← Back to MyMascada

Privacy Policy

Last updated: February 2026

Overview

MyMascada.com is a hosted instance of MyMascada, an open-source personal finance application. This privacy policy explains what data is collected, how it is used, and what third-party services are involved when you use MyMascada.com.

Data We Store

When you create an account and use MyMascada, the following data is stored in our database:

  • User account information (name, email, hashed password)
  • Financial transactions and account balances
  • Categories, budgets, and categorization rules
  • Application settings and preferences

Your data is stored on secured infrastructure and is not sold, shared with, or disclosed to any third party, except as described below for the optional services you choose to enable.

Telemetry

MyMascada does not include any telemetry, analytics, or usage tracking. No data is sent to any analytics service. There are no cookies for advertising or tracking purposes.

Third-Party Services

The following external services may be used depending on the features you enable. Data is only shared with these providers when you actively use the corresponding feature.

Akahu (Bank Syncing — New Zealand)

  • What is shared: Bank account information and transaction data are synced through Akahu's API.
  • When: Only when you connect a bank account via Akahu.
  • Their policy: Akahu Privacy Policy

Google OAuth (Sign-In)

  • What is shared: Standard OAuth flow — Google provides your email address and profile name for authentication.
  • When: Only if you choose "Sign in with Google".
  • Their policy: Google Privacy Policy

OpenAI API (AI Features)

  • What is shared: Transaction descriptions, amounts, and category names are sent to OpenAI for categorization suggestions, chat responses, CSV import analysis, and rule suggestions.
  • When: Only when you actively use AI-powered features (categorization, chat assistant, smart CSV import).
  • Their policy: OpenAI Privacy Policy

⚠️ Important: AI Data Sharing Disclosure

The hosted version of MyMascada (mymascada.com) participates in OpenAI's data sharing program. This means that data sent to OpenAI through our AI features may be used by OpenAI to improve their models. This includes transaction descriptions and category information processed through AI categorization, chat, and import features.

What this means for you:

  • Transaction descriptions you submit for AI categorization may be used to train OpenAI models
  • Chat conversations with the AI assistant may be used to train OpenAI models
  • This only applies when you actively use AI features — your data is never sent to OpenAI otherwise
  • We do not share your account information, email, passwords, or account balances with OpenAI

How to avoid this:

  • Simply don't use AI features — manual categorization and all other features work without any data leaving our servers
  • Self-host MyMascada with your own OpenAI API key (data sharing is off by default for individual API accounts)
  • Self-host and use a different AI provider (the app supports configurable AI backends)

Stripe (Payment Processing)

  • What is shared: Email address and payment information are processed by Stripe for subscription management.
  • When: Only if you subscribe to a paid plan or make a payment.
  • Note: We do not store your full credit card details. All payment data is handled securely by Stripe.
  • Their policy: Stripe Privacy Policy

Email Provider (Transactional Emails)

  • What is shared: Your email address and notification content are sent through our email provider.
  • When: For email verification, password resets, and notifications.

Data Retention

Your data is retained for as long as your account is active. If you delete your account, your data will be permanently removed from our systems. Backups containing your data may persist for up to 30 days after deletion before being fully purged.

Your Rights

  • Access: All your data is visible to you within the application at all times.
  • Export: You can export your transaction data from within the application.
  • Rectification: You can edit and correct your data directly in the application.
  • Deletion: You can delete your account and all associated data from your account settings.
  • Portability: You can export your data in standard formats for use with other services.

GDPR & European Users

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). In addition to the rights listed above, you may:

  • Object to certain types of data processing.
  • Restrict the processing of your personal data in specific circumstances.
  • Lodge a complaint with your local data protection authority.

The legal basis for processing your data is your consent (provided at registration) and the legitimate interest of providing the service you signed up for. To exercise any of these rights, contact us at support@mymascada.com.

Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. However, no system is 100% secure, and we cannot guarantee absolute security.

Changes to This Policy

This privacy policy may be updated from time to time. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions about your data? Reach out at support@mymascada.com or via the GitHub Discussions page. Also see our Terms of Service.