Privacy Policy
Privacy Policy
Last updated: 2026-04-29
mo:no budget is a self-hosted personal-finance application. It is operated by the individual who runs the server (the "operator"), not by a SaaS company. This policy describes what data the application processes when running on the operator's infrastructure.
Who runs this
mo:no budget is a personal project. The reference deployment is operated by Kevin Mo. If you are reading this because someone other than you set up an instance and asked you to use it, the operator of that instance is responsible for compliance with applicable laws.
Contact: [email protected].
Data the application processes
Bank account data
When you link a financial institution, the application uses Plaid Inc. ("Plaid") as the bank-aggregation service. Plaid collects your banking credentials at the moment of linking. Plaid then provides the operator's server with:
- An
access_tokenfor the institution (stored encrypted on the server using AES-256-GCM) - Account metadata (institution name, account type, last 4 of account number, account name)
- Account balances
- Transaction history (when the Transactions product is enabled)
- Investment holdings and transactions, if Investments products are enabled
All of the above is stored only on the operator's own server. None of this data is sent to any third-party analytics, advertising, or marketing service.
Authentication data
The application uses a long-lived JWT token stored in the iOS Keychain on your device. The server stores no password for you. There is no email address collected.
Device data
The iOS app does not collect IP addresses, device identifiers, telemetry, crash reports, or analytics. Standard HTTP request logs may be retained on the operator's server for debugging purposes (typically a few days).
How data is used
Data is used solely to provide the application's features:
- Account balances populate your net worth chart
- Transactions populate your transaction list and category assignments
- The encrypted access token enables future balance and transaction syncs with Plaid
No data is shared with anyone, sold to advertisers, used to train machine-learning models, or processed for any purpose unrelated to the application's stated function.
Plaid's role
Plaid is the only third-party service in the data path. Plaid receives your banking credentials at link time and continues to access your accounts on the operator's server's behalf to refresh balances and transactions.
Plaid's privacy policy is at plaid.com/legal. End users may also review Plaid's End User Privacy Policy at plaid.com/legal/#end-user-privacy-policy.
To revoke Plaid's access to your accounts, disconnect the institution inside the application (Settings → Account → Disconnect this bank), or contact Plaid directly via their my.plaid.com portal.
On-device AI
Where the application uses machine learning to suggest categories for transactions, inference runs entirely on your iPhone using Apple's Foundation Models framework. Your transaction descriptions are not sent to OpenAI, Anthropic, Google, or any other third-party model provider.
Data retention
The operator's server retains your data for as long as you use the application. You may permanently delete an institution's data at any time by disconnecting it inside the app — this calls Plaid's /item/remove endpoint and cascade-deletes the institution's accounts and snapshot history from the server's database.
If you stop using the application, contact the operator to have your remaining records deleted.
Your rights
Depending on your jurisdiction, you may have rights to access, correct, or delete personal data held about you. To exercise any such right, contact [email protected].
Changes
Material changes to this policy will be reflected on this page with an updated "Last updated" date.