HouseMunny LogoHouseMunnyBETA

Privacy Policy

Last Updated: May 2025

This Privacy Policy describes how HouseMunny ("we", "us", or "our") collects, uses, and shares your personal information when you use our services, website, and applications (collectively, the "Services").

1. Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Register for our Services
  • Sign in using Google authentication
  • Update your user profile
  • Subscribe to our service
  • Contact our customer support

This information may include:

  • Name
  • Email address
  • Profile photo (when provided through Google authentication)
  • Google ID (when using Google authentication)

Financial Information

Our Services allow you to track and manage your personal finances. We collect and process financial information that you input or import, including:

  • Transaction data (date, description, amount, type)
  • Account information
  • Budget data
  • Categories and notes related to your financial activities

Note: We do not store your actual bank credentials, account numbers, or credit card information.

Automatically Collected Information

When you use our Services, we automatically collect certain information about your device and usage, including:

  • IP address
  • Device information
  • Browser type and version
  • Usage data and interaction with our Services
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use your personal information for the following purposes:

  • To provide and maintain our Services
  • To authenticate your identity and manage your account
  • To process and fulfill your subscription
  • To respond to your inquiries and provide customer support
  • To send you service-related emails and notifications
  • To improve our Services and develop new features
  • To prevent fraud and enhance security
  • To comply with legal obligations

AI-Powered Features

We use OpenAI's API to help automatically categorize transactions imported from your connected bank accounts (via Plaid) for your convenience. This feature:

  • Only applies to transactions imported from connected financial institutions
  • Only processes non-sensitive text data such as transaction labels
  • Does not receive any personal information, transaction amounts, financial data, or identifiable user information
  • Automatically assigns imported transactions to your existing categories to save you time
  • Allows you to review and change any categorization at any time
  • Is not used for profiling, automated decision-making, or any decisions with legal effects

Manually added transactions are not processed through AI and remain completely private. You maintain complete control over your transaction categories and can modify any AI-assigned categorization as needed.

3. Legal Basis for Processing (GDPR)

If you are a resident of the European Economic Area (EEA), we process your personal information under the following legal bases:

  • Performance of a contract: Processing necessary to provide the Services you have requested
  • Legitimate interests: Improving our Services, security, and fraud prevention
  • Consent: Where you have explicitly given consent, which you can withdraw at any time
  • Legal obligation: Compliance with laws and regulations

4. Data Sharing and Disclosure

We may share your personal information with:

  • Service providers: Third-party companies that perform services on our behalf, such as hosting, payment processing, and customer support
  • Legal requirements: To comply with applicable Portuguese and EU laws, regulations, legal processes, or enforceable governmental requests
  • Business transfers: In the unlikely event of a sale, merger, or transfer of all or a portion of the Services

Third-Party Services and Subprocessors: We use trusted third-party services to help operate HouseMunny. These include Stripe for payments, Vercel for infrastructure, Google Cloud for database, and OpenAI for AI-powered transaction categorization suggestions. All subprocessors are required to comply with data protection standards equivalent to GDPR.

We do not sell your personal information to third parties.

Payment Processing: HouseMunny uses Stripe as a third-party payment processor for subscription payments. When you provide payment information, it is directly submitted to Stripe and not stored on our servers. Your use of Stripe's services is subject to their respective privacy policy and terms of service.

5. Data Retention

We retain your personal information for as long as necessary to provide you with our Services and as needed to comply with our legal obligations. When you delete your account, we will delete or anonymize your personal information, unless we need to retain certain information for legitimate business or legal purposes.

You may also request full data deletion at any time by contacting guilherme@housemunny.com. We will respond within 7 days unless we are legally required to retain some information.

We maintain a defined and enforced data retention and deletion policy, which is reviewed periodically to ensure compliance with applicable data privacy laws.

6. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: The right to request copies of your personal information
  • Rectification: The right to request that we correct inaccurate information
  • Erasure: The right to request that we delete your personal information
  • Restriction: The right to request that we restrict the processing of your information
  • Data portability: The right to request that we transfer your information to another organization
  • Objection: The right to object to our processing of your personal information
  • Withdraw consent: The right to withdraw consent where we rely on consent to process your information

You may also request a copy of your data by emailing me with the subject line "Data Export Request".

To exercise these rights, please contact me at guilherme@housemunny.com.

7. International Data Transfers

We may transfer your personal information to countries other than the one in which you live. We ensure that adequate safeguards are in place to protect your information when transferred internationally, including through the use of standard contractual clauses approved by the European Commission or other appropriate safeguards.

8. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. Cookies and Tracking Technologies

We use a minimal set of cookies to provide essential functionality for our Services. Here's what we use and why:

Essential Cookies

We use cookies solely for authentication and session management purposes, including:

  • Authentication cookies: To keep you logged in and verify your identity
  • Session cookies: To maintain your session state while using our Services
  • Security cookies: To protect against cross-site request forgery (CSRF) attacks

What We Don't Use

We do not use:

  • Advertising or marketing cookies
  • Third-party tracking cookies
  • Analytics cookies that track your behavior across websites
  • Social media tracking pixels

Cookie Control

You can control cookies through your browser settings. However, disabling essential cookies will prevent you from logging in and using our Services. Since we only use cookies necessary for the basic functionality of our application, we recommend keeping them enabled for the best experience.

10. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect about you
  • The right to delete personal information we collected from you
  • The right to opt out of the sale or sharing of your personal information
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at guilherme@housemunny.com.

11. Data Encryption and Security

We implement comprehensive encryption and security measures to protect your personal and financial information:

Encryption at Rest

All sensitive personal and financial data stored in our database is encrypted using industry-standard AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) encryption. This includes:

  • Personal information (name, email address, profile photos)
  • Authentication data (Google IDs, TOTP secrets)
  • Financial account information (account names, bank names, account numbers)
  • Transaction data from connected financial institutions
  • Category names and descriptions
  • Third-party service tokens and identifiers

Encryption in Transit

All data transmitted between your device and our servers is protected using TLS (Transport Layer Security) encryption to prevent interception during transmission.

Key Management

Encryption keys are securely managed and stored separately from encrypted data. Access to encryption keys is strictly limited to essential system operations.

Additional Security Measures

Beyond encryption, we implement additional security measures including:

  • Secure authentication using industry-standard protocols
  • Regular security audits and monitoring
  • Access controls and permission management
  • Secure infrastructure provided by trusted cloud providers

While we implement robust security measures including industry-standard encryption protocols, no method of transmission over the Internet or electronic storage is 100% secure. We continuously monitor and update our security practices to maintain the highest level of protection for your data.

12. Backup & Recovery

We regularly back up encrypted data to ensure service continuity and data resilience in case of system failure. These backups are subject to the same encryption and access control policies as our primary data storage. Backup data is stored securely and is only accessible by authorized personnel for recovery purposes.

13. Anonymized Analytics

We may collect anonymized usage data to improve app performance, stability, and user experience. This data includes general usage patterns and technical performance metrics but is not linked to your personal or financial information. All analytics data is aggregated and cannot be used to identify individual users.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. If changes are material, we will notify you via email or in-app message. Continued use of the Service after changes implies acceptance of the updated policy.

15. Terms of Service

This Privacy Policy should be read in conjunction with our Terms of Service which govern your use of HouseMunny and outline your rights and responsibilities as a user.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Portugal, without regard to its conflict of law provisions. You agree to submit to the personal and exclusive jurisdiction of the courts located within Portugal for the resolution of any disputes.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: guilherme@housemunny.com