Privacy Policy

1. Information We Collect

Information You Provide

• Account information (name, email address, phone number)
• Financial account credentials (securely exchanged via Plaid)
• Profile information and preferences
• Communications with our support team
• Feedback and survey responses

Information Collected Automatically

• Device information (type, operating system, unique identifiers)
• Device fingerprints for push notification management and security
• Browser characteristics (type, version, capabilities)
• Usage data (features used, time spent, interactions)
• IP address and approximate location
• Session data and user activity patterns
• App performance and crash data via Sentry (includes browser info, performance metrics)
• Analytics data via Google Analytics (anonymized)
• User agent strings and referrer information
• Two-factor authentication data (TOTP secrets and backup codes when enabled)

Financial Information via Plaid

We use Plaid to connect your financial accounts. We receive:

• Account balances and details
• Transaction history
• Masked account numbers (last 4 digits only)
• Financial institution information
• Account names and types

Investment Account Information

When you connect investment accounts (such as brokerage accounts, retirement accounts, or robo-advisor accounts) via Plaid, we may receive:

• Investment holdings (stocks, bonds, ETFs, mutual funds, cryptocurrencies, etc.)
• Portfolio values and current market prices
• Asset allocation and sector distribution
• Historical investment performance data
• Cost basis and unrealized gains/losses (when provided by your institution)
• Dividend, interest, and distribution information
• Investment account types (taxable, IRA, 401(k), etc.)

2. Consulting Services Inquiries and Communications

Information Collection for Consulting Services

In addition to our Luna Money application, we offer separate consulting services for behavioral finance, financial habit formation, and business financial optimization. When you inquire about or engage with our consulting services, we may collect:

• Contact information (name, email address, phone number)
• Business or personal financial information you voluntarily provide during consultations
• Communication records (emails, meeting notes, consultation summaries)
• Information about your financial goals, challenges, and circumstances
• Payment and billing information for consulting services

How We Use Consulting Information

Information collected for consulting services is used solely to:

• Respond to your consultation inquiries
• Provide personalized consulting services
• Maintain records of our consulting engagement
• Process payments for consulting services
• Comply with legal and professional record-keeping requirements

Consulting Data Retention

• Consultation inquiries: Retained for 2 years or until you request deletion
• Active consulting engagements: Retained for the duration of engagement plus 7 years per IRS and professional standards
• Financial consultation records: 7 years minimum for compliance purposes
• Email communications: Retained according to professional record-keeping standards

Consulting Services Confidentiality

All information shared during consulting engagements is kept strictly confidential and is never shared with third parties except:

• As required by law or legal process
• With your explicit written consent
• To comply with professional obligations or regulatory requirements

3. How We Use Your Information

We use your information to:

• Provide and maintain our Service
• Process transactions and manage your subscription
• Analyze your financial data to provide insights and informational recommendations
• Display your investment holdings and portfolio performance
• Calculate algorithmic metrics (Safe to Spend, Luna Score, risk scores, asset allocation)
• Send you notifications about your account and finances
• Respond to your comments, questions, and support requests
• Send promotional communications (with your consent)
• Monitor and analyze usage patterns to improve our Service
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information with:

Service Providers

• Plaid: Financial data aggregation (banking and investment accounts)
• Firebase/Google Cloud: Authentication, database, and cloud services
• Stripe: Payment processing
• Vercel: Application hosting
• OpenAI: AI-powered financial coaching
• Twilio: SMS notifications
• Sentry: Error monitoring (collects browser info, performance metrics)
• Google Analytics: Usage analytics (fully anonymized, no personal data)
• Google Cloud Secret Manager: Secure storage of encrypted access tokens
• Redis/Upstash: Session caching and performance optimization

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred with advance notice.

5. Data Access & Analytics

Your Financial Data: Luna Money stores your transaction history, account balances, and financial preferences to provide our service. This data is associated with your account and accessible to Luna Money for service delivery, customer support, and improving our features.

• We access your financial data to provide personalized insights and recommendations
• Your data helps us improve categorization accuracy and features
• Customer support may review account data to help resolve issues
• We do NOT sell your personal or financial data to third parties

Analytics: We use Google Analytics and Sentry for app performance monitoring. While we strive to minimize personal data in analytics, some technical information may be collected to improve our service.

6. Data Security

We implement enterprise-grade security measures including:

• 256-bit AES encryption at rest and TLS 1.3 in transit
• Multi-factor authentication options
• Regular security audits and monitoring
• Secure infrastructure with Firebase and Vercel
• Rate limiting and fraud detection
• Regular automated backups
• Read-only access to financial and investment accounts (no ability to execute trades or transfers)

7. Data Retention

• Active accounts: Data retained while account is active
• Financial records: 7 years per IRS requirements
• Investment data: Retained while account is active; deleted within 90 days of disconnection
• Deleted accounts: Personal data removed within 90 days
• Plaid tokens: Automatically deleted after 90 days of inactivity
• Session data: Automatically cleared after inactivity
• Backups: Retained for 90 days
• Security logs: 2 years
• Analytics data: Aggregated and anonymized, retained indefinitely

8. Your Rights and Choices

Access and Portability

You can request access to your data or export it by emailing privacy@lunamoney.io. We'll process your request within 30 days.

Correction

You can update your personal information through your account settings.

Deletion

You can delete your account instantly through Settings → Delete Account in the Luna Money app. This will immediately and permanently delete all your data across all our systems, including transactions, connected accounts, budget settings, and your login. Alternatively, you can request deletion by emailing privacy@lunamoney.io.

Disconnect Financial Accounts

You can disconnect bank accounts or investment accounts at any time through your account settings. Once disconnected, we will stop accessing new data from those accounts, and existing data will be deleted according to our retention policy.

Marketing Communications

You can opt-out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences in the app.

Data Breach Notification

In the event of a data breach that may compromise your personal information, we will notify affected users within 72 hours via email and in-app notification.

9. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (we do not sell personal information).

10. GDPR Compliance

While our Service is currently US-only, we respect international privacy standards. If you are accessing our Service from the European Union, you have additional rights under GDPR including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, please contact us at privacy@lunamoney.io.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

12. International Users

Our Service is currently available only to users in the United States and Puerto Rico. All data is processed and stored in the United States.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date."

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

© 2025 Luna Money. OS Financial LLC. All rights reserved.