Privacy Policy

Last updated: June 8, 2026

Overview

Monva ("the App") is a personal finance tracking application. Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Data stored locally on your device

All your financial data — transactions, categories, accounts, budgets, tags, and recurring rules — is stored locally on your device in a SQLite database. This data never leaves your device unless you explicitly enable cloud sync.

Data processed when using cloud sync (optional)

If you choose to sign in and enable cloud sync, your financial data is transmitted to and stored on our servers (powered by Appwrite, self-hosted in Germany) to enable backup and multi-device access. Your data is encrypted in transit (TLS 1.3) and at rest.

Data processed when using voice input (optional)

When you use the AI voice input feature, your spoken text is sent to Google's Gemini API for natural language processing to extract transaction details (amount, category, note). The audio is processed in real-time and is not stored by us. Google's use of this data is governed by their privacy policy.

Authentication data

If you sign in, we store your email address for authentication purposes. We use magic link authentication — we do not store passwords.

Data We Do Not Collect

  • We do not collect analytics or usage tracking data
  • We do not serve advertisements
  • We do not sell or share your data with third parties
  • We do not access your bank accounts or financial institutions
  • We do not collect location data
  • We do not use tracking cookies

Third-Party Services

The App uses the following third-party services:

  • Appwrite (self-hosted) — authentication and cloud sync
  • Google Gemini API — AI voice transaction parsing (only when you use voice input)
  • RevenueCat — subscription management
  • Cloudflare Turnstile — bot protection during sign-in (invisible, no tracking cookies)
  • Brevo — transactional emails (magic link delivery only)

Data Retention

Local data remains on your device until you delete it or uninstall the App. If you use cloud sync, your data is retained on our servers until you delete your account. You can export all your data as CSV at any time from Settings.

Data Security

We take reasonable measures to protect your data:

  • All network communication uses TLS 1.3 encryption
  • Server infrastructure is hardened with firewall rules, intrusion detection, and automatic security updates
  • Authentication uses magic links — no passwords are stored
  • The server is hosted in Germany and complies with EU data protection standards

Your Rights

You have the right to:

  • Access your data — export via CSV from Settings
  • Delete your data — delete your account from Settings, or uninstall the App
  • Portability — export your transactions as CSV
  • Opt out of cloud sync — use the App fully offline without signing in

Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy or your data, contact us at kostia.shiian@gmail.com.