Your money, your data.

Monetoir is built on one principle: your financial data belongs to you. On this page you'll find what data we process, where it's stored, how it's secured, and what your rights are. Honest, without unnecessary legal jargon.

Last updated: May 8, 2026

The Monetoir promise

In short

No data selling — not today, not ever.
No Google Analytics, no Facebook Pixel, no tracking cookies.
No bank connection — you stay in control.
Hosted on Dutch soil (Amsterdam, EU).
Passwords are encrypted — unreadable, even to the administrator.

Who is responsible

Monetoir is operated as a sole proprietorship. The data controller under the GDPR (General Data Protection Regulation) is:

Company name: Monetoir (sole proprietorship)
Chamber of Commerce number: 88310175
Contact: [email protected]
Place of business: The Netherlands

What data we collect

Monetoir collects only data needed to operate the app. We distinguish two categories:

Account data (via Clerk)

Your email address — for sign-in and account recovery
Your password — encrypted at Clerk, not readable by us
Optional: first and last name if you provide them
Which beta code you used and when you activated your account

App data (on our server)

Your income — amounts, names, frequency (monthly, specific months)
Your fixed expenses — names, amounts, end dates, categories
Your variable expenses per month
Your savings goals (envelopes) with balances and target amounts
Any custom categories you've created
Contract and subscription end dates — used solely to calculate budget forecasts and inform you of upcoming financial freedom

What we don't collect

We don't link to your bank, so we never see real transactions from your account. We don't track your behavior (no Google Analytics, no Facebook Pixel). We don't collect location data, device data beyond what's technically needed to render the site, and no external identification data.

Where your data is stored

Monetoir runs on a Virtual Private Server (VPS) at DigitalOcean in Amsterdam, the Netherlands. The architecture is as follows:

DigitalOcean datacenter Amsterdam
└── Monetoir VPS
    ├── nginx (HTTPS web server)
    ├── Docker network (isolated)
    │   ├── monetoir-app  (Next.js webapp)
    │   └── monetoir-db   (PostgreSQL database)
    │       └── your data (encrypted disk)

The webapp and database run as separate Docker containers on the same physical machine. The database is only reachable through an internal Docker network — not from the internet. Disk storage is encrypted using DigitalOcean's standard encryption-at-rest. Backups are made locally on the same encrypted disk and retained for up to 30 days.

How we secure your data

Security is layered in six consecutive levels. For someone to reach data, they would have to get through all of these layers:

1
Datacenter security
DigitalOcean's Amsterdam datacenter is physically secured with biometric access and 24/7 surveillance. The datacenter is ISO 27001 and SOC 2 certified.
2
Server access
The VPS is only accessible via SSH with cryptographic keys. Password login is disabled. SSH runs on a non-standard port (2222) to limit automated scans.
3
Firewall (UFW)
Only ports 80 (HTTP redirect), 443 (HTTPS) and 2222 (SSH) are open. All other ports — including the database port — are closed to the external internet.
4
Docker isolation
The database runs in an isolated Docker container with its own network. Only the webapp container can communicate with it — other processes on the server cannot access it.
5
Database authentication
PostgreSQL requires its own password, generated and not human-guessable. Connections are limited to internal Docker network addresses.
6
Disk encryption
The VPS's physical disk is encrypted at the disk level. On decommissioning or disk replacement, data remains unreadable without DigitalOcean's key.

Who has access to your data

Honest answer: I (the founder of Monetoir) am the only person with administrative access to the server. As is the case with any SaaS provider. I can technically look in the database if I wanted to.

What I do in practice: I don't actively look at user data unless someone specifically asks me for help with a bug. In such cases, it becomes a mutual agreement with explicit consent.

All administrative access to the production server is logged and strictly limited to necessary maintenance (backups, security updates, incident response). Passwords are encrypted with bcrypt — never readable, not even to the administrator.

I'm working on end-to-end encryption where data is encrypted locally in your browser before being sent. With that, even I would no longer have access to amounts and names. This is a planned feature for after public launch.

What we explicitly don't do

For clarity — Monetoir does not do the following, and never will:

✓No Google Analytics, Facebook Pixel or other tracking tools
✓No advertisements — not today, not ever
✓No selling or sharing of your data with third parties for commercial purposes
✓No linking to bank accounts or automatic import of transactions
✓No profiling or automated decision-making based on your data

Demo mode — the most private option

When you use the app without an account (via 'Try without account' on the welcome page), your data is stored exclusively in your browser via localStorage. Not a single byte goes to our server. Close your browser or clear your history: data gone.

For those who want absolute certainty: this is literally the most private NL-budget-app experience available. No other Dutch budget app offers this option.

Sub-processors

Monetoir uses a number of external services. Data processing agreements are in place with all of these parties in compliance with GDPR.

For sub-processors outside the EU (Clerk, Cloudflare), we apply the highest privacy standards: Standard Contractual Clauses (SCCs), data minimisation, and EU-region routing where possible. We share only the strictly necessary data to deliver the service.

Clerk

Doel: Authentication and account management

Locatie: United States (San Francisco) — GDPR-compliant via Standard Contractual Clauses

Data: Email address, password (hashed), optionally name

DigitalOcean

Doel: Server hosting (VPS)

Locatie: Amsterdam datacenter, the Netherlands

Data: All Monetoir application data (encrypted storage)

Cloudflare

Doel: DNS, SSL and DDoS protection

Locatie: Global CDN — EU zone where possible

Data: Visitor IP addresses (briefly logged for security)

Mollie

Doel: Subscription payment processing

Locatie: Amsterdam, the Netherlands

Data: Name, email, payment data (only for paying users)

Anthropic (Claude AI)

Doel: AI assistant for the 'Ask Monetoir' feature. Only active when you ask a question.

Locatie: United States — Standard Contractual Clauses (SCCs)

Data: An anonymised snapshot of your financial data (amounts, names of income and expenses, envelopes) plus your question. No email, no name, no account number, no Clerk userId.

Your rights under the GDPR

Under the General Data Protection Regulation, you have a number of rights regarding your personal data:

Right of access: You may request which data we process about you
Right to rectification: You may have incorrect data corrected
Right to erasure: You may have all personal data erased ('the right to be forgotten'). Erasure is performed within 30 days.
Right to data portability: You may obtain your data in a common format (JSON or CSV) to take with you
Right to object: You may object to specific processing of your data

When you request deletion, your access is blocked immediately and your data is marked for destruction. Within 30 days everything is physically overwritten on our servers — both database and backups.

Send an email to [email protected] to exercise any of these rights. We respond within 30 days, in compliance with GDPR.

How long we keep data

Account data and app data are retained as long as you have an active account. Upon account deletion, all personal data is removed from our active systems within 30 days. Backups are permanently deleted within 90 days after account deletion. Anonymized, aggregated data (e.g. 'number of active users per month') may be retained longer for statistical purposes, but is no longer traceable to individuals.

Monetoir uses minimal, functional cookies. There are two types:

Clerk session cookies — only active when you're signed in, to remember your session
NEXT_LOCALE — remembers your chosen language, also for logged-out visitors

No tracking cookies, no advertising cookies, no analytics cookies. Consent for strictly necessary cookies is not legally required; we deliberately use no cookies that would require it.

Local storage in your browser

In addition to cookies, Monetoir uses localStorage in your browser to keep your experience smooth. This data stays exclusively on your device:

moneto_v2 — Contains your demo budget so it persists between sessions (demo mode only, no real user data)
moneto_demo_v1 — Marks that you're using demo mode
moneto.customCategories.v1 — Custom categories you created in demo mode
moneto-install-dismissed — Remembers whether you dismissed the 'install as app' prompt

Important: this data stays exclusively in your own browser — our servers see none of it. You can clear this data through your browser settings, or via 'Clear site data' in the URL bar.

Data breach procedure

In case of a data breach that poses a high risk to your rights and freedoms, we report it to the Dutch Data Protection Authority within 72 hours. You will be personally informed via your registered email address with information about what happened, which data is affected, and what measures we are taking.

Contact

Questions, complaints or requests about your data? Send an email.

Email: [email protected]

You always have the right to file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.

Changes to this policy

This privacy policy may be updated if legal requirements or our services change. Significant changes will be communicated via email to registered users at least 14 days before taking effect. The version date at the top of the page indicates when it was last updated.