1. Who We Are
Moneyball ("we", "our", "us") is a personal finance platform operated at moneyball.me. We help individuals, couples, and households organise their bank statements, track spending, and understand their finances through AI-assisted analysis.
If you have questions about this policy, contact us at hello@moneyball.me.
2. Information We Collect
2.1 Account information
When you sign up we collect your email address. If you sign in with Google we also receive your name and profile picture as provided by Google.
2.2 Financial data you upload
Moneyball is a bring-your-own-data service. We only have access to what you explicitly upload:
- Bank statement files (PDF, CSV, Excel) you submit through the Upload screen.
- Parsed transaction rows extracted from those files (date, description, amount, currency).
- Category labels and custom taxonomy rules you create or approve.
We do not connect to your bank directly. We never see your banking credentials.
2.3 Profile & preferences
We store settings you configure: your display name, preferred currency, AI model preference (BYOK API key), and custom category rules.
2.4 Usage data
We collect standard server logs and anonymous product analytics (pages visited, feature usage, error events) to understand how people use Moneyball and to fix bugs. This data is not linked to individual identities in our analytics pipeline.
3. How We Use Your Information
- Provide the service — parse statements, generate spending summaries, show dashboards.
- AI analysis — transaction descriptions are sent to an AI model (OpenAI or Anthropic, depending on your account tier) to categorise spending and generate insights. Only the data from the upload session is sent; your name and email are never included in AI prompts.
- Account management — send sign-in links, respond to support requests.
- Improve the product — aggregate, anonymised usage patterns help us prioritise features.
- Legal compliance — retain records as required by applicable law.
4. Your API Key (BYOK)
On the free tier you supply your own OpenAI or Anthropic API key. This key is stored encrypted in our database and is only used to make API calls on your behalf. We never log or share your API key. You can delete it at any time from your Profile page.
5. Data Storage & Security
Your data is stored on Supabase (PostgreSQL), hosted in a data centre within the region you selected at sign-up. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
Access controls ensure only you — and no other user — can read your account data. Internal team access is restricted to authenticated staff for support purposes only and is logged.
Despite these measures, no system is 100% secure. We encourage you to use a strong email password and protect your Google account with two-factor authentication.
6. Third-Party Services
We share data with these processors only to the extent necessary to operate Moneyball:
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase | Database & auth | Account data, transactions, settings |
| OpenAI / Anthropic | AI categorisation & insights | Transaction descriptions (no PII) |
| OAuth sign-in | Email address (on login only) | |
| Vercel | Hosting & CDN | Request logs |
| Resend / SendGrid | Transactional email | Email address |
We do not sell your data to advertisers or data brokers — ever.
7. Data Retention
- Active account: data kept for the lifetime of your account.
- After deletion: your account and all associated data are permanently deleted within 30 days of your deletion request, except where retention is required by law.
- Uploaded statements: you can delete individual statements at any time from the Review page.
8. Your Rights
Depending on your location you may have rights to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — request deletion of your account and data.
- Portability — export your transaction data as CSV from the Review page at any time.
- Objection — object to certain processing (e.g., analytics).
To exercise any right, email hello@moneyball.me from your registered address. We respond within 30 days.
9. Cookies
We use only essential cookies required to keep you signed in (Supabase auth session token). We do not use advertising or third-party tracking cookies.
10. Children
Moneyball is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a minor has created an account, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy as the product evolves. We will notify you by email and update the "Last updated" date above. Continued use of Moneyball after a change constitutes acceptance.
12. Contact
Moneyball · hello@moneyball.me