Privacy Policy
Effective date: 27 May 2026 · Version 1.0
1. Who runs this service
Moniqo is operated by OptiFi Technologies LLP (“we”, “us”) and runs on secure, encrypted cloud infrastructure under our control. The application is single-tenant — your data lives on servers we operate exclusively for you and your authorized family members.
2. What data we collect
2.1 Account data
- Email address, full name, optional phone number — supplied at sign-up.
- Password hash (Argon2id) — we never store your password in clear text.
- OAuth provider account IDs (Google, Microsoft) if you sign in with those.
- Multi-factor authentication secret (encrypted) and one-use backup codes (hashed).
2.2 Financial data you enter
- Bank accounts, credit cards, transactions, budgets, goals, assets, liabilities.
- Receipt images you upload (stored as private files in encrypted object storage, accessed only via short-lived signed links).
- OCR results extracted from receipts.
2.3 Diagnostic data
- Login timestamps, IP addresses (rate-limit + audit log), user-agent strings.
- Server logs (errors, performance metrics) — retained 30 days.
3. How we use your data
- To provide the application’s core functionality (showing balances, generating reports, sending receipts).
- To send transactional emails — password resets, MFA setup confirmations, security alerts. We never send marketing emails.
- To detect and prevent abuse (rate limits, audit logs).
- To generate AI insights, where you have explicitly enabled them (via a third-party AI service — see Section 6).
4. Where your data is stored
- Primary database: encrypted, single-tenant database on secure cloud infrastructure. Encrypted at rest and in transit.
- Receipt files: stored in private, encrypted object storage. Public access blocked; access only via short-lived signed links.
- Backups: nightly, encrypted, retained on separate encrypted storage. Retention: daily 30 days, monthly 12 months.
- Logs: application-server logs, rotated daily, retained 30 days.
5. Who can see your data
- You: always — every record you create.
- Your family members: only records you have explicitly marked as “Shared with family”.
- OptiFi operators: only when you raise a support request that requires database access. Each access is logged in the audit trail.
- No one else. We do not sell, rent, or share your data with advertisers, data brokers, or analytics platforms.
6. AI processing (when enabled)
If you enable AI insights, we send aggregated, redacted summaries (totals, category breakdowns, vendor names) to a third-party AI service for monthly summary generation. We do not send: account numbers, card numbers, full transaction notes, names, or email addresses. The PII redaction layer is documented in our codebase.
Receipt OCR runs locally on our server — receipt images never leave our infrastructure for OCR processing.
7. Your rights
You can, at any time:
- Export your data as JSON via Settings → Privacy & data → Download my data.
- Delete your account via Settings → Privacy & data → Delete my account. A 30-day grace period applies; data is permanently erased afterward, except audit-log rows which are anonymized (your user id removed) for compliance and security investigation.
- Correct or update any record directly in the application.
- Request information about what we store, by emailing the address in Section 10.
For users in the European Economic Area, this Privacy Policy is intended to align with the GDPR. For users in the UAE, alignment with the UAE Personal Data Protection Law (Federal Decree-Law 45/2021) is the goal. Final text pending legal review.
8. Security
- Passwords hashed with Argon2id (memory-hard).
- Sessions JWT-signed; HTTPS-only in production.
- API rate-limited per-IP across four tiers (auth, password-reset, OCR, general API).
- Multi-factor authentication available (TOTP).
- Strict Content-Security-Policy + HSTS preload.
- Nightly encrypted backups; quarterly restore drills.
- Audit log of every login, MFA event, password reset, OAuth link, and admin action.
9. Cookies
We use a single first-party HTTP-only session cookie (Auth.js) to keep you signed in. No analytics cookies, no advertising cookies, no third-party trackers.
10. Contact
Questions about this policy? Email privacy@moniqo.me.