Install Monetraxapp

Add to your home screen for quick access and offline support

Back to Home

Privacy Policy

Last updated: 29 May 2026

Policy version: 1.0-2026-05-29

1. Introduction

Welcome to Monetraxapp ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial management platform.

By using Monetraxapp, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

  • Name, email address, and phone number
  • Business name and registration details (CAC number, TIN)
  • Profile information and preferences
  • Authentication credentials

2.2 Financial Information

  • Transaction records (income and expenses)
  • Bank account information (when you link accounts)
  • Tax-related data and calculations
  • Payment and subscription information

2.3 Technical Information

  • Device information and browser type
  • IP address and location data
  • Usage patterns and app interactions
  • Cookies and similar technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your account
  • Calculate taxes and generate financial reports
  • Sync and categorize bank transactions
  • Provide AI-powered financial insights
  • Send important notifications and updates
  • Respond to your inquiries and support requests
  • Comply with legal obligations and tax regulations
  • Detect and prevent fraud or abuse

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers

Third-party companies that help us provide our services, including payment processors (Stripe), bank integration providers (Mono), email services, and cloud hosting providers.

4.2 Regulatory Authorities

When required by law or to comply with tax regulations, we may share information with relevant tax authorities in your jurisdiction, including but not limited to: HMRC (United Kingdom), IRS (United States), FIRS (Nigeria), and other applicable regulatory bodies.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do NOT sell your personal information to third parties for marketing purposes.

4A. AI & Machine Learning Disclosure

Monetraxapp offers an optional in-app AI Assistant and optional AI-powered transaction auto-categorisation. Both features send a strictly limited slice of your data to a third-party AI provider (OpenAI, gpt-4o family) for the sole purpose of generating a response. We require your explicit consent before any AI request leaves the app and you can withdraw consent at any time.

What is sent to AI providers

  • The text of the message you type into the AI Assistant
  • The page you are currently viewing (for context, e.g. /dashboard)
  • Your business currency code (for unit-aware responses)
  • For auto-categorisation (opt-in only): the description text of the transaction row you are categorising

What is NEVER sent to AI providers

  • Your password, MFA codes, or any authentication secret
  • Your National Insurance Number, UTR, VRN, or any HMRC identifier
  • Bank account numbers, sort codes, IBANs, or card data
  • HMRC OAuth tokens or any other API credentials
  • Your full transaction list — only the description text of the specific row you ask about

Retention and training

We use OpenAI under an enterprise key with data-not-used-for-training=true. OpenAI does not retain your prompts beyond what is needed to compute the response and does not train its models on them. We retain your AI chat history in our own database for 90 days for your own reference; you can delete individual conversations any time from the AI Assistant.

Your controls

  • First-run consent: The first time you attempt to use the AI Assistant a consent modal explains everything on this page in plain language and asks for explicit Accept or Decline. The rest of Monetraxapp is fully functional without AI.
  • Withdraw consent any time: Settings → Privacy & AI → Revoke. Effective immediately on the next request.
  • Versioned consent: If we materially change AI data flows the policy version will bump and you will be asked to re-consent.
  • Audit log: Every grant and revocation is recorded in an append-only log you can request a copy of via support@monetraxapp.com.

Current policy version: 1.0-2026-05-29 · Sole AI provider currently: OpenAI · Server-side enforcement: an AI request without active consent returns HTTP 403 AI_CONSENT_REQUIRED and is never forwarded to the provider.

5. Data Security

We implement appropriate technical and organisational measures to protect your information:

  • AES-256 encryption of data at rest; TLS 1.2+ encryption of data in transit
  • Multi-factor authentication including phishing-resistant methods (Face ID, fingerprint, passkeys via FIDO2/WebAuthn)
  • Role-based access control (RBAC) limiting data access to authorised personnel
  • Regular security assessments and continuous monitoring
  • Secure cloud infrastructure with network segmentation
  • Comprehensive audit logging with defined retention periods
  • Documented incident response procedures with 72-hour breach notification

While we strive to protect your information using industry-standard measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Disposal

MONETRAXAPP maintains a formal Data Retention and Disposal Policy that is reviewed semi-annually and complies with all applicable data privacy laws. Our retention periods are determined by the most stringent applicable regulation across all jurisdictions where we operate.

6.1 Retention Periods

Data CategoryRetention PeriodLegal Basis
Account credentials and profileDuration of account + 30 daysService provision
Financial records and transactions7 years from date of recordHMRC / IRS / FIRS regulations
Tax filings and returns7 years from end of tax yearTax regulatory compliance
Invoices and business documents7 years from date of issueVAT / tax compliance
Security and authentication logs12 monthsSecurity monitoring
Session tokens and OTP codesAuto-expired (minutes to hours)Service provision

6.2 Data Disposal

When data reaches the end of its retention period or upon a valid deletion request, we apply disposal methods appropriate to the data classification:

  • Sensitive data (tax identifiers, authentication tokens) — cryptographic erasure, rendering data permanently unrecoverable
  • Financial records — secure deletion with verification, or anonymisation where regulatory retention applies
  • Temporary data (session tokens, OTP codes) — automatic expiry and purging by the system

6.3 Account Deletion Process

When you request account deletion, the following process is completed within 30 days:

  • Account credentials, profile data, and active sessions are permanently deleted
  • Authentication credentials (passkeys, MFA settings) are removed
  • Active subscriptions are cancelled
  • Financial records within mandatory regulatory retention periods are anonymised (personal identifiers removed, transaction data retained for compliance)
  • Records beyond mandatory retention periods are permanently deleted
  • A deletion confirmation is sent to you

Regulatory note: Financial records required by HMRC, IRS, FIRS, or other tax authorities for the mandatory retention period (up to 7 years) are anonymised rather than deleted, in compliance with applicable tax regulations.

7. Lawful Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation, we process your data on the following lawful bases:

Processing ActivityLawful BasisGDPR Article
Account creation & service deliveryContractual necessityArt. 6(1)(b)
Tax reporting to HMRCLegal obligationArt. 6(1)(c)
Financial record keepingLegal obligationArt. 6(1)(c)
Fraud prevention (HMRC headers)Legal obligationArt. 6(1)(c)
Service improvement & analyticsLegitimate interestArt. 6(1)(f)
Security monitoring & auditLegitimate interestArt. 6(1)(f)
Marketing communicationsConsentArt. 6(1)(a)

8. Your Data Rights (UK GDPR)

Under the UK GDPR, you have the following rights. You can exercise these directly within the app or by contacting us:

  • Right of Access (Article 15) — Download all your personal data via Settings > Data Export, or GET /api/gdpr/data-export
  • Right to Rectification (Article 16) — Correct your personal information via Settings > Profile, or PUT /api/gdpr/data-correction
  • Right to Erasure (Article 17) — Delete your account and all data via Settings > Delete Account, or POST /api/gdpr/delete-account
  • Right to Data Portability (Article 20) — Export your data in JSON format via Settings > Data Export
  • Right to Restrict Processing (Article 18) — Contact us to limit data processing
  • Right to Object (Article 21) — Object to processing based on legitimate interest
  • Right to Withdraw Consent (Article 7) — Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at admin@monetraxapp.com or dpo@monetraxapp.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and remember your preferences. You can control cookie settings through your browser. Disabling cookies may affect some features of our service.

9. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Monetraxapp is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Policy Governance and Review

MONETRAXAPP maintains a comprehensive governance framework to ensure ongoing compliance with data protection obligations:

12.1 Governance Documents

Our data protection framework is supported by the following policies, which are reviewed semi-annually:

  • Information Security Policy — Risk management, access control, encryption standards, incident response
  • Data Retention and Disposal Policy — Retention periods, disposal procedures, regulatory compliance
  • Identity and Access Management Policy — RBAC, authentication, periodic access reviews
  • Vulnerability Management Policy — Patching SLAs, dependency management, EOL monitoring

12.2 Review Schedule

  • All policies are reviewed semi-annually (every 6 months)
  • Regulatory compliance checks are conducted quarterly
  • Unscheduled reviews are triggered by regulatory changes, data breaches, or expansion to new jurisdictions

12.3 Accountability

  • A designated Data Protection Officer oversees compliance, data subject requests, and regulatory liaison
  • All personnel with access to personal data receive data protection training upon onboarding and annually thereafter
  • Data subject requests (access, deletion, portability) are tracked and fulfilled within 30 days

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

admin@monetraxapp.com

United Kingdom Office

20 Wenlock Road, London, England, N1 7GU
+44 7702 193735

14. International Data Protection Compliance

Monetraxapp is committed to complying with data protection laws in all jurisdictions where we operate. This includes:

  • United Kingdom: UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
  • European Union: General Data Protection Regulation (GDPR)
  • Nigeria: Nigeria Data Protection Regulation (NDPR) 2019 and Nigeria Data Protection Act 2023
  • United States: California Consumer Privacy Act (CCPA) and other applicable state laws

We are committed to protecting your data in accordance with applicable local laws and international best practices. Data transfers between jurisdictions are conducted in compliance with relevant data protection frameworks.

15. Request Data Deletion

You have the right to request the deletion of your account and all associated data. Once processed, this action is permanent and cannot be undone.

To request deletion of your data:

  • Your account and login credentials will be permanently deleted
  • All transaction history and financial records will be removed
  • Any active subscriptions will be cancelled
  • This process typically takes up to 30 days to complete
Request Data Deletion

© 2026 Monetraxapp. All rights reserved.

Clarity in every number

Monetraxapp

Install Monetraxapp

Add to home screen for quick access