← Home

Legal

Privacy Policy

Last updated: 5 July 2026

This Privacy Policy explains how Monivera (the "App"), an independent budgeting app operated by its developer ("Monivera", "we", "us", or "our"), collects, uses, shares, and protects your personal data when you use the App and related services. It also describes the choices and rights you have over your data.

We are based in Singapore, and we handle personal data in accordance with the Singapore Personal Data Protection Act 2012 (the "PDPA"). Because Monivera is available worldwide through the App Store, this policy also covers rights that apply to users in the European Economic Area (EEA), the United Kingdom, and California. If you do not agree with this policy, please do not use the App.

1. A quick summary

  • Your money data stays private. We do not sell your personal data, and we do not use it for advertising or cross-app tracking.
  • We collect what the App needs to work — your account details, the budgets and transactions you create, and basic technical data to deliver notifications and keep the App reliable.
  • AI parsing is limited and purpose-bound. When you use automatic transaction capture, the alert text you share is sent to an AI provider only to extract the amount, merchant, and category. It is not used to train their models. See Section 5.
  • You are in control. You can access, correct, export, or delete your data at any time. See Section 9.

2. Information we collect

2.1 Information you provide

  • Account and profile data. When you create an account we collect your email address and, if provided by your sign-in method, your name and profile photo URL. You may add or edit your display name, first and last name, base currency, time zone, and notification preferences.
  • Financial content you create. The budgets, spending categories, financial accounts (names and types only — we do not connect to your bank or store bank credentials or card numbers), and individual transactions you enter or import. Transaction records can include the amount, currency, date, merchant or payee name, free-form notes, tags, and cash/status flags.
  • Bank alert text (for AI capture). If you use automatic transaction logging, the raw text of the bank SMS or email alert you share with the App is processed and stored as the source of the resulting transaction. See Section 5.
  • Household sharing data. If you invite someone to share a household budget, we collect the invitee's email address to deliver the invitation. Members of a shared household can see that household's budgets, categories, and transactions.
  • Search queries. Terms you search within the App are saved as recent search history to make searching faster.
  • Support communications. If you contact us (for example by email), we keep your messages and contact details to respond.

2.2 Information collected automatically

  • Device and push token. To send you budget alerts and household notifications, we store a push notification token and your device platform (iOS or Android). This token is a device identifier issued by the notification service.
  • Identifiers. A user account identifier is used to associate your data with your account.
  • Usage and product-interaction data. We use product analytics to understand which features are used and how the App performs, so we can improve it. This includes in-app events and interactions, associated with a pseudonymous identifier.
  • Diagnostics and crash data. We collect crash reports, error logs, and performance data to find and fix problems. These may include device model, operating-system version, and technical information about the error.

2.3 Information from third parties

  • Sign-in providers. If you choose to sign in with Apple or Google, we receive basic profile information from them (such as your email address, name, and profile photo URL) as permitted by your settings with that provider. We do not receive your password. Apple's "Hide My Email" is supported by the sign-in flow if you use it.

2.4 Data we do not collect

Monivera does not request or collect your precise or coarse location, your contacts, photos, camera, microphone, health data, browsing history, or advertising identifiers. We do not process bank credentials or card numbers, and the App has no third-party advertising.

3. Data collected at a glance

The table below maps the data above to Apple's App Store privacy categories. All data is linked to your identity (your account) and none of it is used to track you across other companies' apps or websites.

Apple categoryWhat / why
Contact Info — Name, EmailAccount creation, sign-in, household invitations, support.
Financial Info — Other Financial InfoBudgets, transaction amounts, merchants — core app functionality.
User Content — Other User ContentTransaction notes, tags, and shared bank-alert text.
Search HistoryRecent in-app search terms, to speed up searching.
Identifiers — User ID, Device IDAccount identifier and push token, for app functionality and notifications.
Usage Data — Product InteractionFeature usage analytics, to improve the App.
Diagnostics — Crash & Performance DataCrash and error reporting, to keep the App reliable.

4. How we use your information

  • To create and manage your account and authenticate you.
  • To provide the core budgeting features: recording transactions, calculating budgets and remaining balances, categorizing spending, and searching your history.
  • To parse the bank-alert text you share into a structured transaction (see Section 5).
  • To enable household budget sharing and send you budget alerts and invitation notifications.
  • To maintain, secure, debug, and improve the App, including through analytics and crash diagnostics.
  • To respond to your support requests and communicate with you about the App.
  • To comply with legal obligations and enforce our terms.

5. AI processing of bank-alert text

Monivera's automatic transaction capture uses a large language model (LLM) to read a bank SMS or email alert and extract the amount, merchant, date, and a suggested category from your own category list.

  • What is sent. Only the alert text you choose to share (truncated to a short length), the names of your budget categories, and your base currency. We do not send your name, email, account balances, or transaction history.
  • Who processes it. The text is processed by our AI sub-processors, Anthropic and Google, through their APIs. Under their business/API terms, inputs submitted through the API are not used to train their models.
  • Storage. The original alert text is stored with the resulting transaction so you can see where it came from and edit it. You can delete the transaction, which removes the stored source text.
  • Automated processing. This parsing does not produce legal or similarly significant effects about you; low-confidence results are surfaced for your review rather than logged automatically.

6. How we share information

We do not sell your personal data. We share it only in these situations:

  • Service providers (sub-processors) who process data on our behalf, listed below.
  • Other household members. If you join or create a shared household, its members can see that household's shared budget data.
  • Legal and safety. Where required by law, legal process, or to protect the rights, safety, and security of our users or the App.
  • Business transfer. In connection with a merger, acquisition, or sale of assets, subject to this policy.

6.1 Sub-processors

ProviderPurposeData involved
SupabaseHosting, database, authenticationAll account and financial data
AnthropicAI parsing of bank-alert textShared alert text, category names
Google (Gemini)AI parsing of bank-alert textShared alert text, category names
ExpoPush notification deliveryPush token, notification content
SentryCrash and error reportingDiagnostic and device data
PostHogProduct usage analyticsPseudonymous usage events
Grafana CloudService monitoring and logsOperational and diagnostic logs
Apple, GoogleSign-in (if you use it)Basic profile from the provider

7. International data transfers

Your data is primarily hosted in Singapore. Some of our sub-processors (including the AI, notification, analytics, and monitoring providers above) operate in other countries, such as the United States and the European Union. Where we transfer personal data out of Singapore, we take reasonable steps to ensure a comparable standard of protection as required by the PDPA, and, for EEA/UK data, rely on appropriate safeguards such as the applicable standard contractual clauses.

8. Data retention

We keep your personal data for as long as your account is active or as needed to provide the App. You can delete individual transactions and content at any time, which removes them from our active systems. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements. Backups are purged on a rolling schedule.

9. Security

  • In transit. All communication between the App and our services uses HTTPS/TLS encryption.
  • At rest. Data stored with our hosting provider is encrypted at rest.
  • On your device. Your sign-in tokens are stored in the device's secure keystore (iOS Keychain / Android Keystore) and are not synced to iCloud.
  • Access isolation. Database access is protected by row-level security so members of one household cannot access another household's data.
  • Optional biometric lock. You can enable Face ID / device biometrics to lock the App. Biometric authentication happens entirely on your device; we never receive or store your fingerprint or face data.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Your rights and choices

Depending on where you live, you have some or all of the following rights. Many of them you can exercise directly in the App:

  • Access and portability — review your account and data, and request a copy.
  • Correction — edit your profile, budgets, and transactions.
  • Deletion — delete individual records or your entire account.
  • Withdraw consent — turn off notifications or disable optional features at any time.
  • Objection and restriction — where applicable under the GDPR/UK GDPR.

EEA/UK users (GDPR). Our legal bases for processing are: performance of our contract with you (to provide the App), your consent (for optional features such as notifications), our legitimate interests (to secure and improve the App), and compliance with legal obligations. You may also lodge a complaint with your local data protection authority.

California users (CCPA/CPRA). We do not sell or share your personal information as those terms are defined under California law, and we do not use it for cross-context behavioral advertising. You have the right to know, delete, correct, and to be free from discrimination for exercising these rights.

To exercise any right, use the in-app controls or contact us at support@monivera.app. We may need to verify your identity before acting on a request.

11. Children's privacy

Monivera is not directed to children. You must be at least 13 years old to use the App. In the EEA and the United Kingdom, where a higher age of digital consent applies (up to 16), you must meet that age or have the consent of a parent or guardian. We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the App. Your continued use of Monivera after an update means you accept the revised policy.

13. Contact us

If you have questions about this policy or how we handle your data, or to exercise your rights, contact us at support@monivera.app.