Who operates Monario
Monario is operated as Monario.
Monario provides budgeting, reporting, projections, and personal finance organization tools only. It is not a bank, lender, broker, or advisory service.
Privacy contact
Privacy officer: Monario privacy contact
Privacy questions: privacy@monario.app
Support contact: support@monario.app
Privacy officer contact: privacy@monario.app
Information we collect
The exact data collected depends on features you choose to use.
- Account and profile data such as email and basic preferences.
- Waitlist and marketing signup data such as full name, email address, consent timestamp, language, and source tag.
- Authentication data managed by the authentication provider (for example login session metadata).
- Mandatory auth/security logs for successful sign-ins, sign-outs, password updates, account integrity, and abuse prevention.
- Manual financial records you enter, including transactions, categories, budgets, bills, and account labels.
- Imported CSV financial records and import job metadata when you upload CSV files.
- Security and technical signals such as device/session metadata, abuse detection, and operational logs.
- Consent-gated product analytics events using privacy-safe event payloads.
- Email delivery metadata from the configured email provider, if transactional emails are enabled.
What Monario can and cannot see
Monario is designed so financial vault data stays encrypted or local unless you intentionally share it for support.
Monario stores financial data in an encrypted vault on your computer. Monario Plus sync stores encrypted vault records and does not store clear transactions, budgets, account names, categories, or notes in the app database.
| Data type | Stored where | Can Monario read it? |
|---|---|---|
| Account email/auth metadata | Auth provider/app database | Yes |
| Mandatory auth/security logs | Auth provider/app database | Yes, minimized security metadata only, no financial vault data |
| Subscription/billing metadata, if paid plans are enabled | Payment provider/app database | Yes, limited metadata |
| Support messages and attachments | Support/email systems | Yes, if user sends them |
| Monario local vault financial data | User computer/device | No |
| Exported .mvault backups | User-controlled file storage | No, unless user shares the file/password |
| Monario Plus encrypted sync vault | Sync storage/app database | No clear financial data, encrypted before upload |
| Analytics events, if enabled | Analytics provider/app database | Yes, minimized product events only, no clear financial data |
Why we process information
We process data to provide account access, render your budgeting workspace, secure the service, and support core product operations.
- Create and secure user accounts.
- Store and display your personal finance tracking records.
- Support CSV import, review, and commit flows without retaining clear CSV rows server-side by design.
- Detect abuse, incidents, and service failures.
- Communicate account or support notices.
Email categories and consent
Monario separates transactional/security emails from product and marketing communications.
- Transactional/security emails (for example confirmation, password reset, security notice) remain enabled for account safety.
- Product updates and marketing emails require prior express consent and include unsubscribe instructions.
- Monario+ waitlist signup is optional and uses explicit consent for launch updates and related product/marketing communications.
Legal basis and consent
Monario intends to process personal information on a combination of consent, service delivery necessity, and legitimate operational safeguards, as applicable under Canadian and Québec privacy law. Mandatory auth/security logs are treated as essential security and account-integrity records, not optional analytics.
Where data is processed and stored
Monario expects personal information to be processed in Canada, the United States, and other jurisdictions where listed processors operate global infrastructure, including edge network locations and provider-managed cloud regions.
Cross-border processing is assessed before material processor changes. Safeguards include written processor agreements or data processing addenda where available, database-level access controls, encryption in transit, encrypted vault design, secret-handling controls, and minimization of clear personal information sent to processors.
Cookies, essential storage, and analytics
Optional analytics and marketing pixels are disabled by default and load only after explicit browser consent. Analytics is limited to minimized site and product events and must not include clear financial vault data. Users can reject, customize, or change choices later. Mandatory auth/security logs are separate and remain active for account safety.
Essential cookies, local storage, and session storage may be used for authentication, security, language, preferences, legal acceptance, and web sync state. Monario local vault files are controlled by Monario on the user’s computer.
Age and minors
Monario is intended for users who have reached the age of majority in their jurisdiction. Monario does not knowingly collect personal information from minors for account creation.
Processors and subprocessors
Monario uses third-party service providers for infrastructure, authentication, storage, email delivery, and related operations.
See /legal/processors for the current implementation-level list and purpose mapping.
| Provider | Purpose | Typical data | Status | Regions / transfer |
|---|---|---|---|---|
| Authentication and database infrastructure provider | Authentication, account metadata, database infrastructure, and encrypted Monario Plus sync vault blobs. | Email/auth metadata, Account and legal acceptance metadata, Encrypted sync blobs, No clear vault financial data by design | active | Provider-managed regions; may involve cross-border processing |
| Hosting, CDN, and security provider | Web app delivery, TLS termination, edge networking, and basic platform security. | IP and request metadata, Static app delivery logs, Security/network telemetry | active | Global edge network; may involve cross-border request processing |
| Transactional email provider | Transactional and security email delivery (confirmation, reset, security notices) and product updates with prior express consent when configured. | Email address, Delivery metadata, Template and routing metadata | disabled | Provider-managed regions; may involve cross-border processing |
| Marketing and waitlist email provider | Monario+ waitlist intake, launch updates, and consent-based product/marketing communications. | Full name, Email address, Consent and unsubscribe metadata, Campaign and audience metadata | active | Provider-managed regions; may involve cross-border processing |
| Analytics provider | Consent-gated privacy-safe usage analytics with minimized event payloads. | Anonymous user identifier, Feature usage counts, Event timing and status | active | Provider-managed regions; may involve cross-border processing |
| Payment provider (planned / not active) | Planned billing/subscription processing for paid plans. | Billing metadata (planned), Payment status metadata (planned) | planned | Planned / not configured |
Retention summary
Monario keeps eligible account metadata until deletion requests or account closure, subject to legal and operational requirements. Monario local vault files are controlled by the user’s computer.
Retention windows are implemented through documented cleanup jobs where server-side data exists.
- CSV imports are processed client-side by design. Monario does not retain clear CSV rows server-side for Monario or Monario Plus.
- If a legacy or internal server-side import staging record exists, cleanup jobs are used defensively to remove eligible temporary metadata and payload fields.
- Waitlist and marketing mailing-list records are kept until consent withdrawal, unsubscribe, deletion request, or legal retention requirement. Minimal suppression records may be retained to honor opt-out requests.
- Operational security/session logs are kept for up to 365 days unless a longer period is needed for security, legal, or abuse investigation.
- Analytics events, if enabled and stored server-side, are deleted or aggregated after 180 days.
- Account deletion requests are recorded immediately. Monario then applies the configured closure grace period, currently 14 days by default; eligible active cloud account data is scheduled for purge or anonymization within 30 days after the grace period ends unless legal or security retention applies.
- Breach/security incident records are retained for at least 2 years.
Your rights
Subject to applicable law, you may request access, correction, export, deletion, and withdrawal of consent where consent is the processing basis.
Account deletion removes eligible account metadata and encrypted sync data where applicable. It cannot delete local vault files already on your computer, device backups, or exported .mvault files. Export your vault before deleting your account. Local vault password recovery may not be possible. If you lose your vault password, Monario may not be able to recover the vault.
- Access your data.
- Correct inaccurate profile or finance records you control.
- Export your data.
- Delete data or close your account.
- Withdraw consent where processing relies on consent.
Security safeguards
Monario applies technical and organizational safeguards including access controls, database-level access controls, encrypted transport, and secret-handling controls.
No safeguard is absolute; users should also protect their account credentials and local device access.
Confidentiality incident and breach notice
Monario keeps a confidentiality incident response process and records incidents as required by applicable law.
If an incident involving personal information creates a real risk of serious injury or significant harm, Monario will notify the Commission d’accès à l’information du Québec, the Office of the Privacy Commissioner of Canada when applicable, and affected individuals without unreasonable delay or as soon as feasible under applicable law.
Complaints and escalation
Start with Monario privacy contact: privacy@monario.app
Commission d’accès à l’information du Québec (CAI): cai.gouv.qc.ca, 1-888-528-7741, Bureau 900, 2045 Stanley Street, Montréal, Québec H3A 2V4.
Office of the Privacy Commissioner of Canada (OPC): priv.gc.ca, 1-800-282-1376, 30 Victoria Street, Gatineau, Québec K1A 1H3.
Changes to this policy
Monario may update this policy as the product, processors, or legal requirements change.
For material changes, Monario will provide notice by in-app banner and email at least 30 days before the changes take effect, unless a shorter period is required for security, legal, or operational reasons.