Privacy Policy

MoneyMe is a UK financial-education app that helps people aged 14–24 build money skills through short lessons, scenarios, and practical tools. This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights you have under UK GDPR and the Data Protection Act 2018.

Data controller: MoneyMe Ltd, United Kingdom. Contact: [email protected]

We only collect what we need to run MoneyMe and personalise your learning.

• Account details - your first name, last name, email address, and hashed password. Provided by you when you create an account.
• Profile - your age band (14–16, 16–18, or 18–24), chosen avatar, financial situation (e.g. student, working), top interest, and daily time commitment. Used to choose the right lessons for you.
• Progress - terms you’ve completed, quiz scores, XP earned, streaks, badges, and scenarios played. Each completion is logged with a timestamp, the XP awarded, and (if you took a quick check) your score, so you can see your journey and we can pick what comes next.
• In-app tools - budget entries, savings goals, and any incident notes you log. These stay tied to your account and are never shared except under the narrow safeguarding exception in section 9.
• Notification preferences - if you opt in to reminders, we store your Expo push token, the device platform (iOS or Android), and your timezone name (e.g. Europe/London) so reminders arrive at a sensible local hour. We also keep a small rolling window of the last ten hours at which you completed a lesson, so the reminder time auto-tunes to your routine. This is never used to build a marketing profile.
• Device data - basic technical info (OS version, device model, crash reports) collected by Sentry to keep the app stable. Personal identifiers are stripped before crash reports leave your device.
• Accessibility preferences - font size, dyslexia-friendly font, reduced motion. Stored so your preferences follow you across devices.

We do not collect bank account numbers, card details, or any real financial transactions. MoneyMe is an education app; it never touches real money.

• To provide the service (contract) - signing you in, saving your progress, syncing across devices.
• To personalise lessons (legitimate interest) - using age band and quiz answers to pick suitable content.
• To show how you compare to the community (legitimate interest) - the app shows you how your XP and number of completed lessons compare to the average MoneyMe learner. Only aggregate numbers are used; no other user is ever identifiable, and the comparison only appears once enough other learners have used MoneyMe for the average to be meaningful.
• To keep the app secure and reliable (legitimate interest) - crash reports, basic device logs, and the security audit log described in section 8.
• To meet our safeguarding duties (legal obligation) - where we reasonably believe a young person is at risk, we may share information with the police or safeguarding authorities; we keep a record of any such disclosure (section 9).
• To improve MoneyMe (legitimate interest) - aggregated, anonymised usage patterns. We never sell individual data.

Under UK GDPR (Article 8) and the UK Data Protection Act 2018, a young person aged 13 or over can provide valid consent for information society services like MoneyMe without a parent or guardian’s agreement. Because our minimum age is 14, every user is legally old enough to consent on their own behalf. We do not require parental consent as a condition of access.

A voluntary extra safeguard. On top of that legal baseline, we offer an optional parental-notification flow for users aged 14–16. Here is exactly how it works:

• At sign-up, users aged 14–16 are invited to share a parent or guardian’s email address. This step is optional — you can skip it and still use MoneyMe.
• If you provide an address, we send a one-off email to that person describing the account, linking to this policy, and offering a confirmation link.
• You have 7 days from sign-up for a parent to confirm. Inside that grace period, nothing is restricted.
• If 7 days pass without confirmation, a small set of features is soft-blocked until a parent confirms: push notifications, budget writes, and account-sync mutations. Reading lessons, playing scenarios, and taking quick-checks stay fully available — your education is never gated on this.
• Once a parent confirms, those features unlock and we write a parental_consent entry to your consent ledger. A parent cannot revoke through the app; you or your parent can always close the account via a data-deletion request.

What we do with the parent’s email address. The raw address is passed straight to our email provider (Resend) so the one email can be sent, and is discarded from our systems afterwards. We do not store the raw address in our database and we do not email the parent a second time unless you request another reminder yourself.

Parental queries. A parent or guardian with a safeguarding concern may contact us at [email protected]. For the young person’s protection, we respond to requests about a specific account only with the account holder’s verified agreement, except where a UK court order, safeguarding duty, or statutory obligation requires otherwise.

We follow the ICO’s Age Appropriate Design Code (the “Children’s Code”). As a legal baseline, regardless of what you agree to, for users under 18 we guarantee:

• No behavioural advertising. We do not show ads inside MoneyMe and do not share your data with ad networks or ad-tech vendors.
• No profiling for marketing. We never build a marketing profile of you, and we do not use your data to influence your behaviour outside the educational purpose of the app.
• Data minimisation by default. We collect the smallest amount of personal data needed to run the lessons, and we do not ask for phone numbers, precise location, contacts, or banking data.
• Privacy-first defaults. All settings start in the most privacy-protective state. Any change (e.g. enabling notifications) is a deliberate, reversible opt-in.
• Plain-English disclosures. We explain what we do with your data in language appropriate for your age. If anything is unclear, email us.
• Your data stays yours. You can export or delete your account at any time from the Account tab. Deletion is honoured within 30 days.
• No sale of data. We do not sell, rent, or trade personal data from any user - and we will never do so for users under 18.

You can use MoneyMe as a guest without creating an account. In that case, your progress is stored on this device under an anonymous guest identifier - no email, no name. If you later create an account, we offer to merge your guest progress into the new account.

We share data only with the service providers that let MoneyMe work:

• Supabase (EU region, London) - database hosting and authentication.
• Vercel (EU region, London) - hosting for our web pages and the API that powers the app.
• Sentry - crash and error monitoring. Personal identifiers are stripped before logs are sent.
• Expo / Apple / Google - app delivery and push notifications.
• Resend - transactional email. Sign-up confirmation, password resets, email-change confirmations, and (for users aged 14–16) the parental-notification email. We do not send marketing email.

Each provider is contractually bound to UK GDPR standards. We do not sell your data, and we do not share it with advertisers.

We keep an immutable log of security-significant events on your account — signing in, signing out, accepting a policy version, exporting your data, and (if applicable) any admin access to your account. Every row stores:

• the event type and a timestamp;
• a hashed form of the IP address the request came from (SHA-256 with a server-side secret) — the original IP is never stored and the hash cannot be reversed back to an IP by anyone outside MoneyMe;
• a truncated form of the browser or app user-agent string;
• an identifier linking the row to your account.

These entries are retained for up to 24 months after account closure, as evidence for data-access requests, ICO enquiries, and our safeguarding duties. Keeping this log is how we meet Article 30 UK GDPR (records of processing activities).

A small number of trained MoneyMe staff hold the admin role and can look up your account to answer support, safeguarding, or data-request enquiries. Every admin access is:

• audit-logged — a row is written to the audit trail before the staff member sees any of your data, recording their identifier and the action performed;
• scoped — admins see only the information needed to resolve the enquiry (account state, learning activity, consent status, audit history). Budget line-items, quiz answers, and incident-note contents are not surfaced in the support dashboard.

Safeguarding sharing. If we reasonably believe a young person is at risk of harm, we may share information with the police, the NCA’s CEOP Command, or equivalent safeguarding authorities in line with our legal duties. Where we do share, we keep a dated, auditable record of what was shared, with whom, and why. That record is evidence for you, the authority that received it, and us.

• Account data is kept while your account is active and for up to 12 months after deletion, to handle recovery and legal requests.
• Guest data is stored only on your device until you clear it.
• Security and audit-log entries are kept for up to 24 months after account closure (see section 8).
• Crash logs auto-expire after 90 days.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct anything that’s wrong.
• Delete your account and associated data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• See a history of every version of our Terms and Privacy Policy that you’ve accepted, and when.
• Complain to the Information Commissioner’s Office (ico.org.uk) if you’re unhappy with how we handle your data.

You can export your data as a single JSON file at any time from the Account tab. For anything else — correction, deletion, restriction, or the consent history — email [email protected]. We aim to respond within 30 days.

Your data is encrypted in transit and at rest. Passwords are hashed using Supabase’s industry-standard auth. We enforce role-based access server-side, so regular users only see their own data and every staff access goes through the audit trail described in section 8.

Your data is primarily stored in the EU. Where a provider is based outside the UK/EU, we rely on UK Adequacy Regulations or Standard Contractual Clauses to keep the same level of protection.

We’ll update this page when our practices change. Substantive changes are highlighted at the top, and we’ll notify signed-in users via the app so you can re-accept the new version.

Questions, requests, or complaints: [email protected]. We’re a small team and read every message.