Privacy Policy

Last updated: May 2026

At GetMoneyPlanner, your privacy is foundational — not an afterthought. This policy explains exactly what data we collect, why we collect it, how we protect it, and what control you have over it. We believe you should be able to manage your finances without sacrificing your privacy.

Contents

1. Information We Collect2. How We Use Your Information3. Data Security4. Data Sharing & Third Parties5. Your Rights & Choices6. Cookies & Local Storage7. Data Retention8. Contact & Updates

Information We Collect

Account Information

When you register, we collect your name, email address, and a securely hashed password. If you sign in via Google or GitHub OAuth, we receive only the basic profile information those providers share (name, email, profile picture).

Financial Data

All transaction records, financial goals, budget settings, and related data you enter are stored securely in your account. This data is used solely to provide you with the GetMoneyPlanner service and is never sold or shared with third parties for marketing.

Device & Session Data

We collect device type, browser name, approximate location (derived from IP address), and session timestamps to power the Active Sessions feature and detect unusual login activity. Raw IP addresses are not stored permanently.

Usage Data

We may collect anonymised, aggregated usage statistics (pages visited, features used) to improve the product. This data cannot be used to identify individual users.

How We Use Your Information

Providing the Service

Your data is used to operate GetMoneyPlanner — displaying your dashboard, syncing transactions with goals, generating reports, and sending notification emails you have opted into.

Security & Fraud Prevention

Session data and login timestamps are used to detect unusual activity and alert you when a new device signs into your account.

Product Improvement

Anonymised analytics help us understand which features are most useful and where we can improve the experience. Individual financial data is never used for this purpose.

Communications

We send transactional emails such as goal achievement notifications, unusual activity alerts, and (if opted in) weekly or monthly financial summaries. We do not send unsolicited marketing emails.

Data Security

Encryption

All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt with a high work factor and are never stored in plain text. Two-factor authentication (TOTP) is available and recommended.

Database Security

Financial data is stored in MongoDB Atlas with access controls, IP allowlisting, and encryption at rest. Database credentials are never exposed in client-side code.

Session Management

Sessions expire automatically after 7 days of inactivity. You can view and revoke any active session from your Profile page at any time.

Data Sharing & Third Parties

We Do Not Sell Your Data

GetMoneyPlanner does not sell, rent, or trade your personal or financial information to any third party, ever.

Service Providers

We use a limited number of trusted third-party services to operate the platform: MongoDB Atlas (database), Vercel (hosting), and email delivery providers. These processors handle data solely on our behalf under strict data processing agreements.

Legal Requirements

We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

Your Rights & Choices

Access & Export

You can export all your personal and financial data at any time from Profile → Security → Export My Data. The export includes your profile, all transactions, and goal history in JSON format.

Correction

You can update your personal information, notification preferences, and privacy settings directly from your Profile page.

Deletion

You can permanently delete your account and all associated data from Profile → Security → Delete Account. Deletion is irreversible and removes all your data from our systems within 30 days.

Notification Preferences

You can opt out of any category of email notification (goal alerts, weekly reports, unusual activity alerts) from Profile → Notifications at any time.

Cookies & Local Storage

Session Cookies

We use secure, HTTP-only cookies to maintain your login session via NextAuth.js. These are strictly necessary for the service to function and cannot be disabled.

Preference Storage

Your UI preferences such as dark/light mode may be stored in your browser's local storage. This data never leaves your device.

No Tracking Cookies

We do not use third-party advertising or tracking cookies. We do not participate in cross-site user tracking.

Data Retention

Active Accounts

We retain your data for as long as your account is active. Session records older than 7 days are automatically expired.

Deleted Accounts

When you delete your account, all personal data, transactions, and goals are permanently removed from our production database within 30 days. Anonymised, aggregated statistics may be retained.

Backups

Encrypted database backups are retained for up to 30 days for disaster recovery. Your data will be purged from backups within this window following account deletion.

Contact & Updates

Questions

If you have any questions about this Privacy Policy or how your data is handled, please contact us through the Contact page or at the email address listed there.

Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice. The 'Last updated' date at the top of this page will always reflect the most recent revision.

Have a question about your data?

Contact UsTerms of Service