Legal document

Privacy Policy

Effective date: April 8, 2026

1. Data controller

The data controller is Wiktor Pajdzik, an individual providing digital services.

Wiktor Pajdzik

Mszana Górna 553, 34-733 Mszana Górna, Poland

Email: wiktor@moneycount.app

No Data Protection Officer (DPO) has been appointed. For privacy matters, please contact the email above.

2. Data we collect

  • Account data: email address, name, profile picture (optional), hashed password.
  • Financial data: transactions, categories, budgets, goals – entered voluntarily by you.
  • Payment data: subscription status, Stripe customer ID. Card details are processed solely by Stripe.
  • Technical data: IP address, browser type, device data, access logs.
  • Communication data: email notifications and support correspondence.

3. Legal basis for processing

Contract performance (Art. 6(1)(b) GDPR) – processing necessary to provide the service: account management, payments, app features.

Legal obligation (Art. 6(1)(c) GDPR) – processing required by law.

Legitimate interests (Art. 6(1)(f) GDPR) – security, fraud prevention, service improvements.

Consent (Art. 6(1)(a) GDPR) – newsletter and marketing emails, only if you have opted in. You may withdraw consent at any time in account settings.

4. Retention periods

  • Account data – for the life of the account, plus up to 3 years after deletion for claims.
  • Financial data – for the life of the account or until deleted by you.
  • Payment data – 5 years from the date of payment (tax law requirement).
  • Technical logs – up to 12 months.

5. Third-party processors

  • Supabase, Inc. (USA) – database and authentication. Data stored in EU region (Frankfurt) under Standard Contractual Clauses.
  • Stripe, Inc. (USA) – payment processing under SCC. Privacy policy: stripe.com/privacy.
  • Resend, Inc. (USA) – transactional and newsletter email delivery.
  • Google LLC (USA) – optional Google OAuth sign-in.
  • Vercel, Inc. (USA) – hosting infrastructure.
  • Anthropic, PBC (USA) – AI models powering the financial assistant. Transaction data may be sent to generate responses.

6. Your rights

Under GDPR you have the right to:

  • Access – request information about your data.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of your data ("right to be forgotten").
  • Data portability – receive your data in machine-readable format.
  • Restriction – request restricted processing.
  • Objection – object to processing based on legitimate interests.
  • Withdraw consent – at any time, without affecting prior processing.

To exercise these rights, contact wiktor@moneycount.app. You also have the right to lodge a complaint with the Polish data protection authority (UODO) or your local supervisory authority.

7. Cookies

The Service uses strictly necessary cookies for:

  • maintaining user sessions,
  • remembering preferences (theme, language),
  • security (CSRF protection).

We do not use third-party analytics or advertising cookies.

8. Security

We implement appropriate technical and organizational measures including HTTPS encryption, password hashing, access controls, and regular backups.

9. Changes to this policy

We may update this Privacy Policy. We will notify you of material changes at least 14 days in advance via email or in-app notice.

10. Contact

Wiktor Pajdzik

Mszana Górna 553, 34-733 Mszana Górna, Poland

Email: wiktor@moneycount.app