Skip to content
Шагівниця

Privacy Policy

Effective date: March 08, 2026

This Privacy Policy explains what data we collect, why, and how we protect it. We respect the privacy of every User and process personal data in accordance with the Law of Ukraine "On Personal Data Protection" dated June 1, 2010 No. 2297-VI.

1. Data We Collect

Account data:

  • email address;
  • password hash (the password itself is never stored in plain text).

Financial data entered by the User:

  • transactions (income and expenses): amounts, dates, descriptions, categories;
  • budget limits by category;
  • savings goals and contributions;
  • debt, loan and asset records.

Data imported via the Monobank API (at the User's discretion):

  • bank transactions: amount, date, description, MCC code, balance;
  • Monobank API access token (stored in encrypted form).

Technical data:

  • registration and last login date and time;
  • authentication session data (session cookie).

Data we do NOT collect:

  • we do not use Google Analytics, Facebook Pixel or other third-party analytics systems;
  • we do not collect IP addresses for tracking;
  • we do not collect geolocation data;
  • we do not create advertising profiles of Users.

2. Purpose of Data Processing

  • creating and maintaining the User's account;
  • providing Service functionality: financial tracking, budgeting, reporting;
  • importing bank statements at the User's request;
  • ensuring account security;
  • sending important notifications about the Service.

We do not use User data for advertising, marketing profiling or sale to third parties.

3. Legal Basis for Processing

Personal data processing is carried out on the basis of the User's voluntary consent in accordance with Article 11 of the Law of Ukraine "On Personal Data Protection".

Consent is provided by the User during registration by confirming acknowledgment of this Policy and the Data Processing Consent.

The User has the right to withdraw their consent at any time (see Section 7).

4. Data Storage and Protection

  • passwords are stored exclusively as cryptographic hashes; the original password is not stored and cannot be recovered;
  • Monobank API access tokens are stored in encrypted form;
  • database access is restricted and secured;
  • each family has an isolated data space — Users of one family cannot access data of another;
  • connection to the Service is protected by the HTTPS protocol.

The administration takes reasonable technical and organizational measures to protect data from unauthorized access, loss, destruction or alteration.

5. Data Sharing with Third Parties

We do NOT share Users' personal data with third parties, except as required by the laws of Ukraine (based on court orders, law enforcement requests, etc.).

We do not sell, exchange or lease User data.

When importing transactions, the Service communicates with the Monobank API on behalf of the User. The Service does not transmit any User data to Monobank — it only receives data.

6. Cookies

The Service uses only essential technical cookies for maintaining authentication sessions and CSRF protection.

We do not use advertising, analytics or any third-party cookies.

Without technical cookies, the Service cannot function properly.

7. User Rights

In accordance with the Law of Ukraine "On Personal Data Protection", the User has the right to:

  • Know obtain information about what personal data is being processed, for what purpose, and who has access to it.
  • Access obtain a copy of their personal data processed by the Service.
  • Rectification request correction of inaccurate or incomplete personal data.
  • Erasure request deletion of their personal data by deleting their account.
  • Withdrawal of consent withdraw consent for personal data processing, resulting in account deletion and erasure of all data.

To exercise any of these rights, please contact: [email protected]

8. Data Retention Period

Personal data is retained for the entire duration of the User's account.

After account deletion, all personal data is removed within 30 calendar days.

The administration may retain anonymized aggregate data after account deletion — such data does not allow identification of any individual.

9. Policy Changes

We may update this Policy. The current version is always available on the Privacy Policy page.

Users will be notified of significant changes via email or in-app notification at least 14 days in advance.

10. Contact Information

For questions about personal data protection, please contact: [email protected]