Privacy Policy

MoneyMetrics360 ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our expense tracking platform ("the Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (stored only as a bcrypt hash — we never store plaintext passwords)

1.2 Google OAuth Data

If you sign in or link your account with Google, we receive:

• Google account ID
• Profile name
• Profile image URL

We do not access your Google contacts, calendar, Drive, or any other Google services beyond basic profile information required for authentication.

1.3 Financial Data

As you use the Service, we store the financial data you provide, including:

• Expense records (amount, category, date, description, and optional merchant name)
• Custom and system-defined spending categories (with emoji icons and colors)
• Monthly budgets and per-category budget breakdowns
• Income records (amount, source, date, and description)

1.4 Social and Family Data

If you use family or group features, we collect:

• Family group memberships
• Expense group memberships and split expense details (amounts, split type, participants)
• Email addresses of users you invite to family groups

1.5 Technical Data

To provide cross-device functionality, we may store:

• Mobile sync keys (for web-to-mobile synchronization)
• Data source identifiers (whether an entry originated from web, mobile, or CSV import)
• Sync fingerprints (to prevent duplicate entries during synchronization)

2. How We Use Your Information

We use the information we collect to:

• Create and maintain your account
• Authenticate your identity and manage sessions
• Store and display your expenses, budgets, income, and categories
• Generate visual reports, analytics, and spending breakdowns
• Enable CSV import and export of your financial data
• Facilitate family group management and shared expense visibility
• Process group expense splitting among participants
• Synchronize your data between web and mobile applications
• Send invitations to users you add to family groups

3. Authentication and Cookies

We use NextAuth.js with a JSON Web Token (JWT) strategy to manage your sessions. When you log in, a secure session cookie is set in your browser to keep you authenticated. This cookie:

• Is essential for the Service to function and cannot be disabled
• Contains an encrypted session token — not your password or raw personal data
• Is automatically removed when you sign out or when it expires

We do not use advertising cookies, tracking pixels, or third-party analytics services. The only cookie set by the Service is the authentication session cookie.

4. Data Storage and Security

We take the security of your data seriously and implement the following measures:

• All data is stored in a secure MongoDB database
• Passwords are hashed using the bcrypt algorithm before storage
• All data transmitted between your browser and our servers is encrypted via HTTPS
• Authentication tokens are cryptographically signed and have expiration times
• Google OAuth credentials are stored securely on the server and never exposed to the client

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially acceptable means to protect your data.

5. Third-Party Services

The Service integrates with the following third-party services:

• Google OAuth — Used for account authentication and linking. Subject to Google's Privacy Policy

We do not integrate with any advertising networks, social media tracking tools, or third-party analytics platforms. We do not share your data with any third parties for marketing purposes.

6. Data Sharing

We do not sell, rent, or trade your personal or financial data. Your data may be visible to others only in the following limited circumstances:

• Family groups — Members of your family group can view shared expense data within that group
• Expense groups — Participants in a group can view split expense details for that group
• Legal requirements — We may disclose your information if required by law, court order, or governmental authority

7. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide the Service to you. You may request deletion of your account and all associated data at any time by contacting us. Upon receiving a deletion request, we will:

• Permanently delete your account information
• Remove all expense records, budgets, income entries, and categories
• Remove your membership from any family or expense groups
• Complete the deletion process within 30 days of the request

8. Your Rights

You have the right to:

• Access — View all personal and financial data stored in your account
• Correction — Update or correct inaccurate data through the Service
• Export — Download your expense data in CSV format at any time
• Deletion — Request complete deletion of your account and data
• Withdraw consent — Stop using the Service and request account closure

To exercise any of these rights, you may use the relevant features within the Service or contact us directly.

9. Children's Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the "Effective Date" at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at care.moneymetrics360@gmail.com.