Settings; effective immediately
Lodge a complaint with a supervisory authority (EU/UK only)	Your local Data Protection Authority

For any right above that's not yet self-serve, email andrewdanawalsh@gmail.com and we will respond within 30 days.

10. International data transfers

Our infrastructure runs in the United States (Supabase, Vercel, Anthropic, Plaid, SnapTrade, Coinbase, Resend, Twilio are all U.S.-based or have U.S. operations). If you access MyMoney from outside the U.S., your data is transferred to and processed in the U.S. We rely on Standard Contractual Clauses (SCCs) and our processors' compliance with applicable transfer mechanisms.

11. Data Processing Agreements (DPAs)

We have or are in the process of executing DPAs with: Plaid, SnapTrade, Anthropic, Supabase, Vercel, Resend, and Twilio. The current status of each DPA is tracked internally and available on request to andrewdanawalsh@gmail.com.

12. Children's privacy

MyMoney is not intended for use by anyone under 18. We do not knowingly collect data from minors. If you become aware that a minor has created an account, contact us and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy. The version is identified by the "Last Updated" date at the top. For material changes, we require explicit re-acceptance in the app before you can continue using MyMoney — you'll be presented with a one-time "We've updated our policies" screen at next login. We also record every acceptance with timestamp and IP for audit (see Section 3.1).

14. Contact

For privacy questions, data subject requests, or security concerns:

Andrew Walsh · Owner, MyMoney andrewdanawalsh@gmail.com

We respond to data subject requests within 30 days.