mooney is a personal expense tracker. this page explains what the app collects, how we use it, and who else processes it on our behalf. it applies to the mooney mobile application (package com.octyn.mooney) published on google play. “we”, “us”, and “mooney” refer to octyn, the entity that operates this app. questions? admin@octyn.co.
1. data that stays on your device
the following is stored in an encrypted local database on your phone and is never sent anywhere unless you turn on cloud backup or sign in:
- expenses, budgets, splits, and subscriptions you enter.
- categories and custom labels you create.
- receipt images you capture with the camera — discarded after the on-device OCR step reads the amount and date.
- bank and payment notification text we parse locally to detect transactions (see §3). raw notification content is never uploaded.
2. data you choose to share with us
if you sign in, or turn on cloud backup, we collect the minimum needed to provide those features:
- email address — for one-time-password sign-in.
- google account email and display name — only if you use “continue with google”. we do not see your password.
- encrypted backup of your expense data — uploaded to our cloud storage and accessible only to you. you can delete it from the app’s settings screen at any time.
- subscription status — whether you have an active mooney+ subscription. payment details (card, wallet, etc.) are handled entirely by google play and never reach us.
3. device permissions we ask for
you can revoke any of these at any time in android settings → apps → mooney → permissions. mooney degrades gracefully — the feature that needed the permission stops working, but the rest of the app keeps running.
| permission | why |
|---|---|
| camera | to photograph paper receipts. images are processed on-device by google ml kit to extract text; they are not uploaded and are discarded after extraction unless you explicitly keep them. |
| microphone | to record voice when you use voice entry. the audio is sent over an encrypted channel to our transcription provider (see §4) and deleted after transcription. transcripts are used to extract the expense you described, then discarded. |
| notification listener access | to read transaction notifications from a small allow-list of known bank and payment apps that you explicitly authorise. amount and merchant are extracted on your device. the raw content is not uploaded, stored server-side, or shared. notifications from other apps are ignored. you can revoke this permission any time in android settings. |
| network / internet | required for voice transcription, sign-in, and cloud backup. |
| post notifications | so the app can alert you about budget breaches, subscription renewals, and detected transactions awaiting confirmation. no notification content leaves your device. |
4. third parties who process data on our behalf
we use the following sub-processors. each is bound by a data-processing agreement and only receives the data listed.
| provider | what they process | purpose |
|---|---|---|
| Supabase (US / EU) | your email address, authentication tokens, and the encrypted backup file you create. | sign-in and cloud backup storage. |
| Deepgram (US) | short audio clips (your voice when using voice entry). | speech-to-text transcription. audio is not retained for training. |
| Groq, Cerebras, OpenRouter (US) | the transcribed text of what you said — not the audio. | parsing your instruction into a structured expense entry. |
| PostHog (US) | anonymous product events (e.g., “expense_added”), a random device identifier, and — only after you sign in — your supabase user id. | understanding feature usage so we can improve the app. the content of your expenses is never sent. |
| RevenueCat (US) | a stable anonymous user id and your subscription status. | managing trial and subscription entitlements across devices. |
| Sentry (US / EU) | crash reports — stack traces, device model, os version, and a stable anonymous user id. | diagnosing crashes so we can fix them. expense content is never included in crash payloads. |
| Resend (US / EU) | your email address and the rendered email body. | delivering transactional emails — sign-in magic links and monthly reports if you opt in. |
| Google Play Billing | payment details, billing address, purchase receipts. | processing in-app subscription payments. governed by google’s own privacy policy. |
| Google ML Kit (on-device) | receipt images, at the moment of OCR, on your phone only. | extracting text from receipts. no data leaves your device. |
5. what we do not do
- we do not sell your personal information, ever.
- we do not share your data with advertisers, data brokers, or marketing networks.
- we do not use your expense history to train models.
- we do not read notifications outside the allow-listed finance apps, and we do not upload those notifications.
- we do not track your location.
- we do not access your contacts, calendar, photos, or files beyond those you explicitly share with the app.
6. security
local data is stored in hive, an on-device key-value database, and is not accessible to other apps on a non-rooted device. data in transit uses HTTPS / TLS 1.2+. server-side backups live in a per-user folder readable only by the authenticated owner, enforced by row-level security. third-party API keys live exclusively on our backend; the mobile app never carries provider secrets.
7. your rights
depending on where you live (GDPR in the EEA/UK, CCPA in California, LGPD in Brazil, DPDP Act in India, and other applicable privacy regimes), you have the right to access, export, correct, or delete your personal data. you can exercise most of these in-app:
- export — settings → “export data” produces a JSON file of everything on your device.
- delete your cloud backup — settings → “delete cloud backup”.
- delete your account entirely — settings → account → “delete account”, or email admin@octyn.co from the address associated with your account. we remove your account and cloud data within 30 days and confirm in writing.
- withdraw consent — sign out or uninstall at any time. uninstalling clears all locally stored data.
EEA/UK users also have the right to lodge a complaint with their local data protection supervisory authority if they believe their data is being processed in violation of applicable law.
8. data retention
local data persists until you delete it in-app or uninstall mooney. cloud backups are retained until you delete them or close your account. authentication logs are retained by our auth provider for up to 90 days for security and abuse prevention. anonymous analytics events are retained for 12 months and then aggregated. if you ever held a paid mooney+ subscription, we keep a minimal anonymised billing record (period, amount, currency — no user identifiers) for up to 7 years to comply with applicable tax and accounting law.
9. children
mooney is not directed at children under 13 (or under 16 in parts of the EU). we do not knowingly collect information from children. if you believe a child has provided us with personal information, contact admin@octyn.co and we will delete it.
10. international transfers
our sub-processors are primarily in the united states and the european union. if you are outside those regions, your data may be transferred to and processed there. where required, we rely on standard contractual clauses or equivalent safeguards for these transfers.
11. changes to this policy
we will update this page if our practices change. the “last updated” date at the top always reflects the most recent revision. for material changes — e.g., a new sub-processor with access to your data — we will also notify you in-app before the change takes effect.
12. contact
data controller: octyn
email: admin@octyn.co
registered address: guwahati, assam, india