Monadeo

Privacy Policy

Governing language

The French version of this document is the governing version. Translations are provided for convenience only. In case of inconsistency between versions, the French version prevails, unless mandatory consumer protection, data protection, or other applicable law provides otherwise.

1. Introduction

This Privacy Policy explains how Monadeo handles personal data when users access or use the Monadeo mobile application, related services, support channels, legal document services, websites, and optional features.

Monadeo is designed as a local-first personal finance app. The financial records users create in the App, such as transactions, accounts, budgets, goals, debts, categories, notes, and related personal finance information, are stored on the user’s device and, where the user enables Apple sync features, in the user’s own Apple iCloud environment.

Monadeo does not operate a central server database containing users’ personal financial records. Monadeo does not collect, host, view, sell, or monetize the user’s personal financial dataset.

In plain language:

  • the user’s personal finance records are intended to remain on the user’s device or in the user’s Apple iCloud/CloudKit environment only;
  • Monadeo does not sell users’ personal financial data;
  • Monadeo may process limited operational data needed for subscriptions, support, legal documents, diagnostics, analytics, crash reporting, security, feature suggestion requests, support requests, categories and subcategories management and compliance;
  • users may exercise privacy rights depending on applicable law.

Monadeo does not provide financial, legal, tax, investment, accounting, or professional advice. Any categorization, forecast, score, insight, or indicator shown in the App is informational and remains subject to user review.

2. Data Controller and Contact Details

The data controller responsible for the processing described in this Privacy Policy is the company operating Monadeo.

  • Legal name: COMPOUND EFFECT
  • Legal form: SAS
  • Registered office: 78 Avenue des Champs-Elysées, 75008, Paris
  • Company registration number: 900379785
  • VAT number: FR58900379785
  • Country of establishment: FRANCE

For the purposes of this Privacy Policy, “Monadeo”, “the App”, “we”, “us”, or “our” refers to the company identified above.

Users may contact Monadeo using the following details:

  • General contact email: contact@getmonadeo.com
  • Support email: contact@getmonadeo.com
  • Privacy contact email: contact@getmonadeo.com
  • Postal address: 78 Avenue des Champs-Elysées, 75008, Paris
  • Website: www.getmonadeo.com

Privacy requests, data protection questions, deletion requests, access requests, correction requests, export requests, consent withdrawal requests, objections, complaints, and suspected privacy or security incidents may be sent to the privacy contact email above.

If Monadeo appoints a Data Protection Officer or privacy representative, the relevant contact details will be added to this Policy. If no formal Data Protection Officer is appointed, privacy requests will be handled through the privacy contact channel.

Users may also have the right to lodge a complaint with a competent data protection supervisory authority. For users in France, this is generally the Commission Nationale de l’Informatique et des Libertés (CNIL).

3. Key Definitions

For this Privacy Policy:

  • “Personal data” means any information relating to an identified or identifiable person.
  • “Processing” means any operation performed on personal data, including collection, storage, use, consultation, organization, transmission, deletion, or protection.
  • “Controller” means the entity that determines why and how personal data is processed. For the processing described in this Privacy Policy, the controller is the company operating Monadeo.
  • “Processor” means a service provider that processes personal data on behalf of Monadeo and according to Monadeo’s instructions.
  • “User” means any person who downloads, accesses, installs, uses, tests, subscribes to, or communicates with Monadeo.
  • “App” means the Monadeo mobile application, including its iOS app, Apple Watch app, related features, settings, support flows, legal document access, and optional services.
  • “Personal finance records” means the financial information created, entered, imported, edited, categorized, generated, or managed by the user in the App. This may include accounts, transactions, balances, budgets, goals, debts, categories, subcategories, recurring items, tags, reminders, forecasts, summaries, charts, indicators, notes, and similar app content.
  • “Local-first” means that the core personal finance records created or managed in the App are designed to remain stored on the user’s device and, where the user enables Apple sync features, in the user’s own Apple iCloud or CloudKit environment.
  • “Apple sync” means Apple platform synchronization features, including iCloud or CloudKit where enabled by the user and supported by the App.
  • “Operational data” means limited data used to operate, secure, maintain, improve, debug, support, or comply with legal obligations relating to Monadeo. This may include subscription status, legal document metadata, support communications, analytics events, crash diagnostics, device and app information, and security logs.
  • “Service providers” means third-party providers used to operate, secure, distribute, support, analyze, or improve Monadeo, such as Apple, Firebase, RevenueCat, hosting providers, analytics providers, crash reporting providers, email or support providers, and similar technical services.
  • “Website” means Monadeo’s public website, marketing pages, legal pages, support pages, and related online services.
  • “Applicable law” means the privacy, consumer protection, electronic communications, platform, and other laws or regulations that apply depending on the user’s location, the company’s establishment, and the specific feature or processing activity concerned.

These definitions are intended to help explain this Privacy Policy. They do not limit any mandatory rights users may have under applicable law.

4. Core Privacy Principles

Monadeo is designed around a local-first privacy approach. The user’s personal finance records remain on the user’s device and, where the user enables Apple sync features, in the user’s own Apple iCloud environment.

Monadeo’s core privacy principles are:

  • Transparency: users should understand what data stays local, what may be synced through Apple, what limited operational data Monadeo or its providers process, and which optional features may involve additional processing.
  • Data minimization: Monadeo avoids collecting more data than necessary and does not operate a central Monadeo-controlled database of users’ personal financial records.
  • Purpose limitation: personal data is processed only for defined purposes, such as operating the App, managing subscriptions, providing support, delivering legal documents, improving reliability, maintaining security, and complying with legal obligations.
  • User control: users control the financial records they enter into the App and may create, edit, delete, export, or modify them through the features made available.
  • Security by design: Monadeo reduces risk by avoiding centralization of personal financial records and by using appropriate technical and organizational safeguards for operational systems.

No digital system can be guaranteed to be completely secure. Users remain responsible for protecting their device, Apple account, passwords, passcodes, and access to their own iCloud environment.

5. Categories of Data We Process

Monadeo may process the categories of data below, depending on the features used and the user’s settings.

5.1 Account, Authentication, Profile, and Setup Data

Where account-based features are used, Monadeo may process limited account and authentication data, such as an internal user identifier, email address where provided or returned by an authentication provider, sign-in status, authentication provider identifiers, account creation timestamps, security-related account events, and account deletion or reauthentication status.

Monadeo may also process limited profile and setup data used to configure the App experience, such as onboarding progress, selected setup choices, app preferences, language and region settings, notification choices, subscription or premium access state, app configuration settings, and consent or acknowledgment records.

Authentication may involve third-party providers such as Apple, Firebase Authentication, or other authentication services.

5.2 Financial Records Created or Managed in the App

Users may create and manage personal finance records in Monadeo, including accounts, transactions, income and expense records, balances, budgets, goals, debts, categories, subcategories, recurring items, tags, reminders, forecasts, summaries, charts, and indicators.

These records form part of the user’s personal financial dataset. They are designed to remain stored locally on the user’s device and, where the user enables Apple sync, in the user’s Apple iCloud environment.

Monadeo does not collect, host, view, sell, or monetize these financial records on Monadeo-controlled servers.

5.3 Subscription and Purchase Status

Monadeo may process subscription and purchase status information to determine whether the user has access to premium features.

This may include product identifiers, entitlement status, subscription status, trial status, purchase or renewal status, restore purchase status, platform purchase identifiers, RevenueCat customer or app user identifiers, and App Store subscription information returned by Apple or RevenueCat.

Monadeo does not directly process or store full payment card numbers, card security codes, or full payment credentials. Payments are handled by Apple, the App Store, RevenueCat, or other payment-related providers according to their own terms and privacy policies.

5.4 Support, Feedback, and User Communications

If a user contacts Monadeo for support, sends feedback, requests help, submits a feature request, or communicates with Monadeo, Monadeo may process the information provided in that communication.

This may include name or email address where provided, message content, screenshots or attachments voluntarily provided by the user, device and app version information, troubleshooting details, conversation history, request timestamps, issue category, and resolution status.

Users should avoid sending unnecessary financial records, screenshots containing sensitive financial information, or special categories of personal data unless strictly needed for support.

5.5 Device, App, Crash, Diagnostic, and Analytics Data

Monadeo may process technical and usage data needed to operate, secure, debug, and improve the App.

This may include device model, iOS version, app version, installation or anonymous diagnostic identifiers, language and region settings, app configuration, device capabilities, connectivity status, performance information, technical errors, crash reports, stack traces, non-fatal error reports, diagnostic breadcrumbs, feature area or screen context, app launch events, onboarding step events, feature usage events, timestamps, and aggregated funnel metrics.

Crash reporting and analytics are configured to not collect raw financial amounts, transaction descriptions, merchant names, account names, budget names, debt names, goal names, personal notes, authentication tokens, emails, raw server payloads, or other unnecessary personal information.

5.6 Notifications, Reminders, Tutorials, and Demo Mode

Monadeo may process notification preferences and reminder-related data to provide reminders or alerts requested by the user. This may include notification permission status, reminder settings, reminder timing, reminder type, local notification scheduling data, and whether reminders are enabled or disabled.

Tutorial, guidance, or audio guide features may process tutorial availability, progress, selected tutorial, language, local tutorial preferences, and interaction with tutorial steps.

Monadeo may also include a demo mode using artificial sample data. Demo data is not intended to represent the user’s real financial data. If the user enters real personal information into demo mode, that information may be stored locally like other user-entered data and is removed when resetting demo data or deleting the relevant local demo data through the available controls.

5.7 Legal Document and Compliance Records

Monadeo may process legal document metadata to provide, version, update, and record access to legal documents such as the Terms and Conditions and this Privacy Policy.

This may include document type, language, published version, publication date, content update date, legal document cache metadata, acceptance or acknowledgment status when recorded, acceptance timestamp when recorded, and app version or context of acceptance when recorded.

The purpose of this processing is to ensure users can access the applicable legal documents and, where legally or operationally necessary, to keep records of the version made available or accepted.

5.8 Payment, Network, Language, and Sign-In Data

Monadeo may receive limited payment, subscription, and entitlement data from Apple, the App Store, RevenueCat, StoreKit, or other payment and entitlement providers. This may include product identifiers, entitlement status, subscription status, trial status, purchase, renewal, cancellation, refund, restore-purchase information, transaction references, app user identifiers, storefront, or billing country where provided by the platform.

Monadeo does not directly or indirectly receive or store payment card numbers, card security codes, or full payment credentials.

When users interact with online services, legal document endpoints, support systems, backend services, analytics, crash reporting, websites, or security systems, Monadeo or its service providers may process technical network data such as request timestamps, user agent, server logs, network errors, approximate region, and abuse-prevention logs.

Monadeo may also process language, country, region, currency, date, number, timezone, and storefront settings to provide localized content, schedule reminders, format values, adapt the user experience, and display the correct legal documents.

Monadeo only allows sign-in through Apple. Monadeo may therefore receive limited authentication data such as email address, name or display name where shared, provider user identifier, authentication result, sign-in status, or related credential information.

6. Data Sources

Monadeo may receive or generate personal data from the following sources:

Financial records entered, imported, or generated by the user are designed to remain on the user’s device and, where the user enables Apple sync, in the user’s Apple iCloud environment.

Users are responsible for ensuring that imported files, tags, screenshots, and support messages do not contain unnecessary personal data, sensitive data, third-party data, bank credentials, passwords, PINs, or authentication codes.

7. Purposes and Legal Bases

Monadeo processes personal data only where there is a purpose and a legal basis under applicable law.

The main purposes are:

  • operating, maintaining, and securing the App and related services;
  • enabling account, authentication, subscription, purchase, and premium-access features;
  • providing local-first personal finance features, reminders, preferences, tutorials, demo mode, and user-selected settings;
  • providing support, responding to messages, processing feedback, and handling feature suggestion requests;
  • providing, updating, displaying, caching, and recording access to legal documents;
  • diagnosing technical issues, analyzing reliability, measuring onboarding and feature usage, and improving the App;
  • detecting, preventing, investigating, and responding to abuse, fraud, security incidents, technical errors, and service misuse;
  • complying with legal, accounting, tax, platform, consumer protection, privacy, security, and regulatory obligations;
  • protecting Monadeo’s rights, users’ rights, and the security and integrity of the App and related systems.

Depending on the context, Monadeo may rely on one or more legal bases, including:

  • performance of a contract, where processing is necessary to provide the App, subscription features, support, account-related features, legal document access, or other requested services;
  • consent, where the user has given consent, such as for optional notifications, certain analytics or similar optional features where required by law;
  • legitimate interests, where processing is necessary to operate, secure, improve, debug, protect, or support Monadeo, provided those interests are not overridden by the user’s rights and freedoms;
  • legal obligation, where processing is necessary to comply with applicable law, accounting requirements, tax rules, consumer protection duties, platform obligations, privacy obligations, or regulatory requests;
  • establishment, exercise, or defense of legal claims, where processing is necessary to protect rights, resolve disputes, investigate issues, or maintain appropriate records.

Where Monadeo relies on consent, the user may withdraw consent at any time through the available App settings, device settings, provider settings, or by contacting Monadeo. Withdrawal does not affect processing carried out before withdrawal and may limit or disable the feature that depends on that consent.

Where Monadeo relies on legitimate interest, Monadeo aims to balance that interest against the user’s privacy rights and expectations, especially because personal finance information can be sensitive in practice.

8. Local Storage, Apple Sync, and Device Security

Monadeo is designed with a local-first architecture for personal finance records. The core financial data created or managed in the App is stored locally on the user’s device. This may include accounts, transactions, balances, budgets, goals, debts, categories, recurring transactions, tags, reminders, summaries, forecasts, charts, and indicators.

Monadeo uses Apple platform storage technologies, including Core Data, UserDefaults, Keychain, local files, and other iOS storage mechanisms where appropriate. This local storage is part of the user’s on-device app data.

Where Apple iCloud sync is enabled by the user or by the App configuration, some records may be synchronized through the user’s Apple iCloud environment. Apple’s terms, privacy policy, iCloud settings, storage limits, security practices, and account recovery rules apply to Apple’s processing of that data.

Monadeo does not operate a separate Monadeo-controlled financial database containing users’ personal financial records for this sync.

Users may be able to disable iCloud or CloudKit sync through iOS settings, Apple ID settings, iCloud settings, or Monadeo settings. Disabling sync may stop data from synchronizing between devices, may leave some data stored locally, and may affect recovery after device loss, app deletion, or device reset.

Cloud sync and device backup features may help users recover data, but they do not guarantee complete recovery. Recovery may depend on the user’s Apple ID, iCloud settings, available storage, backup settings, device state, network availability, Apple service availability, and whether data was deleted, corrupted, or synchronized before loss.

Monadeo may store local preferences, cache files, temporary files, legal document metadata, tutorial assets, diagnostic context, import files, app state, and feature settings to improve performance, preserve the user’s chosen experience, support offline access, and reduce unnecessary network requests. Cache and temporary files should not be treated as permanent backup storage.

Monadeo may offer app-level protection features using iOS security mechanisms such as Face ID, or the device passcode. Monadeo does not receive or store the user’s biometric data. Face ID data are handled by Apple’s secure device systems.

Because Monadeo is local-first for financial records, users remain responsible for protecting their device, Apple ID, iCloud account, passcode, biometric settings, backups, and access to their unlocked device. If someone gains access to the user’s device, Apple account, iCloud account, or backups, they may be able to access local or synced data.

9. Firebase, Google Cloud, and Operational Backend Services

Monadeo may use Firebase and Google Cloud services for operational purposes, such as authentication, legal document delivery, subscription-related operations, support records when recorded, onboarding analytics when recorded, crash reporting, diagnostics, backend hosting, security logs, configuration, and other non-financial app operations.

If push notifications are enabled through Firebase Cloud Messaging or another push service, the provider may process device push tokens, app instance identifiers, delivery metadata, device and app technical data, and notification status. Push notification payloads should not include raw financial records or highly sensitive financial content.

Google Cloud backend services may process operational data such as legal document requests, server logs, IP addresses, request timestamps, user agents, error logs, security logs, backend configuration, service account metadata, and access-control metadata.

Monadeo does not use Firebase or Google Cloud as a central database for the user’s personal financial dataset.

10. Subscriptions and Purchases

Monadeo may offer paid features, subscriptions, free trials, or promotional offers through the Apple App Store.

Billing is handled by Apple. Apple processes the payment, manages the payment method, handles App Store receipts, applies Apple’s refund rules, and manages subscription cancellation through Apple’s own systems.

Monadeo may use RevenueCat to manage subscription status, purchase restoration, entitlement checks, and premium access. RevenueCat may process app user identifiers, product identifiers, entitlement status, subscription status, trial status, renewal status, cancellation status, refund status, purchase metadata, App Store receipt-related information, and technical data needed for subscription management.

Monadeo may process purchase and entitlement data to unlock premium access, verify active subscriptions, detect expired subscriptions, handle free trials, restore purchases, prevent unauthorized access to paid features, keep local premium status up to date, and keep premium access consistent where account-based features are used.

Monadeo does not directly process App Store payments and does not directly receive or store full payment card numbers, card security codes, or full payment credentials.

11. Analytics, Diagnostics, Notifications, and Support

Monadeo may process limited analytics, diagnostic, and performance data to understand app reliability, onboarding quality, feature usage, technical errors, and product performance.

This may include app launch events, onboarding progress, screen or feature usage events, flow completion events, app version, device class, operating system version, language and region settings, timestamps, pseudonymous or app-scoped identifiers, crash-free indicators, error events, failed request information, loading times, and diagnostic breadcrumbs.

Analytics and diagnostics do not include raw financial content such as transaction amounts, transaction descriptions, account names, budget names, goal names, debt names, personal tags, or raw financial records.

Monadeo may use crash reporting tools such as Firebase Crashlytics tools to detect, understand, and fix technical issues. Crash reports may include app version, iOS version, device model, crash timestamp, stack trace, error type, non-fatal error details, feature area, diagnostic breadcrumbs, anonymous crash installation identifier, and technical state needed to diagnose failures.

Monadeo may use local notifications to provide reminders requested or configured by the user. Local notifications are scheduled and handled on the user’s device. Users can manage notification permissions through iOS settings and Monadeo’s in-app settings.

When users contact Monadeo for support, feedback, bug reports, privacy requests, or feature requests, Monadeo may process the information provided in the request. This may include email address, name or display name if provided, message content, screenshots or attachments voluntarily provided, app version, device model, iOS version, language or region information, troubleshooting details, timestamps, conversation history, issue status, and resolution notes.

Users should avoid sending unnecessary financial data, screenshots containing financial records, passwords, PINs, authentication codes, payment card data, or sensitive personal information unless strictly necessary for support.

Monadeo may send service-related messages where necessary to operate the App or related services. These may include support replies, account-related messages, privacy request handling, legal notices, security notices, subscription information, operational incidents, and important app updates. If Monadeo sends marketing communications, it will do so only where legally permitted and users will be able to unsubscribe where required.

12. Legal Documents and Compliance Records

Monadeo may provide legal documents, including the Terms and Conditions and this Privacy Policy, through a backend legal document service.

When the App fetches legal documents, Monadeo may process limited technical and legal-document data such as requested document type, requested language, requested format, published version, publication metadata, content update metadata, request timestamp, IP address, user agent, and backend logs needed for reliability, security, and debugging.

Monadeo may also store legal document metadata, such as document type, language, published version, latest version, publication date, effective date, content update date, document status, and cache metadata.

When a user downloads, accesses, or uses Monadeo, this constitutes acceptance of the applicable Terms and acknowledgment of the Privacy Policy available in Monadeo's Marketing Website and App Store Product Page, to the extent permitted by law. Monadeo may process limited records showing which legal document versions were made available or applicable to the user. This may include the document type, document version, language, publication or presentation timestamp, app version, user identifier, account identifier, installation identifier, country or region where needed, and the relevant method or context of access or use.

Legal and compliance records may be retained for as long as necessary to comply with legal obligations, prove contractual acceptance, defend legal claims, handle disputes, or demonstrate compliance with privacy obligations.

13. Data Sharing and Recipients

Monadeo may share or receive limited operational data with service providers where necessary to operate, secure, support, and improve the App.

Relevant recipient categories may include:

  • Apple, for App Store distribution, billing, iCloud/CloudKit, device services, diagnostics, and platform services;
  • Firebase and Google Cloud, for authentication, legal document delivery, backend hosting, logs, analytics, crash reporting, diagnostics, and operational infrastructure;
  • RevenueCat, for subscription status, entitlement checks, purchase restoration, and premium access management;
  • support, email, analytics, diagnostic, security, hosting, logging, and infrastructure providers used by Monadeo;
  • legal advisors, auditors, courts, regulators, law enforcement, public authorities, payment or platform providers, and incident-response providers where required for legal, security, compliance, dispute, or enforcement reasons.

Monadeo does not operate a central database of users’ personal financial records. As a result, data sharing by Monadeo should concern operational data, not a Monadeo-hosted financial dataset containing the user’s transactions, budgets, accounts, goals, debts, categories, or tags.

Some third-party services may act as independent controllers when the user uses their services. Their own terms and privacy policies apply to their processing.

14. International Data Transfers

Monadeo is operated from the European Union, but some service providers used by Monadeo may process operational data in other countries.

Processing locations may include:

  • the user’s device;
  • the user’s Apple iCloud/CloudKit environment, where Apple sync is enabled;
  • Apple infrastructure used for App Store billing, iCloud, CloudKit, diagnostics, and platform services;
  • Google Firebase and Google Cloud infrastructure used for authentication, legal document delivery, analytics, crash reporting, backend hosting, logs, and operational services;
  • RevenueCat infrastructure used for subscription and entitlement management;
  • support, email, analytics, diagnostic, security, hosting, logging, or infrastructure providers used by Monadeo.

Monadeo does not claim that all providers, logs, support systems, analytics systems, crash reporting systems, subscription systems, or platform services are stored exclusively in the European Union unless this is specifically verified for the relevant service.

International transfers do not mean that Monadeo sells user data. They refer to the technical or legal processing of operational data by providers located in, or accessible from, countries outside the EEA.

15. Data Retention

Monadeo keeps personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Because Monadeo is designed with a local-first architecture, the user’s financial records are primarily retained on the user’s device and, where enabled, in the user’s Apple iCloud environment. Monadeo does not retain a copy of the user’s personal financial dataset on Monadeo-controlled servers.

Retention depends on the type of data, where it is stored, the feature used, the user’s settings, legal obligations, technical constraints, and whether the data is controlled by Monadeo, Apple, or another provider.

In general:

  • local financial records remain until the user deletes them, deletes the App, resets the device, removes iCloud data, or uses an available in-app deletion/reset feature;
  • account data may be retained while the account remains active and for a limited period afterward where necessary for security, legal, dispute, accounting, fraud-prevention, or technical reasons;
  • subscription and entitlement data may be retained for purchase verification, premium access, accounting, dispute handling, and legal compliance;
  • support data may be retained for as long as necessary to respond, resolve the issue, keep support history, protect legal rights, and improve service quality;
  • analytics, crash reports, diagnostics, and logs may be retained for the period needed to understand app usage, investigate technical issues, improve reliability, protect security, and comply with legal obligations;
  • legal, compliance, consent, privacy request, deletion request, security incident, and contractual records may be retained for as long as necessary to prove compliance, resolve disputes, defend legal claims, or meet legal obligations;
  • aggregated or genuinely anonymized data may be retained where it no longer identifies a user and cannot reasonably be used to re-identify them.

Account closure does not necessarily delete data stored locally on the user’s device, data stored in the user’s Apple iCloud environment, data retained by Apple, Google, Firebase, RevenueCat, App Store services, or other independent providers, legal or compliance records Monadeo must retain, or aggregated/anonymized data.

When data is deleted from active Monadeo-controlled systems, deletion from backups, logs, archives, or disaster-recovery systems may follow different technical timelines depending on backup rotation, provider settings, legal holds, security requirements, and technical feasibility.

16. Data Security

Monadeo aims to protect personal data through appropriate technical and organizational measures. One important security measure is architectural: Monadeo does not operate a central Monadeo-controlled database containing users’ personal financial records.

Security measures may include, depending on the system concerned:

  • local storage within the iOS app sandbox;
  • Apple device security protections;
  • optional Face ID, passcode, or app-lock features;
  • Apple iCloud security for user-enabled sync;
  • secure network communications;
  • restricted backend access;
  • role-based or service-account-based access where applicable;
  • secure secret management;
  • backend logging and monitoring;
  • crash and diagnostic controls designed to avoid raw financial content;
  • data minimization in analytics and logs;
  • procedures for handling support, privacy, and deletion requests.

Monadeo and its service providers may use encryption and secure transport mechanisms such as HTTPS/TLS, platform security provided by iOS, provider-level encryption, and access controls. Where data is processed by Apple, Google, Firebase, RevenueCat, or other providers, their own security measures and infrastructure protections apply.

No security measure can guarantee absolute protection. Users are responsible for protecting their device, Apple account, iCloud account, passwords, passcodes, biometric settings, and backups.

17. User Controls and Privacy Rights

Users may have rights under applicable privacy laws, depending on their location and the type of data concerned. These rights may include access, correction, deletion, restriction, portability, objection, consent withdrawal, and the right to lodge a complaint with a supervisory authority.

Users may exercise available rights by contacting Monadeo through the privacy contact details in this Policy. Monadeo may need to verify the user’s identity before acting on a request.

Some requests may be limited where Monadeo does not control the data, where the data is stored only on the user’s device or in the user’s Apple iCloud environment, where deletion would affect legal or compliance records, or where another provider acts as an independent controller.

Users may also control certain processing through the App, iOS settings, Apple ID and iCloud settings, App Store subscription settings, notification settings, and account deletion or export features.

Withdrawing consent does not affect processing carried out before withdrawal. It may also limit or disable the feature that depends on consent.

18. App-Generated Outputs

Monadeo may display categorizations, summaries, forecasts, charts, indicators, reminders, budget progress, goal progress, debt progress, recurring transaction projections, dashboard cards, and other app-generated outputs based on data stored in the App.

These outputs are informational only. They are intended to help users organize and understand their personal finance information. They may be incomplete, outdated, inaccurate, or unsuitable for the user’s full financial situation if the underlying data is missing, incorrect, outdated, imported incorrectly, categorized incorrectly, or affected by sync conflicts.

Monadeo does not provide financial, legal, tax, investment, accounting, credit, lending, insurance, employment, or professional advice. Monadeo does not make legally or similarly significant automated decisions about users.

Users remain responsible for reviewing the data, correcting errors, and making their own decisions. Where the App provides controls, users may edit, correct, delete, or override transactions, categories, account information, budgets, goals, debts, recurring transaction settings, tags, reminders, and preferences.

19. Children and Minors

Monadeo is intended for users who have the legal capacity to use the App and accept the applicable Terms and Conditions.

The minimum age to use Monadeo may depend on the user’s country, applicable law, App Store rules, and whether parental or guardian consent is required. Users below the age of legal majority may use Monadeo only with the consent and supervision of a parent or legal guardian where required by law.

Monadeo is not designed as a child-directed service and does not knowingly seek to collect personal data from children.

A parent, guardian, or eligible minor may contact Monadeo to request deletion of personal data where permitted by law. Deletion by Monadeo applies only to data controlled by Monadeo. Local data stored on the user’s device, data stored in the user’s Apple iCloud environment, App Store records, Apple ID data, or data held by independent providers may need to be deleted through the relevant device, Apple, provider, or platform controls.

20. Website Cookies and Tracking

This section applies to Monadeo's website, www.getmonadeo.com. It does not change the local-first architecture of the Monadeo iOS App.

Monadeo website may use cookies or similar browser technologies where needed to operate the website, remember consent choices, provide security, measure website performance, or support website features.

Monadeo website may be hosted or delivered using website infrastructure providers such as Vercel. These providers may process limited technical data, such as IP address, browser information, device information, request logs, security events, and performance data, where necessary to deliver the website, maintain security, diagnose issues, and operate the service.

The website currently uses Cookiebot by Usercentrics to manage cookie consent and provide transparency about cookies and similar technologies. The website also uses Google Tag Manager as a tag container. Google Tag Manager should not be treated as permission to run analytics, advertising, marketing, or other non-essential tags without the required consent configuration.

Where required by law, Monadeo asks for consent before using non-essential cookies or similar technologies. Users may accept all cookies, reject non-essential cookies, or customize cookie choices through the Cookiebot consent banner or cookie settings interface.

The consent categories currently used are Necessary, Preferences, Statistics, and Marketing. Necessary cookies may be used without consent where they are required for the website to function, remember consent choices, provide security, or provide a service requested by the user.

Users can manage cookies through the Cookiebot interface, browser settings, platform privacy settings, and any Monadeo privacy controls made available.

21. Region-Specific Privacy Rights

Users may have privacy rights depending on their location and applicable law.

For users in the European Union, European Economic Area, France, and other jurisdictions with similar privacy laws, rights may include access, rectification, erasure, restriction, portability, objection, consent withdrawal, and complaint to a supervisory authority.

For users in France, the competent supervisory authority is generally the Commission Nationale de l’Informatique et des Libertés (CNIL). French users may also have rights relating to post-mortem data instructions where applicable.

For users in the United Kingdom, Canada, Québec, Brazil, Australia, California, other U.S. states, Singapore, Japan, South Korea, or other jurisdictions, additional or different privacy rights may apply depending on the law and whether Monadeo is subject to that law.

Monadeo does not collect or sell users’ personal financial records. Monadeo is designed so that users’ personal financial records remain on the user’s device and, where enabled, in the user’s Apple iCloud environment.

Some regional rights may apply only to personal data controlled by Monadeo. Data controlled by Apple, Google, Firebase, RevenueCat, App Store services, iCloud, or other independent providers may be subject to those providers’ own procedures.

Users may submit privacy requests through the privacy contact details in this Policy. Monadeo may require information needed to verify identity, locate relevant records, and confirm authority where a request is submitted by an authorized representative.

22. Changes to this Privacy Policy

Monadeo may update this Privacy Policy from time to time to reflect changes to the App, technical infrastructure, providers, legal requirements, security practices, data processing practices, or wording.

The updated Privacy Policy will replace the previous version from its effective date, unless otherwise stated.

If Monadeo makes material changes, it may notify users through appropriate means, such as an in-app notice, App Store update note, email notice where permitted, website notice, legal section notice, or request for acknowledgment or acceptance where legally or contractually necessary.

Each version may include an effective date, publication date, revised date, or version number.

23. Contact

Users may contact Monadeo about this Privacy Policy, privacy rights, data deletion, data export, data correction, consent withdrawal, objections, complaints, or suspected privacy or security incidents using the contact details listed in Section 2.

Monadeo may need to verify the user’s identity before responding to certain requests.

Where a request concerns data held by a third-party provider acting as an independent controller, users may also need to contact that provider directly.