Legal

Privacy Policy

Last updated May 24, 2026. Your data is yours — we encrypt it, we don't sell it, and we make it easy to export or delete.

This Privacy Policy describes how Moneybag(the "App"), operated by Dream Group ("we", "us", or "our"), collects, uses, stores, and discloses personal information when you use our mobile application and website at moneybag.mydreamit.dev.

Our promise

Moneybag is a personal finance journal. We treat your data the way we'd want our own treated: encrypted in transit and at rest, never sold, never shared with advertisers, and always under your control. We make money by building a great app you love — not by monetising your information.

1. Information we collect

1.1 Account data

When you sign in with Google or email/password we receive your display name, email address, and (optionally) profile photo from the identity provider. Nothing more.

1.2 Financial data (your ledger)

Transactions, wallets, categories, budgets, to-dos, notes, Volt documents, and AI advisor conversations live in Google Cloud Firestore under your user ID. Only you can read them — enforced by per-user Firestore Security Rules.

1.3 Diagnostics

We collect anonymised crash reports and performance metrics so we can fix bugs quickly. These reports never contain your financial data, transactions, document contents, or AI conversations.

1.4 Device permissions

  • Notifications — for reminders, expiry alerts, and daily summaries. Always optional, with a clear opt-out.
  • Biometric — for face/fingerprint unlock. The biometric is verified on-device; we never receive it.
  • Storage — only when you pick a file for the Volt vault. We don't scan your storage in the background.

2. How we use information

  • To provide and improve the App.
  • To sync your data across devices when you sign in.
  • To generate AI advisor responses (only when you actively ask a question).
  • To send reminders, expiry alerts, and daily nudges you opted into.
  • To fix bugs via anonymised crash reports.

3. What we don't do

  • We do not sell your data — to anyone, ever.
  • We do not show third-party advertising inside the App.
  • We do not read your transactions or documents for any purpose other than rendering them back to you.
  • We do not share data with marketing/analytics providers other than what is strictly required to operate the App.

4. Service providers

We share data only with the minimum providers required to run the service:

  • Google (Firebase)— authentication, Firestore database, Cloud Storage, Cloud Messaging. Data resides in Google Cloud and is subject to Google's privacy commitments.
  • DeepSeek — only when you actively send a question to the AI advisor. Your prompt and the relevant ledger context are sent over an encrypted connection; we do not store advisor conversations on our servers.

5. Security

Transport is TLS 1.2+. Data at rest is encrypted by Google Cloud. The App supports PIN + biometric lock, automatic re-lock on background, and clears its in-memory cache on sign-out. Volt documents are uploaded to your own private Firebase Storage folder protected by per-user rules (15 MB max, image/PDF whitelist).

6. Your rights

  • Export — get a JSON backup of everything from Profile → Backup & Restore.
  • Delete — permanently delete your account and all associated data in one tap from Profile → Delete account. We tombstone your Firestore tree, delete your Auth record, and purge Storage files in one operation.
  • Access & correction — edit any record in-app at any time.
  • Withdraw consent — disable notifications, AI advisor, or cloud sync from Settings at any time.

7. Data retention

We keep your data for as long as your account exists. When you delete your account, all your personal data is purged within 30 days. Anonymised diagnostics may be retained longer to track product quality trends but cannot be tied back to you.

8. Children

Moneybag is not directed at children under 13. We do not knowingly collect data from anyone under that age. If you believe a child has provided us data, contact us and we will delete it.

9. International transfers

Firebase services may store data in multiple regions globally. Google Cloud's standard contractual clauses cover those transfers.

10. Changes

We may update this policy occasionally. Material changes will be announced inside the App. The latest version always lives at moneybag.mydreamit.dev/privacy.

11. Contact

Privacy questions, data requests, or complaints? Email iamkashimuddin@gmail.com — we usually reply within a business day.

Moneybag is operated by Dream Group. © 2026 Dream Group. All rights reserved.