Back to Home

Privacy Policy

Last updated: 30 September 2025

1. Who We Are

MonthlyWorth is provided by Petr Suchy, a sole proprietor registered in Czechia.

  • Registered address: Nadrazni 15, Rapotice, 67573, Czechia
  • IČO: 08669091
  • DIČ: CZ9107054022
  • Contact: support@monthlyworth.com

If you have questions about privacy or want to exercise your rights, contact us at the email above. You may also lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Praha 7, Czechia.

2. What We Collect

We collect only what is necessary to run MonthlyWorth.

Account Information

Email address and authentication data handled by our auth provider Clerk.

Financial Data You Enter

Custom category names, monthly snapshot values for assets and liabilities, optional notes, and any CSV files you choose to import. We do not connect to bank or brokerage accounts.

Preferences and Settings

Currency and locale, reminder settings, onboarding status.

Subscription and Payment

Subscription status, payment currency, subscription and customer identifiers. Payments are handled by our Merchant of Record, Creem.io. We do not store full card numbers.

Communications

Support messages and limited email delivery logs to ensure messages are delivered.

Usage and Performance

Basic usage analytics and performance metrics through Vercel Analytics and Vercel Speed Insights.

3. Why We Collect It and Our Legal Bases

  • Provide the app and core features like storing snapshots, charts, and exports.
    Legal basis: performance of a contract.
  • Authentication and account security via Clerk.
    Legal basis: performance of a contract and our legitimate interests in security.
  • Subscriptions and billing through Creem as Merchant of Record.
    Legal basis: performance of a contract and legal obligation for tax and accounting.
  • Service emails such as monthly check-in reminders and important account notices.
    Legal basis: our legitimate interests in operating the service. You can control reminders in settings.
  • Product update emails if enabled in the future.
    Legal basis: your consent. You may withdraw consent at any time.
  • Security and fraud prevention such as rate limiting and log review.
    Legal basis: our legitimate interests.

If we ever rely on your consent, you can withdraw it in settings or by contacting us.

4. Where Your Data Goes

We use trusted providers to run MonthlyWorth. We disclose what each receives and why:

  • Convex Cloud - database and serverless functions. Receives app data you enter so we can store snapshots and preferences. (Privacy)
  • Clerk - authentication and session management. Receives account identifiers and auth metadata. (Privacy)
  • Vercel - hosting, performance telemetry, and cookie-free analytics. Receives technical and usage metrics. (Privacy, Analytics privacy, Speed Insights)
  • Resend - transactional email delivery. Receives email content and delivery metadata when we send messages like reminders and support replies. (Privacy)
  • Creem.io (Merchant of Record) - checkout, subscription management, invoicing, and legally required retention of payment records. Creem acts as an independent controller for payment and tax data and shares only the minimum necessary subscription status back to us. (Privacy)

We do not sell personal data.

5. International Transfers

Some providers process data outside the EEA. When that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, participation in recognized data transfer frameworks. Providers in scope include Vercel, Clerk, Resend, Convex, and Creem.

6. Retention

We keep data only as long as needed:

  • Account data - while your account remains active, then delete within 30 days of account deletion.
  • Financial history - that you delete is removed from our database promptly and is not used for any purpose afterward.
  • Email delivery logs - for up to 12 months for reliability and abuse prevention.
  • Security logs - for up to 90 days for troubleshooting and security.
  • Support messages - for up to 24 months so we can track issues and improve service.
  • Payment and invoicing records - retained by Creem for statutory tax and accounting periods.

7. Your Rights

You have the rights of access, rectification, erasure, restriction, portability, and objection. You may also withdraw consent at any time where processing is based on consent. We aim to respond within 48 hours and will respond no later than one month as required by law. Use in-app settings or email support@monthlyworth.com.

You also have the right to complain to the Czech DPA. See section 1 for contact details.

8. Sources of Data We Do Not Obtain Directly from You

  • Payment events from Creem for subscription status and receipts.
  • Email delivery status from Resend for successful delivery and troubleshooting.

These are needed to operate billing and email reliability.

9. Cookies and Analytics

Authentication cookies set by Clerk are strictly necessary to keep you signed in. We do not use them for advertising. Vercel Web Analytics and Speed Insights provide anonymized usage and performance metrics without third-party advertising cookies. We do not use behavioral tracking. If we add any non-essential or marketing cookies in the future, we will request your consent first.

10. Security

We use encryption in transit and at rest, user-scoped data access, secure token handling, rate limiting, and server-side secret management. No bank connections and no external financial data pulls.

11. Whether Providing Data is Required

  • Email and authentication are required to create an account.
  • Payment details are required to purchase a subscription.
  • Financial data entry is voluntary, but you need to enter snapshot values to use the core features.

12. Children

MonthlyWorth is not intended for individuals under 18, and we do not knowingly collect data from children. If you believe a child has provided personal data, contact us so we can delete it.

13. Automated Decision Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects for you.

14. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will update the "Last updated" date, display a notice in the app, and email you if the changes are material. Continuing to use MonthlyWorth after an update means you accept the updated policy.

15. Google User Data

We support “Sign in with Google.” When you choose this option, MonthlyWorth accesses limited Google user data for authentication only. We comply with the Google API Services User Data Policy (including the Limited Use requirements) and the Google APIs Terms of Service.

Data Accessed

  • Your Google account email address (via Clerk)
  • Your name and (optionally) profile image (via Clerk)

We do not access Gmail, Drive, Calendar, Contacts, or any other Google data. We also do not store your Google account identifier ("sub").

Data Usage

  • Authenticate you, create your account, and keep you signed in.
  • Display your name and avatar in the app (if provided).
  • Send essential service emails to your Google-linked email address (e.g., reminders, receipts).

We do not use Google user data for advertising or profiling.

Data Sharing

We do not sell Google user data. We share only what is necessary to operate the Service:

  • Clerk (authentication provider) to manage sign-in sessions.
  • Convex (backend) to store your app data linked to your Clerk user ID (we do not store your Google account ID or email).
  • Resend (email) to deliver transactional emails to your address.
  • Creem (Merchant of Record) to send receipts and manage subscriptions, which may include your email address for billing communications.
  • Vercel (hosting) for secure delivery of the app.

Data Storage & Protection

  • We store your Clerk user ID to associate your account and data. We do not store your Google account ID or email in our database.
  • We retrieve your email from Clerk when needed (e.g., reminders, checkout) and pass it to processors (Resend, Creem) to perform the requested action.
  • We do not store Google OAuth refresh tokens on our servers. Authentication is handled by Clerk, which secures any tokens it manages.
  • Data is encrypted in transit and at rest and protected by access controls and logging.

Data Retention & Deletion

  • We retain your Google-derived account details while your account is active.
  • You can delete your data at any time in Settings → Danger Zone by using Delete Account or Delete History, or by emailing support@monthlyworth.com.
  • Upon account deletion, we delete or anonymize account data within 30 days, with backups aging out within 90 days. Billing records may be retained by Creem as required by law.
Back to Home