Legal
Privacy Notice
Last updated: July 3, 2026
This Privacy Notice describes how MoneyYogi LLC, a Texas limited liability company ("MoneyYogi", "we"), collects and uses personal information when you use the MoneyYogi service. MoneyYogi LLC is the data controller for the personal information described here.
1. Information we collect
- Account information: name, email, password hash, profile preferences.
- Linked financial data: account balances, transaction history, and institution metadata received read-only from Plaid when you connect a bank.
- Manual entries: accounts, transactions, budgets, goals, tags, and notes you create.
- AI conversations: prompts you send to the in-app chat and the responses generated, along with the minimum context needed to answer.
- Usage data: log data, device identifiers, IP address, and feature interactions.
- Support communications: messages you send to us.
2. How we use it
- To create and operate your account and provide the service.
- To organize and display your financial picture.
- To power AI features (chat, categorization assistance, skills).
- To improve the product, debug issues, and prevent fraud and abuse.
- To respond to support requests.
- To send service-related communications.
3. Scope
MoneyYogi is offered to residents of the United States. This Privacy Notice describes our practices under U.S. federal and state law. If you access the service from outside the U.S., you do so on your own initiative and are responsible for compliance with local laws.
4. AI features
When you use MoneyYogi's AI chat or categorization features, your prompts and the relevant context needed to answer (for example a date range, a category, or a small set of transactions) are sent to our AI gateway, which routes the request to a large language model provider (currently Google's Gemini family of models). We use these providers strictly to generate a response to your request:
- Your data is not used to train third-party AI models.
- Your chat history is stored encrypted inside your Space so you can revisit past conversations. Service logs are retained briefly for debugging, safety, and abuse review, then purged on a rolling basis.
- AI output may be inaccurate or out of date and is not financial, investment, legal, or tax advice.
- Please do not paste content into the chat that you do not want processed by a large language model.
5. Shared workspaces (Spaces)
MoneyYogi organizes data into Spaces (e.g. a Personal space and one or more Business spaces). Data inside a Space is visible to every member of that Space according to their role, owner, editor, or viewer. The Space owner controls billing, membership, and deletion of the Space. Inviting a member grants them access to that Space's financial data; removing a member revokes it going forward.
6. Sharing
We share information with a limited set of sub-processors that help us operate the service. A full, current list, with purpose, data categories, and links to each provider's terms, is published on our Sub-processors page. At a high level:
- Stripe, Inc.: payment processor for subscriptions and one-time coaching-call purchases; stores the payment method and provides the billing portal. MoneyYogi LLC is the seller and is responsible for billing, refunds, and support.
- Plaid Inc.: to enable read-only connections to your financial institutions.
- Lovable Cloud: hosting, database, authentication, file storage, transactional email, and the AI Gateway that routes requests to Google's Gemini family of models. Per the Lovable AI Gateway and Google Gemini API terms, your prompts and responses are not used to train AI models.
- Google Calendar: solely if you book a coaching call via the link on the in-app coaching page (scheduling only).
- Professional advisors and authorities: where required by law.
We do not sell personal information and do not share it for cross-context behavioral advertising.
7. Security
We use appropriate technical and organizational measures to protect your information, including:
- TLS 1.2+ for data in transit;
- AES-256-GCM encryption at rest for account names and balances, transaction details, AI conversation content, merchants, and recurring streams;
- Row-level access controls so each Space's data is isolated;
- Optional two-factor authentication (TOTP): strongly recommended, available to every account from Settings → Security;
- Audit logging of sensitive administrative actions.
7a. Security incidents
If we determine that a security incident has compromised your personal information, we will notify you and applicable authorities without undue delay and consistent with applicable state breach-notification laws.
8. Retention
- Active accounts: we retain your data for as long as your account is active.
- After deletion: soft-deleted data is purged from production within approximately 30 days.
- Financial records: we may retain certain transaction and billing records for up to 7 years to comply with tax, accounting, and audit obligations.
- Service logs: retained for approximately 90 days for security and debugging.
9. Children's privacy
MoneyYogi is offered only to users 18 years of age or older. We do not knowingly collect personal information from anyone under 18, and we do not knowingly collect personal information from children under 13. If you believe we have collected personal information from a minor, please contact us and we will delete it.
10. Your rights
Depending on the state you live in, you may have the right to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Delete your personal information;
- Port your information to another service in a machine-readable format;
- Limit our use of sensitive personal information (financial account information is sensitive PI under CPRA); and
- Opt out of any sale, sharing, or targeted advertising use of your personal information, although we do none of these.
How to exercise these rights. Email josh@moneyyogi.ai from the address associated with your account. We will respond within 45 days (and may extend by an additional 45 days when reasonably necessary, with notice to you). We verify requests using information already associated with your account; we will not disclose personal information to anyone we cannot reasonably verify.
Authorized agents. You may designate an authorized agent to exercise these rights on your behalf. We will require written permission signed by you and verification of the agent's identity.
Right to appeal. If we decline a privacy request, you may appeal our decision by replying to our response email. We will respond to appeals within 45 days.
Your privacy choices / Global Privacy Control (GPC). We do not sell or share your personal information for cross-context behavioral advertising and we do not engage in targeted advertising. We honor the Global Privacy Control signal as an opt-out of any sale or sharing of personal information, where applicable.
11. U.S. state privacy rights
California residents (CCPA/CPRA): you have the rights described in Section 10, including the right to limit the use of sensitive personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.
Texas residents (TDPSA) and residents of other U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Montana, Oregon, Delaware, New Hampshire, New Jersey, Minnesota, Iowa, and Maryland) have analogous rights to access, correct, delete, port, and appeal as described in Section 10.
12. Cookies
We use only strictly necessary cookies and similar technologies required to operate the service (authentication, session management, and security). We do not use third-party advertising or analytics cookies. If this changes, we will update this Notice and present a consent banner before any non-essential cookies are set.
13. Contact
MoneyYogi LLC, privacy questions can be sent to josh@moneyyogi.ai or through in-app support.