1. Introduction

Monaro ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and financial information when you use our mobile application and website (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide

Account information: name, email address
Financial information: debts, income, budget categories, savings goals (entered manually or imported via CSV)
Payment information: processed by Razorpay — we never store your card details

2.2 Information from Transaction Imports

If you use SMS scanning, the app reads transaction-related messages on your device to extract amounts, merchants, and dates. Messages are processed locally and never sent to our servers. If you import CSV bank statements, we receive the transaction data contained in the file.

2.3 Automatically Collected

Device information and app usage analytics (via PostHog, privacy-first)
Error logs for debugging (via Sentry, no financial data included)

3. How We Use Your Information

Provide the core service: transaction tracking, debt payoff planning, AI financial copilot
AI Copilot: We send anonymized financial summaries (no PII) to Anthropic's Claude API to generate personalized advice
Improve the service: analytics and error tracking
Process payments via Razorpay
Communicate service updates (email)

4. Data Sharing

We do not sell, rent, or share your financial data with any third parties for marketing or advertising. We share data only with:

Anthropic (Claude API): Anonymized financial summaries for AI copilot responses — no PII, not retained by Anthropic
Razorpay: Payment processing (they handle card details)
Supabase: Database hosting (encrypted at rest, EU/US data centers)
Vercel: Website hosting
Sentry: Error tracking (90-day retention, no financial data)
PostHog: Privacy-first analytics (anonymized, no third-party sharing)

5. Data Security

AES-256 encryption at rest
TLS 1.3 encryption in transit
Row Level Security — you can only access your own data
SMS scanning happens on-device — messages never leave your phone
MFA-protected administrative access

6. Your Rights

Under GDPR, CCPA, and DPDPA, you have the right to:

Access: Request a copy of all your data (JSON/CSV export in-app)
Rectification: Update your information anytime in the app
Erasure: Delete your account and all data (completed within 30 days)
Portability: Export your data in standard formats
Restrict Processing: Revoke SMS permissions or stop importing to halt data collection

7. Data Retention

See our full Data Retention Policy for detailed retention periods. In summary: your data is kept while your account is active + 30 days after deletion. AI query logs are purged after 90 days. Payment records are retained for 7 years per tax law.

8. Children's Privacy

Monaro is not intended for children under 16. We do not knowingly collect data from children.

9. Contact

For privacy questions or data requests: arthi@nivo.run