MoneyMap is zero-access by architecture. Encryption keys live on your device. If our servers were seized tomorrow, your financial life would still be unreadable ciphertext. This page is the technical detail behind that promise.
MoneyMap is designed so that no one but you can decrypt your data: not the server, not the database, not the app creator. There is no admin panel that can read balances or transactions because the keys required to read them never reach our infrastructure.
Each account gets a unique 256-bit encryption key generated locally on your device, not derived from a password you might forget or reuse. That key encrypts your records before they ever sync. To invite a partner, you share the key directly via QR code; the server never sees it.
All financial data is stored on-device in an encrypted SQLite database (WatermelonDB). The app works fully offline (on a plane, in a tunnel, anywhere) and syncs changes when you reconnect. Cloud sync is optional, and every payload is encrypted on-device before it leaves your phone.
When sync is enabled, records are encrypted with your account's 256-bit key, then uploaded as opaque blobs. They remain encrypted in transit (TLS) and at rest. The server stores and relays ciphertext between your devices but can never decrypt it.
Every client uses SSL/TLS certificate pinning to prevent man-in-the-middle interception, and the app is gated behind Face ID / Touch ID the moment you close it. Your finances stay locked even if your phone is unlocked.
MoneyMap connects to thousands of US banks and credit unions through Plaid. Your bank login credentials are handled by Plaid and never stored by MoneyMap. Transaction data stays on your device.
The complete list. Everything else stays on your device or never exists in readable form.
Used for login and account recovery.
Used to personalize emails.
Tokens that link your bank connection, encrypted at rest.
Your synced data, unreadable to us without your key.
Used to deliver push notifications.
We use PostHog to understand which features are used and where the app needs work, never to look at your money.
We never track:
No. MoneyMap is built with zero-access architecture. Even the app creator cannot see, access, or analyze your financial information. Your data is encrypted end-to-end and stored primarily on your device.
Your data lives on your device using an offline-first approach. When you enable sync, payloads are encrypted on-device before leaving, and remain encrypted in transit and at rest.
Each account has a unique 256-bit key generated on-device. Records are encrypted with that key before upload. Inviting a partner is done by sharing the key via QR code. The server never sees it.
Email (login), first name (emails), Plaid identifiers (bank link), encrypted blobs (unreadable to us), and device metadata (push). Nothing else.
Anonymous product analytics via PostHog: feature usage, screen visits, counts, and flags. We never track amounts, balances, account numbers, institution names, emails, names, Plaid tokens, or encryption passwords.
MoneyMap connects through Plaid, which supports thousands of US banks and credit unions. Bank credentials are handled by Plaid and never stored by MoneyMap.
Email support@moneymap.cc. Note: since we can't see your financial data, support is limited to app-level issues.