Privacy Policy
Last updated: July 14, 2026
1. Introduction
Moniqo is an open-source, privacy-first, zero-based budgeting application. It is built on the belief that your financial data belongs to you not to us, and not to advertisers.
This Privacy Policy explains what information Moniqo collects, why, how it is used, and the choices you have. It applies to:
- The Moniqo hosted service, if and when Moniqo (the project/maintainers) operates one ("Moniqo Cloud"), and
- Self-hosted instances of Moniqo, which you or your organization deploy and control (see Section 14).
Moniqo’s source code is public. If anything in this policy seems inconsistent with what the software actually does, you (or anyone) can verify it directly in the codebase, and we encourage you to.
This policy is written to reflect the application as currently implemented. Where a feature described here (such as data export or bank-account linking) is not yet built, we say so explicitly rather than describing it as available today.
2. Information We Collect
Moniqo scopes financial data to budgets. A budget is an isolated financial universe accounts, envelopes, and transactions all belong to a specific budget, and users access a budget only through membership with an assigned role (Owner, Admin, Editor, or Viewer). The categories below reflect what the application stores today.
Account information
When you register, Moniqo collects:
- Username (a unique handle, 8–12 characters)
- Email address
- Password never stored in plain text. Passwords are hashed with bcrypt before being written to the database; the application never logs or returns raw passwords.
Profile information
- Name (optional, up to 100 characters)
- Avatar/picture currently stored only as a text reference (e.g., a URL) you supply. Moniqo does not currently host, process, or store uploaded avatar image files there is no image-upload feature in the product yet. If image uploads are added in the future, this policy will be updated to describe how those files are stored and processed.
The signup form displays an optional phone-number field for future use, but as currently implemented it is not submitted or stored only name, username, email, and password are sent to and retained by the server.
Budget data
- Budget title and optional notes
- Membership records: which budget you belong to, your role, and when you joined
There is currently no email-based invitation flow budget owners/admins add members by referencing an existing user’s account directly. If this changes, we will update this section.
Account data (financial accounts)
For each financial account you add to a budget:
- Account name, type (checking, savings, credit card, cash, or loan), and notes
- Balance and reconciliation status
- Optionally, a free-text account number and institution name that you type in yourself
Moniqo does not connect to your bank. There is no bank-linking or account-aggregation integration (e.g., no Plaid or similar service) in the codebase. All account data is manually entered by you. Bank integrations are listed only as a possible future roadmap item and are not implemented.
Transaction data
For each transaction:
- Amount, date, memo, and status (uncleared, cleared, or reconciled)
- The account and (if applicable) envelope it is associated with
- Whether it is part of a transfer between accounts
There is no “payee” field, no receipt/attachment upload, and no recurring-transaction engine currently implemented.
Envelope data
- Envelope title, description, and allocated amount
- Spent amount, which is calculated automatically from your transactions rather than entered directly
Uploaded avatars
As noted above, avatar upload is not currently implemented. This section is included per our standard policy structure and will be filled in with specifics (storage location, retention, processing) if and when the feature ships.
Usage information
Moniqo’s backend records standard web server request logs for operational and security purposes: request ID, HTTP method, request path, response status, response time, and the requesting IP address. It does not log request or response bodies, so your financial data itself is not written into application logs. Where relevant to debugging authentication issues, log entries may include your email address or internal user/session identifiers, but never your password or auth tokens.
Device information
Beyond the IP address and user-agent information inherently present in any HTTP request (used for the request logging described above and for rate-limiting login attempts), Moniqo does not currently collect device fingerprinting data, advertising identifiers, or similar device-level tracking data.
3. Information We Do NOT Collect
To be explicit about the boundaries of data collection, Moniqo does not, as currently implemented:
- Connect to your bank accounts or access banking credentials
- Collect payment or billing information (there is currently no payment or subscription feature in the product)
- Use any third-party analytics SDK (no Google Analytics, PostHog, Mixpanel, Segment, Amplitude, or similar is integrated into the application)
- Use any error-reporting/crash-reporting service (no Sentry or equivalent is integrated)
- Set advertising or cross-site tracking cookies
- Sell your personal or financial data to anyone
- Share your financial data with advertisers or data brokers
- Perform behavioral advertising or ad targeting
- Track you across other websites or apps
- Use your financial data to train AI or machine learning models
- Collect device fingerprints, precise geolocation, or biometric data
If any of this changes in the future for example, if an optional analytics or crash-reporting integration is added this policy will be updated first, and where legally required, we will ask for your consent.
4. How We Use Information
We use the information described in Section 2 to:
- Create and authenticate your account (email/password login, session/token management)
- Verify your email address and let you reset a forgotten password
- Let you build and manage budgets, accounts, envelopes, and transactions
- Enforce budget-level access control, so only members of a budget (with the appropriate role) can see or modify its data
- Maintain basic operational logs for debugging, abuse prevention, and rate-limiting login attempts
- Communicate essential account-related emails (verification, password reset)
We do not use your information for advertising, profiling unrelated to the app’s core budgeting functions, or any purpose beyond operating the budgeting service you’ve asked us to provide.
5. Legal Basis (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, we rely on the following legal bases under the GDPR:
- Contract necessity (Art. 6(1)(b)): processing your account, budget, and financial data is necessary to provide the budgeting service you sign up for.
- Legitimate interests (Art. 6(1)(f)): operational request logging, rate-limiting, and fraud/abuse prevention, balanced against your privacy interests.
- Consent (Art. 6(1)(a)): where we introduce any optional feature that requires consent (e.g., a future optional analytics integration), we will ask for it separately and let you withdraw it at any time.
- Legal obligation (Art. 6(1)(c)): where retention or disclosure is required by applicable law.
6. Cookies
Moniqo’s web application sets one cookie:
moniqo_refreshan HttpOnly,SameSite=Laxcookie holding your refresh token, used solely to keep you signed in between sessions. It is markedSecurein production, is cleared on logout, and is not accessible to JavaScript. It is a strictly necessary/functional cookie, not a tracking or advertising cookie.
Moniqo does not currently set any analytics, advertising, or third-party tracking cookies. Your signed-in profile display data (not your access token) is kept in your browser’s local storage to avoid unnecessary re-fetching; your access token itself is kept only in memory and is not persisted.
The public marketing/landing website (moniqo.in, separate from the application) may include dormant hooks for Google Analytics and Google Tag Manager that are inactive unless explicitly configured and enabled. If and when analytics are enabled on the marketing site, this section will be updated to disclose the specific cookies involved and your options for declining them.
7. Analytics
The Moniqo application itself does not currently include any analytics SDK or usage-tracking integration. No events, screens, or interactions within the budgeting app are sent to any analytics provider.
The application’s Settings UI includes a placeholder toggle for “Analytics” preferences intended for future use; it is currently disabled/hidden and is not wired to any real analytics collection, because no analytics collection exists yet. If analytics is introduced in the future, it will be optional, clearly disclosed, and where you are in a jurisdiction that requires it opt-in by default, with a working control to enable or disable it.
8. Authentication
Moniqo uses a token-based authentication system:
- Passwords are hashed using bcrypt before storage. Raw passwords are never stored, logged, or transmitted after the initial request.
- Access tokens are short-lived signed JSON Web Tokens (JWTs), kept only in your browser’s memory (not written to local storage or a cookie), so they do not persist across a page reload beyond your session’s refresh flow.
- Refresh tokens are longer-lived, delivered via an HttpOnly cookie, and stored server-side only as a cryptographic hash the plaintext token value is never retained on the server. Refresh tokens default to a 7-day lifetime with a 30-day absolute cap, and reuse of a revoked refresh token invalidates the entire token family as a security precaution.
- Email verification is required before login is permitted on a new account, using a signed, time-limited verification link.
- Password reset requests are handled without revealing whether a given email address has an account (to prevent account enumeration), and reset tokens are single-use, hashed at rest, and time-limited.
- Login, refresh, and registration endpoints are rate-limited per IP address to reduce brute-force and credential-stuffing risk.
- Moniqo does not currently offer two-factor/multi-factor authentication (2FA/MFA) or third-party social login (Google/Apple/Facebook sign-in buttons shown in the interface are not yet functional).
9. Data Storage
- All application data (accounts, budgets, transactions, envelopes) is stored in a PostgreSQL database operated by whoever runs the Moniqo instance you use either the Moniqo Cloud service (if offered) or your own self-hosted deployment.
- Data belonging to different budgets is strictly isolated: every financial record is scoped to a specific
budget_id, and access is checked against your membership and role in that budget before any read or write is permitted. - We do not use any third-party cloud storage provider (e.g., AWS S3, Cloudinary) for financial or account data, because there is no file-upload feature currently implemented that would require one.
10. Data Retention
- Active data: retained for as long as your account or budget exists and you have not requested deletion.
- Account deletion: deleting a user account is a soft delete your account is deactivated and all active sessions/tokens are invalidated immediately. If you are the sole Owner of a budget, deleting your account effectively renders that budget’s data inaccessible going forward.
- Budget deletion: deleting a budget archives it; transactions and historical allocations within it are preserved (not hard-deleted) to maintain financial audit integrity, unless a specific hard-delete action is taken (see below).
- Envelope “force delete”: budget Owners have access to a permanent, irreversible deletion action for an envelope and its linked transactions, which cannot be undone and leaves no recovery path.
- Operational logs (request logs described in Section 2) are written to standard output and retained according to whatever log-retention configuration the operator of the instance (Moniqo Cloud or your self-hosting administrator) has set at the infrastructure level; the application itself does not impose a specific retention period.
- A dedicated “export my data” / full account data-export feature is visible as a placeholder in the Settings UI but is not yet functional there is no working data-export endpoint today. Until this ships, you can request an export of your data by contacting us (Section 20), and self-hosting administrators always have direct database access to their own instance’s data.
11. Data Security
- Passwords are hashed with bcrypt (configurable work factor).
- Refresh tokens and password-reset tokens are stored server-side only as cryptographic hashes, never in plaintext.
- Authentication cookies are HttpOnly and, in production, marked Secure.
- All budget-scoped data access is authorized against your specific role and membership before any query executes.
- Application logs deliberately exclude request/response bodies, so financial data and credentials are not written to logs.
- No third-party analytics, advertising, or crash-reporting tool is embedded in the application, which limits the number of parties any data could flow to.
No system is perfectly secure, and we cannot guarantee absolute security. If you discover a security issue, please report it responsibly (see the project’s SECURITY.md for the current process).
12. Data Sharing
We do not sell your personal or financial data. We do not share it with advertisers, data brokers, or marketing partners.
The only parties your data may pass through are:
- Your own budget’s members data within a budget is visible to other members of that same budget according to their assigned role, since that is the core collaborative purpose of a shared budget.
- Infrastructure/service providers necessary to operate the instance you use (see Section 13), such as an SMTP relay for sending verification and password-reset emails, and for Moniqo Cloud specifically, if operated the hosting/database infrastructure it runs on.
- Legal disclosure, only where required by valid legal process.
We do not share data with any advertising network, and we do not use your data to train AI or machine learning models.
13. Third-Party Services
Moniqo’s implementation currently relies on the following external components, and no others:
- Email delivery: transactional emails (verification, password reset) are sent via a standard SMTP relay that you (Moniqo Cloud) or your self-hosting administrator configure. No third-party email API/SaaS provider (e.g., SendGrid, Postmark, Mailgun) is built into the application it speaks plain SMTP to whatever server is configured.
- Local development only: a local email-testing tool (Mailpit) is used in development environments to preview outgoing emails; it is not used in production and never sends real email or contacts any Moniqo server.
No payment processor, no analytics provider, and no error-reporting/crash-analytics service is integrated into the application at this time. If any such integration is added in the future, this section will be updated to name the provider, the data shared with it, and your available controls.
14. Self-Hosted Deployments
Moniqo is open source and designed to be self-hostable. If you or your organization run your own instance of Moniqo (for example, using the project’s Docker Compose deployment configuration):
- Your data never touches any server operated by the Moniqo project. All accounts, budgets, transactions, and envelopes are stored exclusively in the PostgreSQL database that you deploy and control.
- The application contains no update-checker, license-check, or telemetry “phone-home” mechanism that contacts any Moniqo-operated server. We verified this directly against the source code: there is no hardcoded call to any Moniqo domain anywhere in the backend or web application.
- If your deployment exposes itself to the internet via a tunnel (e.g., a Cloudflare Tunnel, as shown in the reference deployment configuration), that tunnel is one you configure and control it routes traffic to your own instance, not to Moniqo.
- Because the maintainers of the open-source project have no access to a self-hosted instance’s database, we cannot see, retrieve, or delete data held in your self-hosted deployment. Requests relating to your rights under Section 16 for a self-hosted instance should be directed to whoever administers that instance, not to the Moniqo project.
This Privacy Policy’s statements in Sections 9–13 about “the Moniqo Cloud service” apply only if and when such a hosted offering exists and you use it; they do not apply to self-hosted instances, which are governed entirely by whoever operates them.
15. Open Source Transparency
Moniqo’s full source code backend, frontend, and database schema is publicly available under its open-source license. This means:
- Every data-handling claim in this policy can be independently verified by reading the code.
- Community members and security researchers can (and are encouraged to) audit how data is collected, stored, and processed.
- Because the code is public, we cannot quietly change how data is handled without it being visible in the project’s version history.
If you find a discrepancy between this policy and the actual implementation, please report it see Section 20.
16. User Rights
GDPR (EEA/UK/Switzerland residents)
Subject to applicable law, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data (via your profile, where editable)
- Erase your data (“right to be forgotten”), by deleting your account, noting that budget-level financial history may be retained for audit purposes as described in Section 10 unless you are the sole Owner performing a full deletion
- Restrict or object to certain processing
- Data portability while a self-service export feature is not yet built (Section 10), you may request an export by contacting us
- Withdraw consent at any time for any processing based on consent
- Lodge a complaint with your local data protection authority
CCPA/CPRA (California residents)
If you are a California resident, subject to applicable thresholds, you have the right to:
- Know what personal information is collected, used, and disclosed
- Request deletion of your personal information
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information we do not sell or share personal information, so no opt-out mechanism is required, but you may still contact us with questions
- Non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us using the details in Section 20.
17. International Transfers
Where Moniqo Cloud (if operated) processes data, that processing may occur in a country different from your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for any such transfer.
For self-hosted deployments, data locality is entirely determined by where you choose to host your own instance Moniqo does not transfer self-hosted data anywhere, because it never receives it.
18. Children’s Privacy
Moniqo is not directed at children under 16, and we do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, please contact us so we can delete it.
19. Changes to This Policy
We may update this Privacy Policy as the product evolves particularly as features like data export, avatar uploads, invitations, or optional analytics are built out. We will update the “Last updated” date above when we do, and for material changes we will provide reasonably prominent notice (such as an in-app notice or an announcement in the project’s release notes).
20. Contact Information
If you have questions about this Privacy Policy, want to exercise a data-rights request, or want to report a discrepancy between this policy and the actual implementation, please reach out through the project’s official contact channels listed on the Moniqo website or GitHub repository.