← Back to Home

Legal

Privacy Policy

Last Updated: March 2026

Your financial data is sensitive. This policy is written to be read — not buried. We tell you exactly what we collect, who sees it, and what you can do about it.

1

Who We Are

Moni is a personal finance AI service operated by FinentLabs ("we," "our," or "us"), a Delaware company. The Service is delivered through our Telegram bot (@monitrackerbot) and website at getmoni.tech. Because Moni processes your personal financial data — transaction amounts, spending patterns, receipt images, and financial goals — we take privacy seriously. This policy tells you exactly what data we collect, the legal basis for processing it, who we share it with, and the rights you have over it. It applies to all users of the Moni Service regardless of location.

2

Data We Collect

Financial & Account Data You Provide

  • Transaction data: amounts, merchant names, descriptions, and categories you submit through natural language messages.
  • Receipt images: photos you send for automated scanning, categorization, and amount extraction.
  • Financial goals: goal names, target amounts, deadlines, and progress updates you create.
  • Recurring transactions: subscription names, amounts, and billing cycles you configure.
  • Budget settings: monthly spending limits and preferred currency.

Data We Receive from Telegram

  • Telegram user ID — a permanent numeric identifier assigned to your account by Telegram.
  • First name and @username as set in your Telegram profile (may be absent if not set).
  • Language code as reported by your Telegram client.
  • Message timestamps for each interaction with the bot.

Data We Do Not Collect

  • Your phone number, email, or any other contact details — unless you voluntarily share them with our support team.
  • Payment card numbers, bank account details, PINs, or any financial credentials.
  • Messages, groups, or channels outside your private conversation with @monitrackerbot.
  • Location data, device identifiers, or browser/app usage analytics.
3

How We Use Your Data & Legal Basis

We process your data only where we have a valid legal basis to do so. The table below outlines each purpose and the basis we rely on:

We do not sell your data. We do not use your data to serve you advertisements. We never share identifiable financial data with third parties for their own commercial purposes.

Performance of Contract

Parsing and categorizing your transactions, generating spending summaries, managing your subscription tier, enforcing free-tier limits, and delivering all core features of the Service. We need this data to provide what you signed up for.

Legitimate Interests

Detecting and preventing abuse, fraud, spam, and violations of our Terms of Service. Sending weekly reports, monthly recaps, and proactive spending nudges (you can opt out at any time). Improving AI parsing accuracy using anonymized, aggregated data that cannot be linked back to you.

Legal Obligation

Retaining certain records where required by applicable law, and responding to lawful requests from courts or regulatory authorities.

4

Third-Party Services & Data Sharing

To operate the Service, we engage the following sub-processors. Each receives only the minimum data necessary for their role:

Telegram — Service Delivery Platform

The Service is delivered over Telegram's messaging infrastructure. Your use of Telegram is governed by Telegram's Privacy Policy. We receive only the data Telegram passes to us when you message our bot — we do not access your broader Telegram account, contacts, or other conversations.

Groq — AI Inference

Your message text and receipt images are transmitted to Groq, Inc. to run our AI models for transaction parsing and categorization. Groq processes this data solely on our behalf under a data processing agreement. Groq does not use your personal financial data to train or improve its own public models.

Supabase — Database & Storage

All structured data (transactions, goals, user profiles, settings) is stored in a PostgreSQL database hosted by Supabase, Inc. Data is encrypted at rest using AES-256 and transmitted over TLS 1.2+. Supabase acts as a data processor under our written instructions.

Lemon Squeezy — Payments & Billing

All subscription payments are processed by Lemon Squeezy LLC, our merchant of record. Lemon Squeezy independently collects your billing name, email, address, and card details under their own Privacy Policy and PCI-DSS compliance framework. We never receive, see, or store your payment card information. We receive only a subscription status event (active/cancelled) linked to your Telegram ID.

Railway — Application Hosting

Our backend application runs on Railway infrastructure. Server logs may temporarily contain request metadata (timestamps, error traces) for debugging. Logs are automatically purged and are never shared with third parties.

5

Data Retention

We retain your personal data for as long as your account remains active. If you request deletion, we will permanently remove your transaction history, receipt data, goals, recurring entries, and profile within 30 days. Anonymized, aggregated statistics (e.g., total transaction counts used for service health monitoring) contain no personal identifiers and may be retained indefinitely. Encrypted backup snapshots may persist for up to 90 days after deletion before being fully purged from backup systems.

6

Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These include: TLS encryption for all data in transit, AES-256 encryption for data at rest, webhook signature verification on all incoming Telegram and payment events, rate limiting and abuse detection on the bot, and access controls limiting who within FinentLabs can access production data. No system is perfectly secure. If you believe your data has been compromised, please contact us immediately at hello@getmoni.tech.

7

Your Rights

Depending on your location, you may have rights under applicable privacy law including the GDPR (EU/EEA/UK) and CCPA (California). These include:

  • Access: Request a copy of the personal data we hold about you.
  • Export / Portability: Download your full transaction history as a CSV directly from the bot at any time using the export command.
  • Correction: Request that we correct any inaccurate data.
  • Deletion ("Right to be Forgotten"): Request permanent deletion of your account and all associated personal data.
  • Restriction: Ask us to pause processing of your data in certain circumstances.
  • Objection: Object to processing carried out on the basis of our legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
  • Opt out of sale (CCPA): We do not sell personal data. No opt-out is required, but you may contact us to confirm this.

To exercise any of these rights, email hello@getmoni.tech. We will respond within 30 days. We will not discriminate against you for exercising any of these rights.

8

International Data Transfers

FinentLabs is based in the United States. Our sub-processors (Groq, Supabase, Railway) also operate in the US. If you are located in the EU, EEA, or UK, your data is transferred to the US under appropriate safeguards. Where required, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure adequate protection of your personal data when transferred outside the EEA.

9

Children's Privacy

Moni is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has used the Service and provided us with personal data, please contact us immediately at hello@getmoni.tech and we will delete the data promptly.

10

Cookies & Tracking

The Moni bot itself operates entirely through Telegram and does not use cookies. Our website at getmoni.tech may use essential cookies for functionality (e.g., remembering your session). We do not use third-party advertising or behavioral tracking cookies. Any analytics we collect on the website are anonymized and aggregated.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and notify active users via the Telegram bot at least 14 days before the changes take effect. For non-material changes, updating this page is sufficient notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12

Contact & Data Controller

FinentLabs is the data controller responsible for your personal data. If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach us through any of the following:

  • Email: hello@getmoni.tech
  • Website: getmoni.tech

We aim to respond to all privacy-related inquiries within 30 days.