No Guilt Money ("Mayday," "we," "us," or "our") is a personal finance management application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services at noguilt.money.
1. Information We Collect
Account Information
Name and email address
Password (stored as a bcrypt hash — we never store plaintext passwords)
Two-factor authentication (TOTP) secret
Login timestamps and IP addresses
Financial Data
Bank account information via Plaid — we store account names, institution names, and balance amounts. We do not store full account numbers or routing numbers.
Bill records you add manually or that are detected from linked email accounts
Payment history and transaction records within Mayday
Email Data
If you link a Gmail account, we use read-only access to scan for bill-related emails. We extract biller name, amount, and due date. We do not store the full content of your emails — only structured bill data derived from them.
Email access tokens are encrypted and stored securely. You can revoke access at any time.
Usage Data
Actions you take within the app (audit log) for security and debugging purposes
IP addresses associated with login and key actions
2. How We Use Your Information
To provide and operate the No Guilt Money service
To detect and display upcoming bills from linked email accounts
To sync bank balances via Plaid
To send security alerts (password resets, suspicious login attempts) via configured notification channels
To generate AI-powered financial insights based on your data
To maintain an audit trail for security and compliance purposes
We do not sell your data. We do not use your data for advertising. We do not share your financial data with third parties except as described in Section 4.
3. Data Retention
Account data: Retained while your account is active. Upon deletion, personal identifiers are anonymized within 30 days.
Bank balance snapshots: Retained for 12 months, then automatically purged.
Audit logs: Retained for 12 months for security purposes.
Bill records: Retained indefinitely unless you delete them or close your account.
Email scan data: Derived bill data is retained; original email content is never stored.
4. Third-Party Services
Plaid: Used to connect bank accounts and retrieve balance information. Plaid's privacy policy applies to data they process: plaid.com/legal/privacy-policy
Google Gmail API: Used with your explicit permission to scan emails for bills. Governed by Google's privacy policy.
AWS: Our infrastructure (Lambda, RDS, S3, CloudFront) is hosted on Amazon Web Services in the us-east-1 region.
Anthropic Claude: Anonymized financial snapshots (no PII) may be sent to Claude to generate financial advice. Data is not retained by Anthropic beyond the request.
5. Data Security
All data is encrypted in transit (TLS 1.2+)
Database connections require SSL
Passwords are hashed with bcrypt (cost factor 12)
API endpoints are protected with JWT authentication
Two-factor authentication (TOTP) is available and encouraged
Rate limiting is applied to authentication endpoints
Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options) are enforced
6. Your Rights
You have the right to:
Access: View all data associated with your account in the Settings → Account section
Correction: Update your account information at any time in Settings
Deletion: Delete your account and associated data via Settings → Account → Delete Account. Account data will be anonymized within 30 days.
Portability: Export your bill and payment data from the app
Revoke access: Disconnect linked email accounts or bank accounts at any time
7. Cookies and Local Storage
Mayday uses browser localStorage to store your authentication token. We do not use tracking cookies. No advertising cookies are used.
8. Children's Privacy
Mayday is not intended for users under 18 years of age. We do not knowingly collect information from children.
9. Changes to This Policy
We will notify you of material changes to this policy via in-app notification or email. Continued use of the service after notification constitutes acceptance of the updated policy.
10. Contact
For privacy questions, data requests, or to exercise your rights, contact us at: