Privacy Policy
Last updated: April 18, 2026
Moneta ("we", "us", "our") is a personal finance tracking service operated by Coinstack. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Moneta web application at app.coinstack.cloud and the Moneta MCP server at mcp.coinstack.cloud (collectively, the "Service").
1. Information We Collect
1.1 Account Information
When you register, we collect:
- Email address
- First and last name
- Password (stored as a one-way bcrypt hash — we never store your plaintext password)
1.2 Financial Data You Enter
Moneta is a manual finance tracker. We do not connect to your bank, payment provider, or any financial institution. All financial data is entered by you and includes:
- Account names, types (checking, savings, cash, credit card, investment), and currencies
- Transaction records (amount, description, date, category)
- Budget allocations (monthly amounts per category)
- Custom categories and subcategories
1.3 Profile Data
- Avatar image (optional — stored in Google Cloud Storage)
- User preferences: theme, language, base currency, budget view settings
1.4 Technical Data
- Authentication tokens (JWT) for session management
- API keys (stored as hashed values) if you use API access
- OAuth client registrations when connecting via MCP-compatible AI assistants
1.5 Advisor Relationship Data
If you use the financial advisor feature, we store:
- Advisor-client relationship status
- Audit logs of advisor access to client data (advisor ID, action performed, endpoint accessed, timestamp)
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, financial data, preferences |
| Authenticate your sessions | Email, password hash, JWT tokens |
| Display analytics and budgets | Transactions, categories, budgets |
| Multi-currency conversion | Your selected currencies (exchange rates fetched from NBU — no personal data is sent) |
| Enable AI assistant access (MCP) | Financial data you authorize the AI to read or modify through the MCP connection |
| Advisor oversight | Audit logs of advisor actions on your data |
3. AI Assistant Integration (MCP)
Moneta exposes a Model Context Protocol (MCP) server that allows you to connect your financial data to AI assistants such as Claude (Anthropic), ChatGPT (OpenAI), and Gemini (Google).
- You initiate the connection. No data is shared with any AI provider until you explicitly connect Moneta as a tool in your AI assistant.
- OAuth-protected. Every MCP connection requires you to authenticate and authorize access via OAuth 2.1.
- Scoped access. The AI assistant can only access your data through the specific tools you authorize (e.g., list accounts, view transactions, add a transaction).
- No bulk export. Moneta does not transfer your entire dataset to the AI provider — only the data relevant to each tool call.
- Third-party policies apply. When data is sent to an AI assistant, that provider's own privacy policy governs how they handle it. We encourage you to review the privacy policies of Anthropic, OpenAI, and Google.
Moneta is a budgeting and tracking tool. It records transactions in your personal ledger. It does not transfer money, connect to bank APIs, or execute financial transactions on your behalf.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Google Cloud Storage | Avatar image hosting | Your uploaded avatar image |
| National Bank of Ukraine (NBU) API | Currency exchange rates | None — we only fetch published rates |
| Sentry | Error tracking and performance monitoring | Error details, request metadata, user ID and email (no financial data) |
| Mixpanel | Product analytics (feature usage, engagement) | User ID, email, event names (e.g. "transaction_created"), event metadata (e.g. transaction type). No financial amounts, descriptions, or account details are sent. |
We use Sentry for error tracking and Mixpanel for product analytics to improve the Service. These services receive only technical and usage data — no financial amounts, transaction descriptions, account names, or budget details are shared with them. We do not use any advertising or data-brokering services.
5. Data Storage and Security
- Database: Your data is stored in a PostgreSQL database with encrypted connections (SSL/TLS).
- Passwords: Hashed with bcrypt — never stored in plaintext.
- API keys: Stored as hashed values; only the key prefix is retained for identification.
- Transport: All connections to our servers use HTTPS with valid TLS certificates.
- Authentication: JWT-based session tokens with expiration. OAuth 2.1 with PKCE for MCP connections.
6. Data Retention
- Your data is retained for as long as your account is active.
- If you delete your account, all associated data (accounts, transactions, categories, budgets, settings, and avatar) will be permanently deleted.
- Advisor audit logs are retained for the duration of the advisor-client relationship and may be kept for a reasonable period afterward for compliance purposes.
7. Your Rights
You have the right to:
- Access your data — all your financial data is visible in the app and via the API.
- Correct your data — edit any account, transaction, category, or profile information at any time.
- Delete your data — delete individual records or your entire account.
- Export your data — use the API or data export feature to download your information.
- Revoke AI access — disconnect any MCP-connected AI assistant at any time by revoking the OAuth authorization.
8. Children's Privacy
Moneta is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
10. Contact
If you have questions about this Privacy Policy or your data, contact us at:
- Email: privacy@coinstack.cloud