Privacy Policy

1. Who We Are

Mr. Money By Mega is a personal finance and money-management application operated by:

2. Information We Collect

We may collect the following categories of information.

3. How We Collect Information

We collect information:

• directly from you when you sign in or use the Service
• automatically through your use of the Service
• from connected sign-in and billing providers
• through our own internal analytics and diagnostic tools

4. Google Sign-In

Mr. Money By Mega uses Google Sign-In / Google Identity as the login method for user accounts. Google’s identity services are designed to let users sign in with their Google account and share profile information with the app after consent.

When you sign in with Google, we may receive information such as:

• your Google account email address
• your name
• your Google account identifier
• your profile image, if available and permitted

We use this information to:

• create and manage your account
• authenticate you
• keep your account secure
• personalize your app experience

We do not access your Gmail inbox or other Google data unless we clearly request additional permission and you explicitly grant it.

5. Apple Sign-In

Mr. Money By Mega also supports Sign in with Apple as a login method for user accounts. Apple’s identity service is designed to let users sign in with their Apple ID and share limited profile information with the app after consent.

When you sign in with Apple, we may receive information such as:

• your Apple ID email address, or a private relay email address you choose to share
• your name, if you choose to share it
• your Apple account identifier

We use this information to:

• create and manage your account
• authenticate you
• keep your account secure
• personalize your app experience

If you use Apple’s private email relay, we will only ever see that relay address. We do not access any other Apple data beyond what is shared with us during sign-in.

6. How We Use Your Information

We may use your information to:

• provide and operate Mr. Money By Mega
• authenticate users and manage accounts
• store and display your transactions, accounts, categories, and currencies
• generate dashboards, summaries, analytics, and reports
• provide subscription features
• process or verify billing and entitlement status
• improve the performance and usability of the Service
• troubleshoot bugs and technical issues
• measure feature usage, engagement, retention, and conversion to paid plans, in aggregate, through our internal analytics system described in § 7
• monitor security, abuse, fraud, and misuse
• communicate with you about account, billing, support, and product updates
• comply with legal obligations
• enforce our Terms of Service

7. Internal Analytics

Mr. Money By Mega uses an internal analytics system designed, built, and operated entirely by us. It is not a third-party analytics product such as Google Analytics, Mixpanel, or similar. Analytics records are stored in the same Supabase backend that powers the rest of the Service.

What we record. When you use the Service, the app may record events such as:

• opening the app and ending an in-app session, with how long the session lasted
• which screen or page you are viewing
• when you create, update, or delete a transaction, planned transaction, recurring transaction, or quick plan
• when an action fails and the reason for the failure (for example, a missing exchange rate)
• when you compare months in the cashflow overview, or compare categories
• when you change your theme or transaction-entry design preference
• when you invite, accept, or revoke shared-account access
• when your subscription state changes (free → paid, paid → canceled, plan changes)

Every recorded event is stored together with a snapshot of technical context taken at that moment: the platform you were on (web / iOS / Android), an approximate country derived from your IP address, your timezone and locale, your app version, whether your account was on a free or paid plan, and your plan type and billing platform if you were paid.

What we do NOT record in analytics events. We do not include the substance of your financial data in analytics records. Specifically, analytics events do not contain:

• transaction amounts, balances, or running totals
• transaction titles, notes, or category names
• account names
• currency exchange rates you have entered
• support-message contents or attachments
• any free-text you have typed into the app

Analytics records describe what kind of action you took and when, not what the action was about. Your actual finance data is stored in separate tables and is not copied into analytics.

Per-user profile. In addition to the per-event records described above, we keep a single per-user profile that summarises your acquisition source (where applicable), the technical context of your most recent visit, and the current state of your subscription. This profile is updated as you use the Service and is deleted with your account.

How we use this. Internal analytics is used only to:

• understand which features are used and which are not
• measure engagement, retention, and conversion to paid plans
• identify performance regressions and recurring errors
• plan and prioritise product improvements
• aggregate marketing-source statistics where applicable

How we do NOT use this. We do not sell, rent, or share your analytics data with third parties. We do not use it for behavioural advertising, ad targeting, or building profiles for sale. We do not feed analytics events to any external analytics, marketing, or advertising platform.

Access. Only authorised members of our operating team can query the analytics tables, using administrative database credentials. The Service itself only ever writes analytics records on your behalf — your account does not have permission to read other users' analytics records.

Cookies and local storage used for analytics. On the web, we set a small number of first-party cookies and browser-storage entries that support the analytics system:

• mr_money_analytics_tz andmr_money_analytics_locale — store your timezone and locale so analytics records can be grouped by your local time zone.
• mr_money_analytics_session — stores a random session identifier so we can recognise that several events belong to the same in-app session. A new session id is generated when you open a new tab.
• mr_money_signup_source andmr_money_signup_source_details — store marketing-source information (UTM parameters, referring website) so that, if you later create an account, we can record how you found us. Set only when there is fresh attribution information; pure internal navigation never overwrites them.

Analytics cookies are first-party only — they are not shared with any third party and are not used for cross-site tracking or advertising. iOS and Android apps do not use these cookies; they use their on-device equivalents (timezone, locale, and a session identifier kept in app memory).

Retention and deletion.Analytics records are associated with your user account. When you delete your account, your analytics profile and all your analytics event records are deleted along with your other data (see § 10 Data Retention).

8. Backend, Database, and Storage

We use Supabase to support our backend services and database. Supabase describes its platform as providing a Postgres database and authentication-related services, and its auth system stores authentication-related data in a special schema in the project database.

Your data may be stored and processed through infrastructure supporting:

• authentication
• database storage
• backend application logic
• file or object storage, if used in future features
• backup and operational security processes

9. How We Share Information

We do not sell your personal information.

We may share information only in the following situations:

10. Data Retention

We retain personal information for as long as reasonably necessary to:

• provide the Service
• maintain your account
• comply with legal obligations
• resolve disputes
• enforce agreements
• detect or prevent fraud and abuse

If you delete your account or request deletion, we may still retain certain information where necessary for:

• legal compliance
• security
• fraud prevention
• backups
• dispute resolution
• internal recordkeeping as permitted by law

11. Data Security

We use reasonable technical and organizational measures to protect your information.

However, no system can guarantee absolute security. You understand and accept that:

• no internet transmission is completely secure
• no storage system is perfectly secure
• we cannot guarantee absolute protection against all threats

You are also responsible for protecting access to your Google or Apple account and your own devices.

12. International Data Processing

Your information may be processed and stored in jurisdictions outside your home country, depending on the infrastructure and service providers we use.

By using the Service, you understand that your information may be transferred to and processed in countries that may have different data protection laws than your country of residence.

13. Your Choices and Rights

Depending on your location and applicable law, you may have rights to:

• access your personal information
• correct inaccurate information
• request deletion of your information
• object to or restrict certain processing
• request a copy of your data
• withdraw consent where processing is based on consent

You may also:

• update some account information inside the app
• cancel a paid subscription at any time
• request account deletion by contacting us

Cancellation of billing does not automatically delete your account or data.

14. Subscription and Billing Privacy

When you subscribe to paid features:

• web subscriptions may be handled through Stripe
• iOS subscriptions may be handled through Apple
• Android subscriptions may be handled through Google Play

We may store limited subscription-related details such as:

• plan type
• renewal status
• payment status
• billing platform
• subscription start/end dates
• entitlement status

We do not store full card numbers processed by those billing providers.

15. Children’s Privacy

Mr. Money By Mega is not intended for children under 18, or under the age of legal majority in the relevant jurisdiction.

We do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided us personal information, contact us so we can investigate and take appropriate action.

16. Links to Third-Party Services

The Service may contain links to third-party websites, services, or policies. We are not responsible for the privacy practices, content, or security of third-party services.

Your use of those services is governed by their own terms and privacy policies.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify you by:

• posting the updated policy in the Service
• updating the “Last Updated” date
• sending email or in-app notice where appropriate

Your continued use of the Service after changes become effective means you accept the updated Privacy Policy.

18. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us at: