Privacy Policy

1. Who runs this service

Moniqo is operated by OptiFi Technologies LLP (“we”, “us”) and runs on infrastructure under our control on AWS in the ap-south-1 (Mumbai) region. The application is single-tenant — your data lives on servers we operate exclusively for you and your authorized family members.

2. What data we collect

2.1 Account data

• Email address, full name, optional phone number — supplied at sign-up.
• Password hash (Argon2id) — we never store your password in clear text.
• OAuth provider account IDs (Google, Microsoft) if you sign in with those.
• Multi-factor authentication secret (encrypted) and one-use backup codes (hashed).

2.2 Financial data you enter

• Bank accounts, credit cards, transactions, budgets, goals, assets, liabilities.
• Receipt images you upload (stored as private S3 objects, accessed via short-lived presigned URLs).
• OCR results extracted from receipts.

2.3 Diagnostic data

• Login timestamps, IP addresses (rate-limit + audit log), user-agent strings.
• Server logs (errors, performance metrics) — retained 30 days.

3. How we use your data

• To provide the application’s core functionality (showing balances, generating reports, sending receipts).
• To send transactional emails — password resets, MFA setup confirmations, security alerts. We never send marketing emails.
• To detect and prevent abuse (rate limits, audit logs).
• To generate AI insights, where you have explicitly enabled them (Google Gemini — see Section 6).

4. Where your data is stored

• Primary database: PostgreSQL on AWS Lightsail in ap-south-1 (Mumbai). Encrypted at rest.
• Receipt files: Private S3 bucket in ap-south-1. SSE-S3 encryption. Versioning enabled. Public access blocked.
• Backups: Nightly encrypted (AES-256, PBKDF2 200k iterations) to a separate S3 bucket. Retention: daily 30 days, monthly 12 months.
• Logs: Stdout / journalctl on the application server, rotated daily, retained 30 days.

5. Who can see your data

• You: always — every record you create.
• Your family members: only records you have explicitly marked as “Shared with family”.
• OptiFi operators: only when you raise a support request that requires database access. Each access is logged in the audit trail.
• No one else. We do not sell, rent, or share your data with advertisers, data brokers, or analytics platforms.

6. AI processing (when enabled)

If you enable AI insights, we send aggregated, redacted summaries (totals, category breakdowns, vendor names) to Google Gemini for monthly summary generation. We do not send: account numbers, card numbers, full transaction notes, names, or email addresses. The PII redaction layer is documented in our codebase at src/lib/ai-redact.ts.

Receipt OCR runs locally on our server (Tesseract.js) — receipt images never leave our infrastructure for OCR processing.

7. Your rights

You can, at any time:

• Export your data as JSON via Settings → Privacy & data → Download my data.
• Delete your account via Settings → Privacy & data → Delete my account. A 30-day grace period applies; data is permanently erased afterward, except audit-log rows which are anonymized (your user id removed) for compliance and security investigation.
• Correct or update any record directly in the application.
• Request information about what we store, by emailing the address in Section 10.

For users in the European Economic Area, this Privacy Policy is intended to align with the GDPR. For users in the UAE, alignment with the UAE Personal Data Protection Law (Federal Decree-Law 45/2021) is the goal. Final text pending legal review.

8. Security

• Passwords hashed with Argon2id (memory-hard).
• Sessions JWT-signed; HTTPS-only in production.
• API rate-limited per-IP across four tiers (auth, password-reset, OCR, general API).
• Multi-factor authentication available (TOTP).
• Strict Content-Security-Policy + HSTS preload.
• Nightly encrypted backups; quarterly restore drills.
• Audit log of every login, MFA event, password reset, OAuth link, and admin action.

9. Cookies

We use a single first-party HTTP-only session cookie (Auth.js) to keep you signed in. No analytics cookies, no advertising cookies, no third-party trackers.

10. Contact

Questions about this policy? Email privacy@optifitechnologies.com.