Privacy Policy

Effective Date: March 19, 2026 · Last Updated: March 19, 2026

1. Introduction

MyMoney ("we," "our," or "us"), operated at mymoney.nyquiste.com, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our personal finance management service. By using MyMoney, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Email address: Required for account creation and passwordless authentication.
  • Name: Optionally provided during account setup.
  • Budget settings: Spending limits and categories you configure within the Service.

2.2 Financial Data from Plaid

When you connect a bank account, we receive the following data from Plaid on your behalf:

  • Account names, types, subtypes, and last-four-digit masks
  • Current and available account balances
  • Transaction history (merchant name, amount, date, category, payment channel)
  • Institution name and identifier

We do not collect or store: your bank login credentials, full account numbers, Social Security numbers, or any information not listed above.

2.3 Automatically Collected Information

  • Session tokens (stored in secure, HTTP-only cookies)
  • Server-side logs (IP address, request timestamps) for security and debugging purposes

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate your identity via magic link emails
  • Display your aggregated financial data, balances, and transaction history
  • Generate spending analytics and budget tracking features
  • Send transactional emails (magic links, account notifications)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your financial data for advertising, sell it to third parties, or use it to make automated decisions that affect your financial standing.

4. How We Store and Protect Your Data

4.1 Encryption

All Plaid access tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database. Encryption keys are derived from server-side secrets and are never stored alongside the encrypted data.

4.2 Transmission Security

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). We enforce HTTPS for all connections.

4.3 Database Security

Your data is stored in a managed database with access controls, regular backups, and security monitoring. Database access is restricted to application servers only.

4.4 Authentication Security

We use a passwordless authentication system. Session tokens are stored in secure, HTTP-only, SameSite cookies and are signed using industry-standard JWT (JSON Web Token) technology. Magic link tokens are single-use and expire after 15 minutes.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

  • Plaid: We share your user identifier with Plaid to facilitate bank connections. Plaid's use of your data is governed by their Privacy Policy.
  • Resend: We use Resend to deliver magic link emails. Your email address is shared with Resend solely for email delivery purposes.
  • Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • Protection of rights: We may disclose information to protect the rights, property, or safety of MyMoney, our users, or the public.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Transaction history and account data retrieved from Plaid is retained to power the Service's analytics features. If you request account deletion, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention records).

7. Your Rights

7.1 General Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect your bank accounts at any time through the Service
  • Opt out of non-essential communications

7.2 GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing your data is your consent (for bank connections) and the performance of our contract with you (for providing the Service).

7.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, please contact us using the information below.

8. Cookies and Tracking

We use a single session cookie to maintain your authenticated session. This cookie is:

  • HTTP-only: Not accessible to JavaScript, preventing XSS attacks.
  • Secure: Only transmitted over HTTPS connections.
  • SameSite: Configured to prevent CSRF attacks.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

MyMoney

Website: mymoney.nyquiste.com

We will respond to privacy-related requests within 30 days.