Privacy policy.

This page describes what data we process, on what legal basis, and what your rights are. Without legal jargon where it is not needed.

Last updated: May 10, 2026

The Monetoir promise

In short

·No data selling — not today, not ever.
·No Google Analytics, no Facebook Pixel, no tracking cookies.
·No bank connection — you stay in control.
·Hosted on Dutch soil (Amsterdam, EU).
·Passwords are encrypted — unreadable, even to the administrator.

Who is responsible

Monetoir is operated as a sole proprietorship. The data controller under the GDPR (General Data Protection Regulation) is:

Company name: Monetoir (sole proprietorship)
Chamber of Commerce number: 88310175
Contact: [email protected]
رقم ضريبة القيمة المضافة: NL004580462B42
Place of business: The Netherlands

Purpose and legal basis

Monetoir processes personal data solely to provide the service: a personal financial overview. The legal basis is GDPR Article 6(1)(b) — performance of the contract that arises when you create an account and use the service. For the AI feature we process your question and a limited dataset to answer it. Same legal basis. No automated decision-making with legal effects takes place.

What data we collect

Monetoir collects only data needed to operate the app. We distinguish two categories:

Account data (via Clerk)

Your email address — for sign-in and account recovery
Your password — encrypted at Clerk, not readable by us
Optional: first and last name if you provide them
Which beta code you used and when you activated your account

App data (on our server)

Your income — amounts, names, frequency (monthly, specific months)
Your fixed expenses — names, amounts, end dates, categories
Your variable expenses per month
Your savings goals (envelopes) with balances and target amounts
Any custom categories you've created
Contract and subscription end dates — used solely to calculate budget forecasts and inform you of upcoming financial freedom

Sub-processors

Monetoir uses a number of external services. Data processing agreements are in place with all of these parties in compliance with GDPR.

For sub-processors outside the EU (Clerk, Cloudflare), we apply the highest privacy standards: Standard Contractual Clauses (SCCs), data minimisation, and EU-region routing where possible. We share only the strictly necessary data to deliver the service.

Clerk

Doel: Authentication and account management

Locatie: United States (San Francisco) — GDPR-compliant via Standard Contractual Clauses

Data: Email address, password (hashed), optionally name

DigitalOcean

Doel: Server hosting (VPS)

Locatie: Amsterdam datacenter, the Netherlands

Data: All Monetoir application data (encrypted storage)

Cloudflare

Doel: DNS, SSL and DDoS protection

Locatie: Global CDN — EU zone where possible

Data: Visitor IP addresses (briefly logged for security)

Anthropic (Claude AI)

Doel: AI assistant for the 'Ask Monetoir' feature. Only active when you ask a question.

Locatie: United States — Standard Contractual Clauses (SCCs)

Data: An anonymised snapshot of your financial data (amounts, names of income and expenses, envelopes) plus your question. No email, no name, no account number, no Clerk userId.

Your rights under the GDPR

Under the General Data Protection Regulation, you have a number of rights regarding your personal data:

Right of access: You may request which data we process about you
Right to rectification: You may have incorrect data corrected
Right to erasure: You may have all personal data erased ('the right to be forgotten'). Erasure is performed within 30 days.
Right to data portability: You may obtain your data in a common format (JSON or CSV) to take with you
Right to object: You may object to specific processing of your data

Send an email to [email protected] to exercise any of these rights. We respond within 30 days, in compliance with GDPR.

How long we keep data

Account data and app data are retained as long as you have an active account. Upon account deletion, all personal data is removed from our active systems within 30 days. Backups are permanently deleted within 90 days after account deletion. Anonymized, aggregated data (e.g. 'number of active users per month') may be retained longer for statistical purposes, but is no longer traceable to individuals.

Monetoir uses minimal, functional cookies. There are two types:

Clerk session cookies — only active when you're signed in, to remember your session
NEXT_LOCALE — remembers your chosen language, also for logged-out visitors

No tracking cookies, no advertising cookies, no analytics cookies. Consent for strictly necessary cookies is not legally required; we deliberately use no cookies that would require it.

Data breach procedure

In case of a data breach that poses a high risk to your rights and freedoms, we report it to the Dutch Data Protection Authority within 72 hours. You will be personally informed via your registered email address with information about what happened, which data is affected, and what measures we are taking.

Contact

Questions, complaints or requests about your data? Send an email.

Email: [email protected]

You always have the right to file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.

What we explicitly don't do

For clarity — Monetoir does not do the following, and never will:

·No Google Analytics, Facebook Pixel or other tracking tools
·No advertisements — not today, not ever
·No selling or sharing of your data with third parties for commercial purposes
·No linking to bank accounts or automatic import of transactions
·No profiling or automated decision-making based on your data

Changes to this policy

This privacy policy may be updated if legal requirements or our services change. Significant changes will be communicated via email to registered users at least 7 days before taking effect. The version date at the top of the page indicates when it was last updated.