Privacy Policy

Effective date: May 4, 2026

1. Introduction

Monra ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance application ("the Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

a) Information you provide directly:

  • Account information: email address, name, and password (stored as a secure hash).
  • Profile information: avatar name, archetype, preferred currency, language preference.
  • Financial data: transaction amounts, categories, dates, notes, wallet balances, and savings goals you manually enter.

b) Information collected automatically:

  • Usage data: pages visited, features used, timestamps of activity.
  • Device information: browser type, operating system, and IP address for security and fraud prevention.
  • Cookies and local storage: used to maintain your session and language preference.

c) Information from third parties:

  • If you sign in using Google OAuth, we receive your name and email address from Google.
  • Payment information is processed by our payment provider — we do not store your card details.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process payments and manage your subscription.
  • Generate your gamification stats (XP, levels, quests, achievements).
  • Generate AI-powered monthly financial summaries (Premium feature) — your data is sent to an AI provider solely for this purpose and is not used to train models.
  • Send transactional emails (account verification, password reset, billing receipts).
  • Detect and prevent fraud and abuse.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

4. Data Sharing

We share your data only with:

  • Supabase — our database and authentication provider, storing your data on servers within the EU.
  • Payment processor — for handling subscription billing. They receive only what is necessary to process your payment.
  • AI provider (Anthropic) — for Premium monthly reports. Only anonymizable financial summary data is sent; no names or account IDs.
  • Email provider (Resend) — for transactional emails.
  • Hosting provider (Vercel) — for serving the application.
  • Product analytics (PostHog) — to understand how features are used and improve the Service. We track usage events (page views, button clicks, feature interactions) tied to your account ID. We do not send your financial data, transaction details, or wallet balances to PostHog.

All third-party providers are contractually required to process your data only as instructed by us and in compliance with applicable data protection laws.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes may be retained for up to 5 years).

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at monrafinances@gmail.com. We will respond within 30 days.

7. Cookies

We use the following cookies and local storage:

  • monra-locale — stores your language preference (EN/BG). Expires after 1 year.
  • Authentication tokens — used to keep you logged in. Expire when you sign out.
  • finquest_daily_refresh — local storage key used to limit daily XP calculations to once per day.

We use PostHog cookies for product analytics (to understand how features are used). These cookies are set by the posthog.com domain and contain a randomly generated identifier tied to your account. We do not use advertising cookies, ad-network tracking, or sell tracking data to third parties.

8. Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, row-level security on our database, and access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date and, where appropriate, sending you an email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us at: monrafinances@gmail.com