Legal

Privacy Policy

Last updated: 1 March 2025

1. Introduction

VCAP Connect Pty Ltd (ABN 88 674 243 362), trading as moneymood ("we", "us", "our"), is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and store your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the moneymood platform, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create a moneymood account, we collect:

  • Name (first and last)
  • Email address
  • Password (stored as a bcrypt hash, never in plain text)
  • Phone number (optional)

2.2 Financial Data

To provide our services, we collect financial data that you provide or authorise us to access:

  • Bank account details (account name, type, balance, BSB, last four digits)
  • Transaction history (amounts, dates, merchant names, categories)
  • Asset information (property, superannuation, investments, vehicles)
  • Liability information (mortgages, loans, credit cards, HECS-HELP)
  • Financial goals and budget information
  • Documents uploaded to the secure vault

2.3 Consumer Data Right (CDR) Data

If you choose to connect your accounts via CDR, we receive financial data directly from your financial institutions through secure APIs. This data is received with your explicit consent and is subject to the CDR rules administered by the ACCC. CDR connections are read-only.

2.4 Usage Data

We may collect information about how you use the moneymood platform, including pages visited, features used, and general interaction patterns. This data is used to improve the platform and is not linked to your financial data for any purpose other than product improvement.

3. How We Use Your Information

We use your personal and financial information to:

  • Provide, maintain, and improve the moneymood platform
  • Generate financial insights, analysis, and projections
  • Categorise transactions and detect patterns
  • Calculate financial metrics such as net worth, savings rate, and health scores
  • Generate financial trajectory models and scenario simulations
  • Send you account-related communications (verification, password reset)
  • Send you optional financial briefs and alerts (which you can disable)
  • Respond to your enquiries and provide support

4. Purpose Limitation

Your personal and financial data is used solely for the purpose of providing you with the moneymood platform and its services, as described in Section 3 above. We do not use your financial data to target you with advertisements.

5. Data Storage and Security

Your data is stored on secure, Australian-hosted infrastructure. We implement the following security measures:

  • Encryption in transit using TLS 1.2+
  • Encryption at rest using AES-256
  • Password hashing using bcrypt with salt
  • Secure session management with JWT and refresh token rotation
  • Rate limiting to protect against brute force attacks
  • Input validation on all data endpoints
  • Ownership-based access control to prevent unauthorised data access

6. Third-Party Services

We use the following third-party services in the operation of moneymood:

  • Database hosting: Supabase (Australian region) for secure data storage
  • AI services: OpenAI for transaction categorisation and insight generation. Transaction data sent to AI services is used solely for categorisation and analysis and is not retained by the AI provider for training purposes
  • Email services: For sending account-related emails such as verification and password reset
  • CDR data providers: Accredited intermediaries for Consumer Data Right bank connections

7. Cookies

moneymood uses a minimal number of cookies for essential functionality such as maintaining your login session and remembering your theme preference. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. For more details, see our Cookie Policy.

8. Your Rights

Under Australian privacy law, you have the right to:

  • Access your personal information held by us
  • Correct any inaccurate or incomplete information
  • Delete your account and all associated data
  • Withdraw consent for CDR data sharing at any time
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact our Privacy Officer at privacy@moneymood.com.au.

9. Data Retention

We retain your personal and financial data for as long as your account is active. If you close your account, all personal data and financial information is permanently deleted from our systems. We may retain anonymised, aggregated data that cannot be linked back to you for the purpose of improving our services.

10. Children's Privacy

moneymood is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a person under 18, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a notice on the moneymood platform. Your continued use of moneymood after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact:

Privacy Officer
VCAP Connect Pty Ltd
Email: privacy@moneymood.com.au

You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.