Privacy Policy | Your Money Plan

1. Introduction

Welcome to Your Money Plan ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy in accordance with global data protection regulations including GDPR, CCPA, and emerging AI governance frameworks. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered financial management application.

2. Information We Collect

We collect information that you provide directly to us, including:

Account information (email address, name, encrypted password)
Financial data (expenses, income, budget allocations, account balances)
Receipt images, voice notes, and extracted data processed by AI
WhatsApp phone numbers and message content (for expense logging only)
Usage patterns, preferences, and interaction data
Device information, IP address, and browser type
Location data (only when explicitly enabled for currency detection)

3. AI Data Processing & Machine Learning

Your Money Plan uses artificial intelligence to enhance your experience. Here's how:

Receipt & Expense Parsing: Images, voice notes, and text messages are processed by Google Gemini AI to extract financial data. This data is processed in real-time and not stored by Google beyond the request.
Financial Coaching: Our AI coach analyzes your spending patterns to provide personalized insights. All analysis happens within your secure account context.
Categorization: AI automatically categorizes expenses based on merchant names and item descriptions.
No Training on Your Data: Your personal financial data is NEVER used to train our AI models or any third-party AI systems.
Human Review: AI-generated content may be flagged for quality assurance but is never reviewed with identifying information.

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services
Process and categorize your expenses using AI
Generate personalized financial insights and coaching
Convert currencies using real-time exchange rates
Send notifications, weekly summaries, and account alerts
Process WhatsApp messages for expense logging
Respond to your comments and support requests
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations

5. Data Storage & Security

Your data is stored securely using enterprise-grade infrastructure:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Authentication: Secure Firebase Authentication with optional two-factor authentication
Access Control: Row-level security ensures you can only access your own data
Infrastructure: Google Cloud Platform with SOC 2 Type II certification
Regular Audits: Quarterly security assessments and penetration testing
Incident Response: 24-hour breach notification commitment

No method of transmission over the Internet is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security.

6. Third-Party Services & Data Sharing

We use the following third-party services to provide our application:

Google Firebase: Authentication, database, and hosting
Google Gemini AI: Receipt parsing and financial coaching (no data retention)
Meta WhatsApp Business API: WhatsApp message processing (messages not stored by Meta beyond delivery)
Exchange Rate API: Currency conversion (no personal data shared)
Vercel: Application hosting and edge computing

7. Aggregated & Anonymized Data

To improve our services and support financial research, we may create aggregated, de-identified datasets from user activity. This data:

Is fully anonymized and cannot be traced back to any individual user
Contains no personal identifiers, account numbers, or contact information
Reflects general spending trends, category patterns, and behavioral insights at a population level

We reserve the right to share or license these anonymized, aggregate insights with third parties, including research institutions, financial service providers, and analytics partners. This helps us sustain and improve the service while contributing to broader financial literacy research.

Your personal financial data is never sold or shared in identifiable form. Only statistical summaries and trends derived from large user populations may be shared externally.

8. WhatsApp Integration Privacy

When you connect WhatsApp to Your Money Plan:

Only messages sent TO our business number are processed
We never access your other WhatsApp conversations
Phone numbers are stored encrypted and used only for message routing
You can disconnect WhatsApp at any time, which removes your phone number from our system
Message content is processed for expense extraction only and not stored beyond your expense records

9. Cookies & Tracking

We use only essential cookies required for application functionality (authentication, session management, preferences). We do NOT use third-party advertising cookies, tracking pixels, or sell data to ad networks. You can control cookie settings through your browser preferences.

10. Your Privacy Rights

Depending on your location, you have the following rights:

Access: Request a copy of all personal data we hold about you
Rectification: Correct any inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Export your data in a machine-readable format (JSON/CSV)
Restriction: Limit how we process your data
Objection: Object to certain types of processing, including AI analysis
Withdraw Consent: Revoke consent for optional processing at any time
AI Explanation: Request human explanation of AI-driven decisions affecting your account

To exercise these rights, contact us at hello@yourmoneyplan.app or use the data management tools in your account Settings.

11. Data Deletion

You have the right to request complete deletion of your account and all associated personal data at any time. There are two ways to do this:

Self-service (immediate): Go to Settings → Danger Zone → Delete Account. Your account and data will be permanently removed within 30 days.
By request: Email hello@yourmoneyplan.app with subject line "Data Deletion Request" and your registered email address. We will confirm deletion within 72 hours and complete it within 30 days.

Note: Legal and compliance records required by law may be retained for up to 7 years in anonymized form. Backup systems purge deleted data within 90 days.

12. Data Retention

We retain your personal information for as long as your account is active. After account deletion:

Personal data is deleted within 30 days
Anonymized analytics data may be retained for product improvement
Legal/compliance records are retained as required by law (typically 7 years)
Backup systems purge deleted data within 90 days

13. Children's Privacy

Your Money Plan is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

14. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email and/or in-app notification at least 14 days before they take effect. The "Last updated" date at the top indicates when this policy was last revised.

16. Contact Us

For all privacy-related questions, data requests, deletion requests, or to exercise your rights under GDPR/CCPA:

All inquiries: hello@yourmoneyplan.app

Data deletion requests: hello@yourmoneyplan.app (subject: "Data Deletion Request")

Response time: Within 72 hours acknowledgment, 30 days resolution (GDPR compliant)

Self-service: Settings → Danger Zone → Delete Account