Privacy Policy
MoneyLens is an expense tracker. Your spending records stay on your device unless you choose an optional service that needs a limited data exchange.
The short version
- MoneyLens does not hold funds, move money, or connect to your bank account.
- Your transactions, budgets, categories, accounts, and subscriptions are stored on your device.
- SMS parsing uses models on your device. Raw SMS text is not sent to MoneyLens servers.
- You can optionally use private iCloud sync, read-only Gmail import, and merchant enrichment services.
- We do not sell your financial data or use your spending records for advertising.
1. Scope and who controls your data
This policy applies to the MoneyLens iOS app, moneylens.app, and support messages you send us. In this policy, “MoneyLens,” “we,” and “us” refer to the provider of the MoneyLens app.
MoneyLens is a notebook for recording and understanding expenses. It is not a bank, neobank, money transmitter, investment adviser, or financial institution. The app does not take custody of money or initiate transactions.
2. What the app stores
| Data | Where it is stored | Why it is used |
|---|---|---|
| Transactions, amounts, merchants, dates, categories, notes, accounts, budgets, and subscriptions | On your device; also in your private iCloud database if you enable iCloud sync | Expense tracking, reports, budgets, and reminders |
| Imported CSV or PDF content and bank SMS text | Processed and stored locally as needed to create and review expense records | Importing and parsing transactions |
| Gmail OAuth tokens and imported receipt or subscription records | Tokens are stored in the iOS Keychain; imported records are stored with your app data | Optional Gmail receipt and subscription import |
| App settings, merchant corrections, caches, and local diagnostic summaries | On your device | Remembering your choices, improving matching, and diagnosing problems |
3. On-device SMS and document processing
MoneyLens uses on-device rules and language models to turn bank SMS messages and imported documents into structured expense records. The raw SMS body is not uploaded to a MoneyLens server for parsing.
Merchant enrichment is a separate, optional step. If enabled, it sends only the limited merchant or place information described below. It does not send the full SMS, amount, account number, card number, or balance to Brandfetch or Tavily.
4. Optional services and their payloads
| Provider | When it is used | Data sent |
|---|---|---|
| Apple iCloud | Only when iCloud sync is enabled | Your MoneyLens records are synced through the private database tied to your Apple Account |
| Google Gmail | Only after you connect Gmail | OAuth requests and read-only Gmail API queries for receipt-shaped, billing, and subscription messages; MoneyLens cannot modify or send mail |
| Brandfetch | When merchant enrichment is enabled and a lookup is needed | A merchant transaction label and two-letter country code |
| Tavily | When merchant enrichment and Tavily lookup are enabled | A sanitized merchant name, with optional city and country context |
| Apple Maps | When Apple Maps categories or place-aware shortcuts are enabled | A cleaned merchant or place query and search region; purchase coordinates may be used for nearby matching when location is available |
| Apple StoreKit | When you view, buy, restore, or manage a subscription | Product, eligibility, purchase, and entitlement information handled by Apple. MoneyLens does not receive your card number |
| Apple MetricKit | When iOS provides performance or diagnostic reports | MoneyLens stores a limited summary in local app logs. Logs leave the device only when you choose to export or share them |
These providers process data under their own terms and privacy policies. Optional merchant providers can be disabled individually in MoneyLens settings.
5. Gmail access and disconnection
MoneyLens requests only the gmail.readonly scope. The app searches for receipt-shaped messages, subscription notices, renewals, cancellations, trials, and billing issues. It cannot alter, delete, or send email.
Choose Settings > Gmail Import > Disconnect Gmail to stop future access. MoneyLens attempts to revoke the Google token and then clears the local token. Disconnecting does not delete records already imported into MoneyLens; use Clear All Data if you also want those removed.
6. Website and support data
When you visit moneylens.app, Cloudflare processes ordinary web-request data such as your IP address, user agent, requested page, and time of access to deliver and protect the site. The marketing site loads DataFast, Yandex Metrica, and Google Analytics scripts, plus GPT Engineer site tooling. Depending on browser and tracker settings, these services may process IP address, browser and device information, country, page activity, referrer, cookies or similar identifiers, and interaction or session data. Website services do not receive your MoneyLens app database.
If you submit your email address through the marketing site's sign-up form, the site sends it to Supabase to store the mailing-list request. Supabase also serves public site images. You can ask us to remove the submitted email address.
If you email support, we receive your email address and the information you include. Do not send raw bank SMS messages, complete statements, card numbers, passwords, or other data that is not needed to answer your question.
7. Legal bases for EU and EEA users
Where the GDPR applies, we use these legal bases:
- Contract: providing the app, its core expense-tracking features, and a subscription you request.
- Consent: optional Gmail access, iCloud sync, location, merchant enrichment, and non-essential website cookies where consent is required. You can withdraw consent at any time.
- Legitimate interests: securing the service, responding to support, and using limited diagnostics to maintain reliability, balanced against your privacy rights.
- Legal obligation: records we must keep to comply with applicable tax, accounting, or legal duties.
8. Retention
- App records remain on your device until you edit them, delete them, use Clear All Data, or remove the app.
- iCloud copies remain in your private iCloud storage until deletions sync or you remove MoneyLens data from iCloud.
- Gmail tokens remain until you disconnect Gmail, clear all data, or Google invalidates them.
- Local diagnostic logs remain on the device until they rotate, you clear them, or you use Clear All Data.
- Support correspondence, sign-up email addresses, and necessary business records are kept only as long as needed for their stated purpose, to resolve disputes, and to meet legal duties.
- Third-party providers retain request and analytics data according to their own policies and our available service settings.
9. Delete your data
- In MoneyLens, open Settings > Danger Zone > Clear All Data and confirm. This removes the app database, local settings, caches, backups owned by the app, local diagnostic exports, and Gmail credentials, and it disconnects Gmail.
- If you used iCloud sync, keep the device online long enough for the deletion to sync. To remove any remaining cloud copy, open Apple system Settings, go to your Apple Account's iCloud storage management, find MoneyLens, and delete its iCloud data. Apple may rename these menu items between iOS versions.
- Delete the app to remove the installed app and remaining local container from that device. Deleting the app alone may not remove data already stored in iCloud.
- Email support@moneylens.app to request deletion of support correspondence or website analytics data that we can identify.
10. Withdraw consent and change optional access
- Disconnect Gmail in Settings > Gmail Import.
- Turn off iCloud sync in MoneyLens settings. A restart may be required to change the storage mode.
- Turn off Merchant Enrichment, Tavily Web Lookup, Apple Maps Categories, or Place-Aware Shortcuts in MoneyLens settings.
- Change location or notification permission in Apple system Settings.
- Block or clear website cookies in your browser. You may also contact us about an identifiable analytics record.
Withdrawing consent does not make earlier lawful processing unlawful. Turning off an optional service stops future use of that service but may not delete app records already created from it.
11. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of personal data, and to receive portable data. Most financial records are under your direct control in the app. You can export transactions from MoneyLens and use the deletion steps above.
EU and EEA users may complain to their local data protection authority. Contact us first if you want us to help with a request.
12. Security
MoneyLens uses Apple's device protection, Keychain for Gmail tokens, and private iCloud storage when enabled. No storage or transmission system is risk-free. Protect your device, Apple Account, Google Account, and backups with strong authentication.
13. Children
MoneyLens is not directed to children who cannot legally consent to data processing in their country. A parent or guardian should supervise use by a minor where required by law.
14. Changes to this policy
We may update this policy when the app, providers, or law changes. We will change the effective date and provide additional notice in the app or on the site when a change materially affects your choices.
Contact
Questions, requests, or complaints: support@moneylens.app
You can also open MoneyLens and go to Settings > Help & Support.