MoneyMind Privacy Policy

Last updated: May 2, 2026

MoneyMind is a personal finance app that helps you track your bank accounts, find hidden subscriptions, and understand where your money goes. This policy explains exactly what data MoneyMind collects, what happens to it, and what control you have over it. It is written in plain English, not legal language.

MoneyMind is built and operated by Julia Maldonado, an individual developer, as a personal project. It is not a bank, a registered financial institution, or a regulated fintech company. You should treat it accordingly.

Who We Are

MoneyMind is owned and operated by:

• Julia Maldonado, individual sole developer
• Contact: [email protected]

There is no company, no team, and no investors. Just one person.

What MoneyMind Does

When you sign up for MoneyMind and connect your bank, the app:

• Pulls your account balances and transactions from your bank, through a service called Plaid
• Categorizes your transactions into spending categories you can rename
• Detects recurring charges, duplicate subscriptions, and price changes
• Calculates your net worth and shows month-over-month spending trends
• Sends you alerts when you exceed budget limits or have a low account balance

MoneyMind does not move money, transfer funds, place trades, or take any action on your bank account. It is a read-only tool.

What Data We Collect

From your signup

• Your email address
• Your password (stored only as a one-way hash; we never see or store the plain password)

From your bank, through Plaid

• The name of your bank (e.g., Chase, Wells Fargo)
• Your account names, types (checking, savings, credit, investment), and the last 4 digits of account numbers
• Current and available balances
• Every transaction MoneyMind can see: date, amount, merchant name, the category Plaid assigns, and any category you assign
• An encrypted Plaid access token, used by MoneyMind to fetch new transactions on your behalf

Computed by MoneyMind

• Your custom budget categories and category renames
• Subscription detections and findings from automated analysis
• Net worth snapshots over time
• Monthly spending insights and savings rate calculations

Operational data

• Login timestamps and IP addresses (used for rate-limiting and security)
• Session cookies (so you stay logged in)
• Records of emails sent to you (account verification, password reset)

How We Get Your Bank Data

MoneyMind does not directly connect to your bank. When you click “Connect Bank,” you are sent to Plaid, a financial data provider trusted by companies like Venmo, Robinhood, and Mint. You authenticate with your bank inside Plaid's interface. Your bank login credentials never touch MoneyMind's servers.

After you authenticate, Plaid gives MoneyMind a secure access token that lets the app pull your transaction and balance data on your behalf. That access token is encrypted at rest in MoneyMind's database. You can revoke MoneyMind's access at any time, either by deleting your account in MoneyMind or by removing MoneyMind from your bank's connected apps list.

Plaid has its own privacy policy that governs how they handle your bank data. You can read it at plaid.com/legal.

How We Use Your Data

MoneyMind uses your data only to power features for you. Specifically:

• To display your balances and transactions inside the app
• To run categorization, subscription detection, budget alerts, and other features described above
• To send you transactional emails (account verification, password resets, security alerts)

We do not:

• Sell your data to anyone, ever
• Use your data for advertising
• Share your data with marketers
• Use your data to train AI models
• Aggregate or anonymize your data for resale
• Send your transaction data to any AI service or large language model

Who Can Access Your Data

You

You can see all of your own data inside the MoneyMind app at any time.

Service providers we use

MoneyMind uses three external services to operate. Each has access only to specific data needed for their role:

• Plaid (plaid.com): provides the bank data integration; receives your bank login during connection and your authorized financial data on an ongoing basis.
• Resend (resend.com): sends transactional emails to you; receives only your email address and the email content (no transaction data is included in email bodies).
• Railway (railway.app): hosts the application and database; technically stores all your encrypted data on their cloud infrastructure.

Julia, the developer

Honest disclosure: as the developer who builds and operates MoneyMind, I have technical access to the database where your data is stored. I will not look at your data casually or for any reason other than necessary debugging. Specifically, I may need to look at your data when you report an issue you would like me to investigate (for example, if a transaction is showing incorrectly), and only to the extent needed to fix that specific issue.

I will never share your data with anyone outside the service providers listed above. I will not browse your transactions, discuss them with anyone, or use them for any purpose unrelated to running MoneyMind.

As MoneyMind grows, I plan to add stronger technical separations that limit my own ability to access user data. For now, the protection is a combination of self-restraint, this written commitment, and the fact that you are choosing to use a tool built by someone you know.

Security Measures

MoneyMind protects your data through multiple layers:

• Your password is stored only as a one-way bcrypt hash. The plain password is never stored or logged.
• Your Plaid access token is encrypted with AES-256-GCM (the same encryption standard used by U.S. government for classified data) before being stored.
• All connections to MoneyMind use HTTPS, meaning data in transit is encrypted between your browser and the app.
• MoneyMind uses multi-tenant data isolation: the database is structured so that one user cannot ever see another user's data, even through application bugs.
• Login attempts are rate-limited to prevent brute-force attacks.
• Your session expires after 30 minutes of inactivity, or 12 hours absolute, whichever comes first.
• All developer accounts that operate MoneyMind (GitHub, Railway, Plaid, email) require two-factor authentication.

No system is perfectly secure. If a security incident affects your data, MoneyMind will notify you by email as soon as it is discovered, and explain what happened and what is being done about it.

How Long We Keep Your Data

MoneyMind keeps your data for as long as you have an account. When you delete your account, your data is permanently deleted from the database within 30 days. The 30-day window allows for recovery if you delete by accident.

Some operational logs (login timestamps, error logs) may persist longer for security and debugging purposes, but these do not contain transaction data.

Your Rights and Controls

You can do all of the following at any time:

• View all your data inside the app
• Delete individual budget categories, dismiss findings, or override transaction categorizations
• Disconnect a bank account, which immediately stops MoneyMind from pulling new data from that account
• Delete your entire account and all associated data

If you cannot find a control you need or want help with any of the above, email [email protected].

Beta Disclosure

MoneyMind is currently in early beta, used only by a small number of invited friends and family. Things will occasionally break. Some features are still being built. The data you share is real, but the app you are sharing it with is not yet a production-grade financial product.

If you are not comfortable with that level of maturity for an app that handles your bank data, you should not use MoneyMind.

Changes to This Policy

If MoneyMind makes meaningful changes to this policy (changes to what data is collected, how it is used, or who it is shared with), you will be notified by email at least 14 days before the changes take effect. Smaller clarifications or wording improvements may be made without notice.

This policy is dated at the top. The date will update whenever the policy changes.

Contact

Questions, concerns, requests, or anything else related to this policy:

• Email: [email protected]
• Operator: Julia Maldonado, individual developer

MoneyMind is a personal project, not a company. There is no support team, no ticketing system, and no formal complaint process. There is one person who built this app and will personally respond to your message.