May 26, 2026

Privacy Policy

Last Update: May 2026

MoneyCoach UG (haftungsbeschränkt)
c/o Volkssolidarität e. V.
Alte Schönhauser Straße 16
10119 Berlin, Deutschland

Privacy Officer: privacy@moneycoach.ai
Legal Representative: Perjan Duro, Managing Director

🛡️ Our Privacy Promise: We built MoneyCoach because we wanted a financial app that respects privacy. As daily users ourselves, we only collect what's absolutely necessary to make the app work well for you.

What You Should Know

We use MoneyCoach ourselves every day, so we care about privacy just as much as you do. Here's what matters most:

🔒 We never sell your data - Your financial information is never sold to anyone, ever.

📱 Your data stays on your device - Your transactions and budgets are stored locally on your phone.

🏦 You control bank connections - Only you decide which accounts to connect, and you can disconnect anytime.

🤖 AI makes your transactions better - We use Firebase Genkit to categorize transactions automatically and make them clearer.

🔌 Optional AI connections are controlled by you - MoneyCoach MCP is off unless you enable it and connect a compatible third-party client yourself.

☁️ Optional cloud sync - You choose whether to sync via iCloud. It's always encrypted.

✋ Easy to leave - Delete the app, delete your data. No questions asked.

1. Who We Are

MoneyCoach UG is a German company that makes personal finance apps. We're based in Berlin and follow German and European data protection law (DSGVO/GDPR).

When you connect your bank accounts, we work with GoCardless (EU-licensed in Latvia) to securely access your banking data. We also use Firebase to store some data securely and Firebase Genkit to make your transaction descriptions clearer.

2. What Data We Collect

Financial Data Categories

Transaction Information (Stored Locally) We store your financial transactions including amounts, currencies, dates, and merchant names. This includes payment methods you use (cash, card, or transfer), any personal notes you add, and custom categories you create to organize your spending.

Account Information (When Using Open Banking) When you connect bank accounts, we access account names, identifiers like IBAN numbers, current and historical balances, account types (checking, savings, credit), and currency information.

Budgeting & Planning Data Your budgets include the limits and categories you set, savings goals and targets you're working toward, recurring transaction patterns we identify, and spending forecasts to help you plan ahead.

Technical Data Categories

Device & App Information We collect basic technical information like your device model, iOS version, app version, language settings, screen size, device capabilities, and when you installed or updated the app.

Usage Analytics (Optional) If enabled, we track which features you use most often, app performance metrics, how you interact with the interface, and how long and frequently you use the app.

Diagnostic Data When problems occur, we collect crash reports, error logs, performance monitoring data, network connectivity issues, and steps that help us reproduce and fix bugs.

What We Explicitly DON'T Collect

❌ Banking Credentials: Never your passwords or PINs
❌ Investment Details: No portfolio or trading information
❌ Location Data: No GPS tracking or location services
❌ Contacts: No access to your address book
❌ Photos: No image or document scanning

Data Collection Control:
You can disable analytics anytime in Settings → Privacy → Usage Data.

3. Legal Basis for Processing Your Data (DSGVO/GDPR)

Under Art. 6 Abs. 1 DSGVO/GDPR, we process your personal data based on these legal grounds:

Contract Performance (Art. 6 Abs. 1 lit. b DSGVO/GDPR)

Purpose: Providing core app functionality, showing transactions and balances
Data: Financial transactions, account balances, user-created categories
Why necessary: Essential for delivering the personal finance management service you requested

Legitimate Interest (Art. 6 Abs. 1 lit. f DSGVO/GDPR)

Purpose: App improvement, analytics, crash reporting, customer support
Data: Usage statistics, crash logs, device information
Our interest: Maintaining and improving our service
Your rights: You can object to this processing at any time

Purpose: Bank account connections via Open Banking, AI transaction enhancement, optional AI Connections and MCP access
Data: Banking data, transaction descriptions sent to AI, and read-only local MoneyCoach data requested by MCP clients you choose to connect
Your control: Withdrawable at any time in app settings

4. How We Use Your Data

To Make MoneyCoach Work

Show your transactions and balances
Sync across your devices (if you enable iCloud)
Provide customer support when you need help

To Make It Better With AI

We send your transaction descriptions to Firebase Genkit to make them clearer. For example:

"AMZN MKTP DE" becomes "Amazon"
Auto-categorizes as "Shopping"

Important: This processing only happens to improve your transaction descriptions. Your data follows Firebase's standard privacy practices.

To Improve the App

See which features are popular
Fix bugs and crashes
Plan new features you'll actually use

5. Automated Decision-Making and AI Processing

MoneyCoach uses automated systems to enhance your experience:

AI Transaction Enhancement

What it does: Automatically improves transaction descriptions and suggests categories
Technology: Firebase Genkit (Google's AI platform)
Processing: Essential for core app functionality - cannot be disabled
Manual override: You can always edit any AI-generated descriptions or categories

No Significant Automated Decisions

We do not make automated decisions that significantly affect you (like loan approvals, credit scoring, or account restrictions). All financial decisions remain entirely yours.

Your Rights (Art. 22 DSGVO/GDPR):

Right to human intervention
Right to express your point of view
Right to contest any automated decision
Right to obtain an explanation

6. Local MCP Server and AI Client Access

MoneyCoach may offer an optional local Model Context Protocol ("MCP") server that allows compatible AI clients selected by you to request access to certain MoneyCoach data on your device.

The MCP server is disabled by default. It is only activated when you enable Allow AI Connections in MoneyCoach. You can disable it at any time.

Data Your AI Client May Access

Depending on the permissions you grant, the MCP server may allow your AI client to access selected MoneyCoach data such as:

Account names and balances
Transactions, categories, payees, merchants, descriptions, dates, and amounts
Budgets, goals, reports, active subscriptions, bills, and related financial metadata

MoneyCoach does not send this MCP data to our servers as part of the local MCP feature. The data is made available locally to the AI client you connect. We do not use data accessed through the local MCP server to train AI models.

Third-Party AI Clients and Model Providers

When you connect MoneyCoach's local MCP server to a third-party AI client, that client may receive the MoneyCoach data you permit it to access. If the client uses a cloud-based model provider, the permitted data may be transmitted outside your device by that client.

MoneyCoach does not control how third-party AI clients, model providers, or connected tools process, store, secure, train on, or use data they receive. Their own terms, privacy policies, account settings, logging, retention practices, security measures, training practices, and outputs apply.

Where you independently choose a third-party AI or MCP client, that client is not a MoneyCoach subprocessor for the MCP feature. It is a recipient selected by you and may act as its own controller or service provider under its own terms.

Your Controls

You are responsible for choosing which AI client to connect and for reviewing the permissions you grant. Do not connect MoneyCoach to AI clients or model providers unless you understand that permitted MoneyCoach data may be accessed by that client and, depending on the client, may leave your device.

The Connect AI & MCP settings screen includes the main Allow AI Connections toggle plus privacy controls for sharing payee and merchant names and transaction descriptions. If you hide those details, a connected client can still request other permitted data such as balances, amounts, dates, categories, budgets, goals, reports, and financial metadata.

You may revoke MCP access at any time by disabling the MCP server, turning off Allow AI Connections, or removing the connected client or token.

MCP Security Boundaries

The local MCP feature is designed to launch with read-only access. It does not create transactions, edit or delete MoneyCoach data, trigger sync, perform payments or bank transfers, or expose a MoneyCoach-hosted remote MCP server. If these boundaries change in the future, we will update this policy and the product controls.

We do not sell your financial data. Your banking information, transactions, and budgets are shared only when needed for services you enable or with recipients you choose, including:

Service Providers We Work With

We work with carefully selected partners to provide our services. All partners are bound by strict data processing agreements and can only use your data as we instruct them:

For Bank Connections:

EU-licensed payment service provider for secure Open Banking connections
Your data is processed within the European Union
Bank-level security standards

For App Functionality:

Cloud services for app analytics and crash reporting
AI services to improve transaction descriptions
All processing follows European data protection standards

Optional Services:

Apple iCloud for device synchronization (only if you enable it)
End-to-end encrypted and controlled entirely by you
Third-party AI or MCP clients that you independently choose, configure, and connect through optional AI Connections

8. Open Banking: How It Works

The Simple Version

You tap "Connect Bank" in MoneyCoach
We send you to your bank's website
You log in with your normal bank credentials
Your bank asks what data you want to share
You say yes, and data flows securely to MoneyCoach

Your Rights

Connect and disconnect anytime - No penalties, no questions
Choose which accounts - Connect checking but not savings, your choice
Consent expires - After up to 180 days, you'll need to reconnect
See everything - All connected accounts shown in app settings

Security

Your bank login stays with your bank (we never see it)
All data encrypted during transfer
Your data processed in secure, certified data centers

9. Data Retention Periods

We only keep your data as long as necessary. Here's exactly how long:

Personal & Financial Data

Data Type	Retention Period	Storage Location	Purpose
Transaction data	Until app deletion	Your device only	Core app functionality
Account balances	Until app deletion	Your device only	Core app functionality
User categories	Until app deletion	Your device only	Personalization
Bank connection tokens	Until disconnected	Secure servers	Account access
iCloud sync data	Until disabled	Apple iCloud	Cross-device sync

Technical Data

Data Type	Retention Period	Purpose	Auto-Deletion
App usage analytics	14 months	Service improvement	✅ Automatic
Crash reports	90 days	Bug fixing	✅ Automatic
Support emails	3 years	Customer service	Manual on request
Error logs	30 days	Technical debugging	✅ Automatic

AI Processing Data

Data Type	Retention Period	Purpose
Transaction descriptions sent to AI	0 days	Immediate processing only
AI enhancement results	Until you modify/delete	Transaction clarity

Your Control:

Immediate deletion: Disconnect bank accounts, disable features
Complete removal: Delete app + contact us for server data
Partial control: Turn off specific features anytime

10. Your Rights Under DSGVO/GDPR

You have comprehensive rights over your personal data:

🔍 Right to Access (Art. 15 DSGVO/GDPR)

What it means: Get a copy of all data we have about you
How to use it: Email us - we'll send a complete data export
Response time: Within 1 month, free of charge
Real example: "Show me all my support emails and any analytics data you have"

✏️ Right to Rectification (Art. 16 DSGVO/GDPR)

What it means: Correct any wrong or incomplete data
How to use it: Tell us what's incorrect
Response time: Fixed within 1 month
Real example: "My support email address is wrong in your system"

🗑️ Right to Erasure (Art. 17 DSGVO/GDPR)

What it means: Delete your data when no longer needed
How to use it: Request deletion via email
Response time: Within 1 month
Real example: "Delete all my support conversations and any server data"

📦 Right to Data Portability (Art. 20 DSGVO/GDPR)

What it means: Take your data to another service
How to use it: Request a structured data export
Format: JSON, CSV, or other machine-readable format
Real example: "I want to move my financial data to another app"

⏸️ Right to Restrict Processing (Art. 18 DSGVO/GDPR)

What it means: Pause data processing while resolving issues
How to use it: Email us with your concern
Real example: "Stop processing my data while we resolve this dispute"

🚫 Right to Object (Art. 21 DSGVO/GDPR)

What it means: Say no to data processing
How to use it: Object via email or app settings
Real example: "I don't want my usage data used for analytics"

What it means: Control over AI/automated systems
How to use it: Manually edit any AI suggestions
Real example: "Change the category AI suggested for this transaction"

To Exercise Your Rights: 📧 Email: privacy@moneycoach.ai
🕰️ Response Time: Within 5 business days (acknowledgment), 1 month (completion)
🌍 Available in: All EU languages

You have full control over what data we process and how:

Check what you've agreed to anytime in Settings → Privacy → Data Consent:

🟢 Required: Core app functionality (cannot be disabled)
🔵 Optional: Bank connections, AI enhancements, analytics
⚪ Disabled: Features you've turned off

How to Change Your Mind

Bank Account Connections

Enable: Settings → Bank Accounts → Connect New Account
Disable: Settings → Bank Accounts → Disconnect (instant)
Effect: We immediately stop accessing your accounts

Usage Analytics

Enable: Settings → Privacy → Usage Data → Share Data
Disable: Settings → Privacy → Usage Data → Don't Share
Effect: We stop collecting app usage statistics

iCloud Sync

Enable: iOS Settings → [Your Name] → iCloud → MoneyCoach
Disable: Same location, toggle off
Effect: Data stops syncing between devices

AI Connections and MCP

Enable: MoneyCoach for Mac → Settings → Connect AI & MCP → Allow AI Connections
Disable: Turn off Allow AI Connections and remove the MoneyCoach MCP config from any third-party client you connected
Effect: The local MCP helper stops making MoneyCoach data available to compatible clients

Withdrawal Effects

What happens when you withdraw consent:

✅ Immediate: Processing stops within 24 hours
✅ No penalties: Full app functionality remains
✅ Data cleanup: Related data deleted per retention policy
✅ Re-consent: You can always change your mind later

We keep a record of your consent choices for legal compliance:

When you gave consent
What you consented to
When you withdrew consent (if applicable)
Method used (app settings, email, etc.)

12. International Data Transfers

We prioritize keeping your data within the EU:

🇪🇺 EU-Based Processing:

Primary data storage: European Union
Bank connections: EU-licensed provider (Latvia)
Core app functions: Germany/EU infrastructure

🌍 Limited International Transfers: Only for specific technical services with full GDPR protection:

AI enhancement services: US providers with Standard Contractual Clauses
Analytics services: Global infrastructure with EU data residency options

Your Protection:

✅ Standard Contractual Clauses (Art. 46 GDPR)
✅ Adequacy decisions where available
✅ Additional safeguards for sensitive financial data
✅ Right to object to international transfers

All transfers comply with DSGVO/GDPR requirements.

13. Security Measures

Technical Protection

All data encrypted during transfer and storage
Multi-factor authentication for our systems
Regular security audits
Automatic security updates

What You Can Do

Keep your phone updated
Use strong banking passwords
Don't share your MoneyCoach with others
Contact us immediately if something seems wrong

14. Cookies and Tracking

In the App

The app uses some analytics tools (Firebase, Adjust) that create device identifiers. You can turn these off in Settings.

On Our Website

We don't use any cookies on our website. It works perfectly without them.

15. Changes to This Policy

We sometimes update this policy when we add new features or when laws change.

If we make important changes that affect how we handle your data, we'll let you know by:

Sending you an email (if we have your email address)

For big changes, you'll have at least 30 days to review them before they take effect. If you don't like the changes, you can always delete your account or stop using the new features.

16. Data Protection Officer (DPO)

Our Data Protection Officer is your direct contact for all privacy matters:

📧 Email: privacy@moneycoach.ai
Address: MoneyCoach UG, c/o Volkssolidarität e. V., Alte Schönhauser Straße 16, 10119 Berlin

What our DPO can help you with:

Exercise your DSGVO/GDPR rights (access, deletion, correction, etc.)
Privacy concerns or complaints
Data processing questions
Consent management issues
Data breach reports

Response times:

Initial acknowledgment: Within 72 hours
Full response: Within 30 days (as required by DSGVO/GDPR)
Urgent matters: Within 24 hours

17. Contact Us

For General Privacy Questions

Email: privacy@moneycoach.ai
Response Time: Within 5 business days

For App Support

Email: support@moneycoach.ai
In-App: Settings → Support

For Regulatory Complaints

If you're not satisfied with our response, you can complain to the German data protection authority:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
📧 Email: poststelle@bfdi.bund.de
🌐 Website: bfdi.bund.de

18. Children's Privacy

MoneyCoach is for users 16 and older. We don't knowingly collect data from younger children. If you think we have, please contact us immediately.

This version: May 2026
Questions? We're here to help at privacy@moneycoach.ai