This policy applies to the Moneycule mobile application and any related services. By using Moneycule, you agree to the collection and use of information as described here.
1 Who We Are
Moneycule ("we", "our", or "us") is a personal finance application developed and operated as an independent product. We are the data controller for all personal data processed through the Moneycule app.
If you have any questions about this policy or how we handle your data, please contact us at contact@moneycule.io.
Your Responsibility for Entered Data: You are solely responsible for the accuracy, legality, and sensitivity of any information you voluntarily enter into the App. We do not review, verify, or assume any responsibility for user-entered content. Any decision to input sensitive or private information — such as personal identification details, financial account information, or any other confidential data — is made entirely at your own discretion and risk. We expressly disclaim all liability for any consequences, whether direct or indirect, arising from the information you choose to enter.
2 Data We Collect
2.1 Data You Provide Directly
- Financial records — transactions, accounts, budgets, goals, and expenditures you manually enter into the app.
- Account metadata — account names, types, currencies, and custom icons you create.
- Categories and tags — custom labels you define to organise your data.
- App preferences — date format, timezone, week start day, and notification settings.
2.2 Data Collected Automatically
- Device information — device model, operating system version, unique device identifiers (used for crash diagnostics and analytics).
- App usage data — screens visited, features used, session duration, and in-app events (collected via Firebase Analytics).
- Crash reports — stack traces and diagnostic logs generated when the app encounters an error (collected via Firebase Crashlytics).
- Performance data — app start time, network request latency, and rendering metrics (collected via Firebase Performance Monitoring).
- IP address — logged transiently for security and fraud prevention; not stored long-term.
2.3 Data We Do Not Collect
- We do not connect to or scrape your bank accounts.
- We do not collect payment card numbers or banking credentials.
- We do not sell your personal or financial data to third parties.
3 How We Use Your Data
We use the data we collect for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core app functionality | Financial records, preferences | Contract performance |
| Cloud backup & sync (Pro/Essential) | Financial records, account metadata | Contract performance |
| AI financial assistant (Pro) | Financial records (anonymised in transit) | Consent |
| Crash diagnostics & bug fixing | Crash reports, device info | Legitimate interest |
| App performance improvement | Usage data, performance metrics | Legitimate interest |
| Serving ads (Free tier) | Device ID, general usage context | Consent |
| Fraud & abuse prevention | Device info, IP address (transient) | Legitimate interest |
4 Third-Party Services
Moneycule integrates the following third-party services. Each operates under its own privacy policy:
Google LLC
Google Play Services, Google AdMob (Free tier ads), Google Sign-In. Governed by Google's Privacy Policy.
Firebase (Google LLC)
Firebase Analytics, Crashlytics, Performance Monitoring, and Cloud Firestore (backup). See Firebase Privacy.
AI Service Provider
The AI assistant feature transmits anonymised financial summaries to a third-party LLM provider solely to generate responses. No raw data is stored by the provider beyond the request lifecycle.
5 Google & Firebase Tracking
5.1 Firebase Analytics
We use Firebase Analytics to understand how users interact with Moneycule — which features are used most, typical user flows, and retention patterns. This data is aggregated and pseudonymised; we do not use it to identify you individually.
Firebase Analytics assigns a random app instance ID to your installation. This ID resets when you reinstall the app. You can opt out of analytics data collection at any time in Settings → Privacy → Usage Analytics within the app.
5.2 Firebase Crashlytics
Crashlytics collects crash reports automatically when the app encounters an unhandled exception. Reports include the device model, OS version, app version, and the stack trace of the error. No personally identifiable financial data is included in crash reports.
5.3 Firebase Performance Monitoring
Performance Monitoring measures app start time, network request duration, and screen rendering. This data is used solely to improve app stability and speed.
5.4 Google AdMob
Free-tier users see ads served by Google AdMob. AdMob may use device identifiers and contextual signals to serve relevant ads. Paid subscribers (Essential and Pro) have all ad placements removed and are not subject to AdMob tracking. You can reset your advertising ID or opt out of personalised ads in your device settings.
5.5 Disabling Google Tracking
To limit Google's data collection on Android:
- Go to Settings → Google → Ads → Delete advertising ID (Android 12+) or Opt out of Ads Personalization.
- Disable analytics in-app: Moneycule Settings → Privacy → Usage Analytics → Off.
6 Idempotency & Data Integrity
To protect the accuracy of your financial records, Moneycule implements idempotency across all data operations — meaning that submitting the same request multiple times (e.g., due to a network retry) will produce exactly one change in your data, never a duplicate.
Each transaction, account update, goal change, and sync operation is assigned a unique idempotency key. If the same key is received more than once — caused by connectivity issues, app restarts, or background retries — only the first operation is applied. Subsequent identical requests are safely deduplicated server-side.
This guarantee means:
- A transaction you log once will never be recorded twice, even if the app retried silently.
- Cloud sync operations are safe to retry without risk of corrupting your data.
- Your financial totals, budgets, and goal progress will always reflect your actual inputs.
Idempotency keys are stored temporarily on our servers for up to 24 hours to enable deduplication, after which they are purged.
7 Data Storage & Security
7.1 Local Storage
All financial data entered into the app is stored locally on your device in an encrypted SQLite database. This data never leaves your device unless you explicitly enable cloud backup or use the AI assistant feature.
7.2 Cloud Storage
When cloud backup is enabled (Essential and Pro plans), your data is stored in Google Cloud Firestore, encrypted at rest using AES-256 and in transit using TLS 1.2+. Access is restricted to your authenticated account only.
7.3 Security Measures
- All API communications use HTTPS with certificate pinning.
- Authentication tokens are stored in the device's secure keystore / keychain.
- We perform periodic security reviews and dependency audits.
- In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by applicable law.
7.4 User Responsibility for Entered Data
While we implement the security measures described above, you bear sole responsibility for deciding what sensitive or private information you enter into the App. The App is a personal finance tracking tool — it is designed to hold financial records you manually input. We strongly advise you not to enter data beyond what is necessary for personal finance management (e.g., avoid entering full bank account numbers, national identity numbers, or passwords).
We cannot be held liable — directly or indirectly — for any harm, loss, exposure, or damages of any kind arising from sensitive or private information you voluntarily input into the App. Your use of the App with such information is entirely at your own risk.
8 Data Retention
- Local data — retained on your device until you delete the app or use the in-app data wipe function.
- Cloud backup data — retained for the duration of your active subscription, plus 90 days after cancellation to allow re-activation. Permanently deleted thereafter.
- Analytics & crash data — retained by Firebase for up to 14 months per Google's data retention policy.
- Idempotency keys — purged within 24 hours of creation.
- Support communications — retained for up to 2 years for quality assurance purposes.
You may request early deletion of your cloud data at any time by contacting contact@moneycule.io or using the in-app account deletion function.
9 Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access
Request a copy of all personal data we hold about you.
Rectification
Correct any inaccurate personal data we hold.
Erasure
Request deletion of your personal data ("right to be forgotten").
Portability
Export your financial data in JSON format at any time via the app.
Objection
Object to processing based on legitimate interest (e.g., analytics).
Restriction
Request we restrict processing of your data in certain circumstances.
To exercise any of these rights, contact us at contact@moneycule.io. We will respond within 30 days.
10 Children's Privacy
Moneycule is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at contact@moneycule.io and we will delete it promptly.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via:
- An in-app notification on your next app launch.
- A notice on our website at least 7 days before the change takes effect.
For significant changes affecting your rights, we will provide 30 days' advance notice. Your continued use of Moneycule after the effective date constitutes acceptance of the updated policy.
12 Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or how we handle your data, please reach out: