Privacy Policy

Last Update: August 2025

MoneyCoach UG (haftungsbeschränkt)
c/o Volkssolidarität e. V.
Alte Schönhauser Straße 16
10119 Berlin, Deutschland

Privacy Officer: privacy@moneycoach.ai
Legal Representative: Perjan Duro, Managing Director

🛡️ Our Privacy Promise: We built MoneyCoach because we wanted a financial app that respects privacy. As daily users ourselves, we only collect what's absolutely necessary to make the app work well for you.

What You Should Know

We use MoneyCoach ourselves every day, so we care about privacy just as much as you do. Here's what matters most:

🔒 We never sell your data - Your financial information is never sold to anyone, ever.

📱 Your data stays on your device - Your transactions and budgets are stored locally on your phone.

🏦 You control bank connections - Only you decide which accounts to connect, and you can disconnect anytime.

🤖 AI makes your transactions better - We use Firebase Genkit to categorize transactions automatically and make them clearer.

☁️ Optional cloud sync - You choose whether to sync via iCloud. It's always encrypted.

Easy to leave - Delete the app, delete your data. No questions asked.

1. Who We Are

MoneyCoach UG is a German company that makes personal finance apps. We're based in Berlin and follow German and European data protection law (DSGVO/GDPR).

When you connect your bank accounts, we work with GoCardless (EU-licensed in Latvia) to securely access your banking data. We also use Firebase to store some data securely and Firebase Genkit to make your transaction descriptions clearer.

2. What Data We Collect

Financial Data Categories

Transaction Information (Stored Locally) We store your financial transactions including amounts, currencies, dates, and merchant names. This includes payment methods you use (cash, card, or transfer), any personal notes you add, and custom categories you create to organize your spending.

Account Information (When Using Open Banking) When you connect bank accounts, we access account names, identifiers like IBAN numbers, current and historical balances, account types (checking, savings, credit), and currency information.

Budgeting & Planning Data Your budgets include the limits and categories you set, savings goals and targets you're working toward, recurring transaction patterns we identify, and spending forecasts to help you plan ahead.

Technical Data Categories

Device & App Information We collect basic technical information like your device model, iOS version, app version, language settings, screen size, device capabilities, and when you installed or updated the app.

Usage Analytics (Optional) If enabled, we track which features you use most often, app performance metrics, how you interact with the interface, and how long and frequently you use the app.

Diagnostic Data When problems occur, we collect crash reports, error logs, performance monitoring data, network connectivity issues, and steps that help us reproduce and fix bugs.

What We Explicitly DON'T Collect

Banking Credentials: Never your passwords or PINs
Investment Details: No portfolio or trading information
Location Data: No GPS tracking or location services
Contacts: No access to your address book
Photos: No image or document scanning

Data Collection Control:
You can disable analytics anytime in Settings → Privacy → Usage Data.

3. Legal Basis for Processing Your Data (DSGVO/GDPR)

Under Art. 6 Abs. 1 DSGVO/GDPR, we process your personal data based on these legal grounds:

Contract Performance (Art. 6 Abs. 1 lit. b DSGVO/GDPR)

  • Purpose: Providing core app functionality, showing transactions and balances
  • Data: Financial transactions, account balances, user-created categories
  • Why necessary: Essential for delivering the personal finance management service you requested

Legitimate Interest (Art. 6 Abs. 1 lit. f DSGVO/GDPR)

  • Purpose: App improvement, analytics, crash reporting, customer support
  • Data: Usage statistics, crash logs, device information
  • Our interest: Maintaining and improving our service
  • Your rights: You can object to this processing at any time

Consent (Art. 6 Abs. 1 lit. a DSGVO/GDPR)

  • Purpose: Bank account connections via Open Banking, AI transaction enhancement
  • Data: Banking data, transaction descriptions sent to AI
  • Your control: Withdrawable at any time in app settings

4. How We Use Your Data

To Make MoneyCoach Work

  • Show your transactions and balances
  • Sync across your devices (if you enable iCloud)
  • Provide customer support when you need help

To Make It Better With AI

We send your transaction descriptions to Firebase Genkit to make them clearer. For example:

  • "AMZN MKTP DE" becomes "Amazon"
  • Auto-categorizes as "Shopping"

Important: This processing only happens to improve your transaction descriptions. Your data follows Firebase's standard privacy practices.

To Improve the App

  • See which features are popular
  • Fix bugs and crashes
  • Plan new features you'll actually use

5. Automated Decision-Making and AI Processing

MoneyCoach uses automated systems to enhance your experience:

AI Transaction Enhancement

  • What it does: Automatically improves transaction descriptions and suggests categories
  • Technology: Firebase Genkit (Google's AI platform)
  • Processing: Essential for core app functionality - cannot be disabled
  • Manual override: You can always edit any AI-generated descriptions or categories

No Significant Automated Decisions

We do not make automated decisions that significantly affect you (like loan approvals, credit scoring, or account restrictions). All financial decisions remain entirely yours.

Your Rights (Art. 22 DSGVO/GDPR):

  • Right to human intervention
  • Right to express your point of view
  • Right to contest any automated decision
  • Right to obtain an explanation

6. Who We Share Data With

We Never Share Your Financial Data

Your banking information, transactions, and budgets are never shared with anyone except:

Service Providers We Work With

We work with carefully selected partners to provide our services. All partners are bound by strict data processing agreements and can only use your data as we instruct them:

For Bank Connections:

  • EU-licensed payment service provider for secure Open Banking connections
  • Your data is processed within the European Union
  • Bank-level security standards

For App Functionality:

  • Cloud services for app analytics and crash reporting
  • AI services to improve transaction descriptions
  • All processing follows European data protection standards

Optional Services:

  • Apple iCloud for device synchronization (only if you enable it)
  • End-to-end encrypted and controlled entirely by you

12. Open Banking: How It Works

The Simple Version

  1. You tap "Connect Bank" in MoneyCoach
  2. We send you to your bank's website
  3. You log in with your normal bank credentials
  4. Your bank asks what data you want to share
  5. You say yes, and data flows securely to MoneyCoach

Your Rights

  • Connect and disconnect anytime - No penalties, no questions
  • Choose which accounts - Connect checking but not savings, your choice
  • Consent expires - After up to 180 days, you'll need to reconnect
  • See everything - All connected accounts shown in app settings

Security

  • Your bank login stays with your bank (we never see it)
  • All data encrypted during transfer
  • Your data processed in secure, certified data centers

8. Data Retention Periods

We only keep your data as long as necessary. Here's exactly how long:

Personal & Financial Data

Data TypeRetention PeriodStorage LocationPurpose
Transaction dataUntil app deletionYour device onlyCore app functionality
Account balancesUntil app deletionYour device onlyCore app functionality
User categoriesUntil app deletionYour device onlyPersonalization
Bank connection tokensUntil disconnectedSecure serversAccount access
iCloud sync dataUntil disabledApple iCloudCross-device sync

Technical Data

Data TypeRetention PeriodPurposeAuto-Deletion
App usage analytics14 monthsService improvement✅ Automatic
Crash reports90 daysBug fixing✅ Automatic
Support emails3 yearsCustomer serviceManual on request
Error logs30 daysTechnical debugging✅ Automatic

AI Processing Data

Data TypeRetention PeriodPurpose
Transaction descriptions sent to AI0 daysImmediate processing only
AI enhancement resultsUntil you modify/deleteTransaction clarity

Your Control:

  • Immediate deletion: Disconnect bank accounts, disable features
  • Complete removal: Delete app + contact us for server data
  • Partial control: Turn off specific features anytime

9. Your Rights Under DSGVO/GDPR

You have comprehensive rights over your personal data:

🔍 Right to Access (Art. 15 DSGVO/GDPR)

What it means: Get a copy of all data we have about you
How to use it: Email us - we'll send a complete data export
Response time: Within 1 month, free of charge
Real example: "Show me all my support emails and any analytics data you have"

✏️ Right to Rectification (Art. 16 DSGVO/GDPR)

What it means: Correct any wrong or incomplete data
How to use it: Tell us what's incorrect
Response time: Fixed within 1 month
Real example: "My support email address is wrong in your system"

🗑️ Right to Erasure (Art. 17 DSGVO/GDPR)

What it means: Delete your data when no longer needed
How to use it: Request deletion via email
Response time: Within 1 month
Real example: "Delete all my support conversations and any server data"

📦 Right to Data Portability (Art. 20 DSGVO/GDPR)

What it means: Take your data to another service
How to use it: Request a structured data export
Format: JSON, CSV, or other machine-readable format
Real example: "I want to move my financial data to another app"

⏸️ Right to Restrict Processing (Art. 18 DSGVO/GDPR)

What it means: Pause data processing while resolving issues
How to use it: Email us with your concern
Real example: "Stop processing my data while we resolve this dispute"

🚫 Right to Object (Art. 21 DSGVO/GDPR)

What it means: Say no to data processing
How to use it: Object via email or app settings
Real example: "I don't want my usage data used for analytics"

🛡️ Rights Related to Automated Decision-Making (Art. 22 DSGVO/GDPR)

What it means: Control over AI/automated systems
How to use it: Manually edit any AI suggestions
Real example: "Change the category AI suggested for this transaction"

To Exercise Your Rights: 📧 Email: privacy@moneycoach.ai
🕰️ Response Time: Within 5 business days (acknowledgment), 1 month (completion)
🌍 Available in: All EU languages

10. Managing Your Consent

You have full control over what data we process and how:

Current Consent Status

Check what you've agreed to anytime in Settings → Privacy → Data Consent:

  • 🟢 Required: Core app functionality (cannot be disabled)
  • 🔵 Optional: Bank connections, AI enhancements, analytics
  • Disabled: Features you've turned off

How to Change Your Mind

Bank Account Connections

  • Enable: Settings → Bank Accounts → Connect New Account
  • Disable: Settings → Bank Accounts → Disconnect (instant)
  • Effect: We immediately stop accessing your accounts

Usage Analytics

  • Enable: Settings → Privacy → Usage Data → Share Data
  • Disable: Settings → Privacy → Usage Data → Don't Share
  • Effect: We stop collecting app usage statistics

iCloud Sync

  • Enable: iOS Settings → [Your Name] → iCloud → MoneyCoach
  • Disable: Same location, toggle off
  • Effect: Data stops syncing between devices

Withdrawal Effects

What happens when you withdraw consent:

Immediate: Processing stops within 24 hours
No penalties: Full app functionality remains
Data cleanup: Related data deleted per retention policy
Re-consent: You can always change your mind later

Consent Records

We keep a record of your consent choices for legal compliance:

  • When you gave consent
  • What you consented to
  • When you withdrew consent (if applicable)
  • Method used (app settings, email, etc.)

11. International Data Transfers

We prioritize keeping your data within the EU:

🇪🇺 EU-Based Processing:

  • Primary data storage: European Union
  • Bank connections: EU-licensed provider (Latvia)
  • Core app functions: Germany/EU infrastructure

🌍 Limited International Transfers: Only for specific technical services with full GDPR protection:

  • AI enhancement services: US providers with Standard Contractual Clauses
  • Analytics services: Global infrastructure with EU data residency options

Your Protection:

  • ✅ Standard Contractual Clauses (Art. 46 GDPR)
  • ✅ Adequacy decisions where available
  • ✅ Additional safeguards for sensitive financial data
  • ✅ Right to object to international transfers

All transfers comply with DSGVO/GDPR requirements.

13. Security Measures

Technical Protection

  • All data encrypted during transfer and storage
  • Multi-factor authentication for our systems
  • Regular security audits
  • Automatic security updates

What You Can Do

  • Keep your phone updated
  • Use strong banking passwords
  • Don't share your MoneyCoach with others
  • Contact us immediately if something seems wrong

14. Cookies and Tracking

In the App

The app uses some analytics tools (Firebase, Adjust) that create device identifiers. You can turn these off in Settings.

On Our Website

We don't use any cookies on our website. It works perfectly without them.

15. Changes to This Policy

We sometimes update this policy when we add new features or when laws change.

If we make important changes that affect how we handle your data, we'll let you know by:

  • Sending you an email (if we have your email address)

For big changes, you'll have at least 30 days to review them before they take effect. If you don't like the changes, you can always delete your account or stop using the new features.

16. Data Protection Officer (DPO)

Our Data Protection Officer is your direct contact for all privacy matters:

📧 Email: privacy@moneycoach.ai
Address: MoneyCoach UG, c/o Volkssolidarität e. V., Alte Schönhauser Straße 16, 10119 Berlin

What our DPO can help you with:

  • Exercise your DSGVO/GDPR rights (access, deletion, correction, etc.)
  • Privacy concerns or complaints
  • Data processing questions
  • Consent management issues
  • Data breach reports

Response times:

  • Initial acknowledgment: Within 72 hours
  • Full response: Within 30 days (as required by DSGVO/GDPR)
  • Urgent matters: Within 24 hours

17. Contact Us

For General Privacy Questions

Email: privacy@moneycoach.ai
Response Time: Within 5 business days

For App Support

Email: support@moneycoach.ai
In-App: Settings → Support

For Regulatory Complaints

If you're not satisfied with our response, you can complain to the German data protection authority:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
📧 Email: poststelle@bfdi.bund.de
🌐 Website: bfdi.bund.de

18. Children's Privacy

MoneyCoach is for users 16 and older. We don't knowingly collect data from younger children. If you think we have, please contact us immediately.

This version: August 2025
Questions? We're here to help at privacy@moneycoach.ai