Moneyta

Privacy Policy

Last updated: April 28, 2026

Dataexpansed LLC (“Company,” “we,” “us,” or “our”) operates the Moneyta platform (“Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. By using the Service, you agree to the practices described below.

1. Information We Collect

1.1 Information you provide

  • Account information: name, email address, and authentication credentials (managed by Clerk, our authentication provider)
  • Portfolio data: stock tickers, share quantities, cost basis, broker name, account label, account type, and notes you enter or paste into the Service
  • User preferences: risk profile settings, alert configurations, notification preferences, and digest cadence selections
  • Stock idea evaluator inputs: text descriptions of stock ideas you submit for analysis
  • Feedback: bug reports, feature requests, and other feedback you submit through the in-app feedback tool
  • Payment information: processed exclusively by Stripe. We never store, process, or transmit credit card numbers or bank account details on our servers

1.2 Information collected automatically

  • Usage data: pages visited, features used, analysis frequency, session duration, and interaction patterns
  • Device information: browser type, operating system, screen resolution, and device identifiers
  • Log data: IP address, access timestamps, and error logs (via Sentry for error monitoring)
  • Referral data: if you arrive via a referral link, we record the referral code for attribution purposes

1.3 Information derived from your data

  • Health scores and grades: computed from your portfolio composition using our proprietary scoring algorithm
  • Observations and insights: generated by artificial intelligence (OpenAI) based on your portfolio metrics
  • Simulation results:“what-if” analyses from the stock idea evaluator

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Calculate health scores, generate observations, and run portfolio analyses
  • Process stock idea evaluations and generate AI-powered verdicts
  • Send alerts and notifications based on your configured preferences
  • Process payments and manage your subscription
  • Respond to your feedback, questions, and support requests
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not share your data with advertisers or data brokers. We do not use your portfolio data for any purpose other than providing the Service to you.

3. AI Data Processing

Moneyta uses artificial intelligence (OpenAI API) to generate portfolio observations, stock idea verdicts, and smart-paste parsing. When AI processing is involved:

  • PII scrubbing: We remove personally identifiable information (email addresses, account numbers, phone numbers, Social Security numbers) from data before sending it to our AI provider
  • What is sent: Portfolio metrics (percentages, sector allocations, concentration ratios), ticker symbols, and anonymized analytical data — not your name, email, or account details
  • Data retention by AI provider: OpenAI retains API inputs and outputs for up to 30 days for safety monitoring, then permanently deletes them. Your data is not used to train AI models
  • Labeling:All AI-generated content is clearly labeled within the application (e.g., “Goodwin · AI-powered analysis”)

4. Third-Party Services

We use the following third-party services to operate Moneyta. Each processes only the minimum data necessary for its purpose:

ServicePurposeData shared
ClerkAuthenticationEmail, name, OAuth tokens
StripePayment processingEmail, payment method (card data never touches our servers)
OpenAIAI analysis & observationsAnonymized portfolio metrics, ticker symbols (PII scrubbed)
MarketstackMarket data & pricingTicker symbols only (no user data)
ResendEmail deliveryEmail address, email content
SentryError monitoringError traces, IP address (PII scrubbed from payloads)

Each third-party service is governed by its own privacy policy and data processing agreement. We have reviewed and, where applicable, signed Data Processing Agreements (DPAs) with these providers.

5. Data Security

We take the security of your data seriously and implement multiple layers of protection:

  • Encryption at rest: All data is encrypted using AES-256 at the database server level. Sensitive fields (email, portfolio notes, broker details, cost basis) are additionally encrypted at the application level using Fernet symmetric encryption
  • Vault encryption (PIN-derived):Vault items (jewelry, precious metals, watches, gemstones) receive an additional layer of protection. They are encrypted with a key derived from a PIN that only you know, using Argon2id to produce a Key Encryption Key (KEK), which wraps per-item Data Encryption Keys (DEKs) used to encrypt each item with AES-256-GCM. We do not store your PIN, and the decryption key exists only inside your unlocked browser session — never on our servers' disks. This means Moneyta cannot read your Vault while it is locked. If you forget your PIN, the only recovery path is the recovery code you captured at setup; there is no backdoor, including for Moneyta support
  • Encryption in transit: All connections use TLS (HTTPS). Database connections require SSL. Cache connections use TLS in production
  • Payment security: Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified). We never store, process, or transmit credit card data
  • Access controls: Role-based access control, audit logging for administrative actions, and encrypted authentication via Clerk
  • HTTP security headers: HSTS, Content Security Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy headers are enforced

6. Data Retention

We retain your data for as long as your account is active, plus:

  • Account data: retained while your account exists. After account deletion, data enters a 30-day grace period (soft delete), then is permanently deleted
  • After subscription cancellation: if a cancelled subscription lapses, your account data is retained for 30 days — during which you may resubscribe to restore it — then permanently deleted
  • Portfolio analyses and observations: retained for the life of your account to support historical comparison
  • AI interaction logs: retained for 90 days for quality monitoring, then purged
  • Payment records: retained by Stripe per their retention policy and applicable tax/accounting laws
  • Admin audit logs: retained for 2 years for security and compliance

7. Your Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

Categories of personal information we collect

  • Identifiers: name, email address (from Clerk authentication)
  • Financial information: portfolio holdings, cost basis, broker name
  • Internet/electronic activity: usage analytics, pages visited, features used
  • Inferences: health scores, risk profile classifications, portfolio observations

Your rights

  • Right to know: You may request information about the categories and specific pieces of personal information we have collected about you
  • Right to delete: You may request deletion of your personal information. You can initiate this from the Account settings page or by contacting us
  • Right to correct: You may request correction of inaccurate personal information
  • Right to portability: You may export all your data using the in-app data export feature
  • Right to opt out of sale/sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising
  • Right to non-discrimination: We will not discriminate against you for exercising any of these rights

“Do Not Sell or Share My Personal Information”

Moneyta does not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising purposes. We have no financial incentive programs that involve selling consumer data.

Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a valid opt-out request under CCPA/CPRA and applicable state privacy laws.

How to exercise your rights

You may exercise your privacy rights by emailing us at privacy@moneyta.app or by using the in-app Account settings (data export, account deletion). We will respond to verifiable requests within 45 days.

8. Additional State Privacy Rights

Residents of Connecticut, Virginia, Colorado, Utah, Texas, Oregon, Montana, Delaware, New Jersey, New Hampshire, Maryland, and Minnesota may have additional privacy rights under their respective state laws. These rights generally include the right to access, delete, correct, and port your data, and the right to opt out of targeted advertising (which Moneyta does not engage in).

To exercise any state-specific privacy rights, contact us at privacy@moneyta.app.

9. Cookies & Tracking

Moneyta uses a minimal set of cookies and local storage, all of which are necessary for the Service to function:

  • Authentication cookies: Set by Clerk to maintain your login session (strictly necessary)
  • Preferences: Local storage entries for UI preferences like sidebar state (strictly necessary for user experience)
  • Referral attribution: Session storage to track referral codes during signup (functional)

We do not use advertising cookies, tracking pixels, or third-party analytics that track you across other websites. We do not engage in cross-site tracking or retargeting.

10. Email Communications

We may send you the following types of emails:

  • Transactional emails: Account verification, password resets, subscription confirmations, payment receipts (cannot be unsubscribed — necessary for Service operation)
  • Alert notifications: Portfolio drift alerts, score change notifications (configurable in your alert settings)
  • Digest emails: Daily, weekly, or monthly portfolio summaries (configurable in your notification preferences)

All non-transactional emails include an unsubscribe link. We honor unsubscribe requests within 10 business days in compliance with the CAN-SPAM Act. Emails are sent from Moneyta via Resend and clearly identify Dataexpansed LLC as the sender.

11. Children’s Privacy

Moneyta is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe a minor has provided us with personal information, please contact us at privacy@moneyta.app.

12. International Users

Moneyta is operated from the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your data to the United States, which may have data protection laws that differ from those in your country.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the Service at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Dataexpansed LLC
Privacy inquiries: privacy@moneyta.app
General inquiries: support@moneyta.app