How we take care of your data at Moni
Your privacy is a core commitment at Moni. This page explains, in plain language, what we do to protect your financial information.
The principle that guides us
Your finances tell a story about you. Whoever works with that has double the responsibility. We built Moni on three principles:
- Collect only what's needed. Every field in Moni exists because it's essential for the product to function.
- Protect at every layer. From the password you create to the filter we apply before sending text to artificial intelligence.
- Operate with clarity. You have the right to understand how your data is handled without reading 40 pages of legal terms.
Data we don't ask for
Many financial apps ask for tax ID, phone number, full address at signup. Moni doesn't. This data isn't necessary for our product to work, so it isn't in our database. The less personal information we collect, the lower the risk in any scenario.
To use Moni, we only need:
- Name (how you want to be called)
- Email (to access your account)
- Date of birth (to confirm you're 18 or older)
- Password (always stored encrypted)
How we protect your bank accounts
When you add an account to Moni, you type the number once. From that point on, the full number stops existing in our database.
We keep two pieces of information:
- A mathematical "fingerprint" (called a hash) — used internally to reconcile with statements
- The last four digits — so you can recognize the account visually, in the format
Bank •••• 1234
Even if someone gained access to our database, they wouldn't be able to reconstruct your account number from the information stored.
How we handle Artificial Intelligence
Moni uses artificial intelligence to help you understand your spending. This means some of your information is processed by AI models. We take three specific precautions:
Automatic filter for sensitive data. Before any message of yours reaches the AI engine, a filter automatically identifies and replaces tax IDs, credit card numbers, account numbers, and phone numbers with generic markers. If you write "my tax ID is 123.456.789-00", the filter sends to the AI "my tax ID is [TAXID_REDACTED]".
Paid model, no training. We use Google's AI engine in paid mode, which guarantees by contract that your conversations are not used to train models. This applies to all interactions with the Moni assistant.
Processing within the European Union. Data is processed on servers located in Ireland, subject to European data protection law (GDPR), one of the strictest in the world.
How we audit modifications
Every change to your data — made by you, by the system, or by the Moni team — is recorded in an internal audit log. Who made the change, when, and what changed from which value to which value.
This log keeps 365 days of history. If you want to understand what happened with any data of yours, just ask through our contact channel — we respond within the timeframe required by law.
How long we keep each type of data
We define clear, automatic retention periods:
| Type of data | Period |
|---|---|
| AI chat messages | 90 days |
| Audit log | 365 days |
| Operational system logs | 48 hours |
| Your financial data (transactions, accounts, budgets) | While you use Moni |
When you delete your account, all your data is removed from the system in cascade. There's no hidden trash or silent retention.
Where your data is stored
Moni's data is stored on servers in Ireland, within the European Union, operated by one of the world's leading cloud infrastructure providers. We work with vendors that hold international security certifications and maintain strict data protection contracts.
Our operations team accesses the system only for maintenance, development, and support — always with internal logs of what was done.
What we don't do
As important as what we do is what we don't do.
- We don't sell your data to third parties. Not aggregated, not anonymized. It's not our business model.
- We don't share your data with partners for marketing or advertising purposes.
- We don't train AI with your conversations. It's a contractual clause with our AI provider.
- We don't ask for unnecessary information. If a field isn't essential, it isn't there.
- We don't hide incidents. If something happens, you'll know. The law requires us to notify you and the relevant authority within a short timeframe, and we treat this as a priority commitment.
What you can do
Protecting your data is a two-way street. Some practices depend on you:
- Use a strong, unique password for Moni. Don't reuse passwords from other services.
- Consider using a password manager (1Password, Bitwarden, or your browser's built-in one).
- Never share your password, not even with us. We will never ask.
- Enable two-factor authentication as soon as we offer it.
- Report any unusual activity or privacy concern.
How to talk to us about privacy
For questions, requests to access your data, deletion requests, or any matter related to data protection:
Email: [email protected]
We respond within 5 business days for general inquiries. For formal legal requests (data access, correction, deletion), we respond within 15 days, as required by data protection law.
Last updated: June 2026 · Next review: December 2026