Back to Gleomento

Privacy Policy

Last updated: February 24, 2026

Money Manager ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and WhatsApp integration (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and a hashed password. We never store your password in plain text.

1.2 Financial Data

To provide the Service, we store financial information you enter or import, including:

  • Transactions (expenses, income, transfers)
  • Bank accounts and balances
  • Budgets, savings goals, and recurring expenses
  • Assets and loans
  • Income sources
  • Uploaded bank statements

All financial data is associated with your user account and protected by Row-Level Security — no other user can access your data.

1.3 WhatsApp Data

If you link your WhatsApp number, we store your verified phone number and process messages you send to our WhatsApp bot. This includes:

  • Text messages (for natural language commands)
  • Images and PDFs (for receipt parsing)

Messages are processed in real time and are not permanently stored beyond what is needed to create transactions. Conversation session data expires after 30 minutes of inactivity.

1.4 AI-Generated Insights

We use AI (OpenAI) to process your messages, parse receipts, and generate financial insights. Your data is sent to OpenAI's API for processing. We do not use your data to train AI models. Refer to OpenAI's Privacy Policy for their data handling practices.

1.5 Automatically Collected Information

We use Vercel Analytics and Speed Insights to collect anonymous, aggregated usage data such as page views, performance metrics, and web vitals. This data does not identify individual users.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process and categorise your financial transactions
  • Generate spending analytics, budgets, and financial insights
  • Send you notifications (budget alerts, goal reminders, weekly digests) via WhatsApp if you opt in
  • Parse receipts and bank statements you upload
  • Respond to your WhatsApp messages with financial information
  • Detect and prevent fraud or abuse

3. Data Storage and Security

Your data is stored in a Supabase-hosted PostgreSQL database with Row-Level Security (RLS) enabled on all tables. This means database queries are scoped to your user account — even in the event of a software bug, one user cannot access another user's data.

Additional security measures include:

  • All data is encrypted in transit (HTTPS/TLS)
  • Passwords are hashed using bcrypt
  • API endpoints are protected with authentication and rate limiting
  • WhatsApp webhook signatures are verified using timing-safe comparison
  • Service role keys are only used server-side and never exposed to the browser

4. Data Sharing

We do not sell, rent, or trade your personal or financial data. We share data only with:

  • Supabase — database hosting and authentication (Privacy Policy)
  • OpenAI — AI processing for chat, receipt parsing, and insights (Privacy Policy)
  • Meta (WhatsApp) — message delivery if you use WhatsApp integration (Privacy Policy)
  • Vercel — application hosting and analytics (Privacy Policy)

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • All personally identifiable information (name, email, phone, memories, notifications) is permanently deleted.
  • Financial records (transactions, budgets, goals) are anonymised — names and descriptions are stripped, but numerical data is retained in de-identified form.
  • You can request a full purge of all data including anonymised records by contacting us.

For full details, see our Data Deletion Policy.

AI-generated memory insights have a built-in confidence decay mechanism — stale insights are automatically reduced in relevance and eventually removed.

6. Your Rights

You have the right to:

  • Access — View all your financial data within the app at any time
  • Export — Export your transactions as CSV from the Settings page
  • Correct — Edit or delete any transaction, budget, goal, or account
  • Delete — Delete your account from Settings. Personal data is permanently removed; financial data is anonymised. See our Data Deletion Policy for details.
  • Full purge — Request complete deletion of all data (including anonymised records) by emailing us
  • Opt out — Disable WhatsApp notifications at any time from Settings or by sending "stop" to the WhatsApp bot

7. Cookies

We use essential cookies only for authentication session management (Supabase Auth cookies). We do not use advertising or tracking cookies.

8. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at: