MyMoneyMate
Get started
StoresPasswordsEncryptionAIWho seesControlSign-inInfraRLSNever

Your financial data. Your business.

We built MyMoneyMate because understanding your finances shouldn't require handing your life over to a company whose business model is your attention. No data selling. No profiling. Just your numbers, working for you.

This page explains exactly how we handle your data — in plain language, not legal boilerplate.

What we store

When you use MyMoneyMate, we store the financial information you enter: account balances, transaction amounts, categories, and any notes you add. We also store your net worth history over time, which is the whole point.

We store this in a managed PostgreSQL database hosted by Supabase, a well-regarded infrastructure provider used by thousands of companies. Your data sits in Australia (Sydney region) and does not leave that region.

That's it. We don't build advertising profiles. We don't analyse your data to sell you financial products. We don't share it with third parties.

Passwords and access

Your password is never stored. Ever. Not in any form. Supabase Auth handles authentication using industry-standard hashing — we couldn't read your password even if we wanted to. Password reset works via a link sent to your email address, which expires after one hour.

Your session is protected by short-lived access tokens that refresh automatically. If you sign out, your session is invalidated immediately.

Encryption

Your data is encrypted in transit using TLS — the same standard your bank uses. Your database is encrypted at rest. Connections between our application and the database use encrypted channels. There is no path from the public Internet to your raw data.

The AI features — exactly what gets shared

When MyMoneyMate generates insights for you, a small anonymised summary is sent to an AI model. Here is exactly what that summary contains:

Sent to the AI:

  • Your net worth trend direction — whether it's up, down, or flat — and the percentage change over 3, 6, and 12 months. Not the actual figures.
  • Your average monthly income and expenses, rounded. Not exact amounts.
  • Your top 5 spending categories by name, and their rough share of total spend. Not dollar amounts.
  • How your spending felt — the breakdown between necessary, impulse, and regret across your tagged transactions, as percentages.
  • Data quality indicators: how many months of data you have, how complete your snapshots are.

Never sent to the AI:

  • Your account names or bank names
  • Your actual dollar balances or amounts
  • Your transaction notes or free-text fields
  • Your name, email address, or any identifying information
  • Any individual transaction detail

The AI sees patterns. It does not see your life.

You can verify this yourself inside the app. Every AI insight card includes a “What did we share with AI?” panel that shows the exact anonymised context used to generate your insights.

Who can see your data

You.That's the intended answer.

Our engineering team can access the database in the course of maintaining the service — diagnosing bugs, running migrations, and so on. This access is logged and limited to what's necessary. We don't browse customer data out of curiosity.

We do not sell, rent, or share your data with advertisers, data brokers, or marketing companies. Full stop.

If we were ever compelled by law to disclose data, we would comply with the legal requirement and notify you where the law permits us to do so.

Your data, your control

You can delete your account at any time from Settings. When you do, everything is permanently removed — your profile, accounts, transactions, net worth history, AI digests, and all associated data. There is no archive. There is no “we keep it for 30 days.” Deletion is immediate and complete.

Data export is coming soon — so when it's ready, you'll be able to leave with everything you came in with.

Sign-in visibility

MyMoneyMate shows you your recent sign-in history — the last five times your account was accessed, including the approximate location (country only) and device type. If you see something you don't recognise, change your password immediately.

The infrastructure we rely on

We are a small team and we stand on the shoulders of infrastructure providers who specialise in security at scale.

WhatWhoWhy we chose them
Database and authSupabaseManaged PostgreSQL with row-level security, SOC 2 compliant
App hostingVercelServerless, SOC 2 compliant
AI insightsTrusted AI providerStrong privacy commitments, anonymised input only
Transactional emailResendEmail address only

We don't have a long list of third parties because we deliberately kept it short. Every provider on this list receives the minimum information needed for their specific function.

Row-level security

Every database query in MyMoneyMate is governed by row-level security policies enforced at the database level — not just in our application code. This means that even if there were a bug in our application, the database itself would refuse to return another user's data. Your data is isolated at the lowest possible level.

What we don't do

We think this list matters:

  • We don't sell your data
  • We don't share your data with financial product companies
  • We don't use your financial data to build advertising profiles
  • We don't send marketing emails (only the weekly digest you explicitly opt into, and transactional emails like password resets)
  • We don't store your password in any readable form
  • We don't keep your data after you delete your account

Questions?

We'd rather over-explain than leave you guessing.

Contact us →
Create your account