Legal

Privacy Policy

Last updated 14 July 2026

The short version. Nomoo stores the money data you put into it, so it can show it back to you. We do not sell it, we run no advertising, and we have no analytics or tracking SDKs in the app at all. Two things do leave our servers, and they are the two you should read carefully: what you send to Nemo, the AI assistant (including any statement or receipt you upload), and push notifications. Both are explained below.

This policy explains what Nomoo ("we", "us") collects, why, who else touches it, and how you get rid of it. It applies to the Nomoo mobile app, the Nomoo web app, and this site.

1. What we collect

Everything below is data you give us by using the app. We collect nothing in the background, and we buy nothing from anyone else.

DataWhy we hold it
Account identity — your email address, your name, and your password (stored only as a bcrypt hash; we never see it). To create your account and sign you in.
Guest identity — if you sign up as a guest, just a username and a one-time recovery code (also stored only as a hash). No email, no password. To let you use Nomoo without handing over an email, and to restore your account if you reinstall.
Financial data — the wallets you create, their balances and currencies, every transaction (amount, date, category, and any note you write), your budgets, and your recurring entries. This is the app. It is stored so we can show it back to you.
Nemo conversations — the messages you send the AI assistant and its replies. We keep a rolling memory of your last 10 exchanges so it remembers the conversation. So the assistant has context. You can wipe this at any time — see §5.
Files you upload — bank statements, e-wallet exports, spreadsheets and receipt photos you send to Nemo or to the statement importer. To read the transactions out of them. We do not keep the file after it is processed; only the transactions you choose to save are stored.
Device token — an anonymous identifier issued by Firebase to your installation, if you allow notifications. So we can deliver a push to your phone. It identifies the app installation, not you.
Household membership — which shared workspaces you belong to and your role in them. To show shared wallets to the people you shared them with.

What we deliberately do not collect

2. Who else processes your data

We use a small number of processors. They are listed exhaustively — there are no others.

OpenRouter — the AI assistant and statement import

This is the most important disclosure in this policy. When you use Nemo or the statement importer, your data is sent to a third-party AI provider.

Nemo is powered by a large language model that we access through OpenRouter, which routes the request to the model provider. Concretely:

We do not use your data to train any model, and we do not permit our providers to. Your conversations are stored on our servers (last 10 exchanges) and are deleted when you clear the conversation or delete your account. If you would rather no money data ever left our servers, do not use Nemo or the importer — every other feature of Nomoo works without them.

Google Firebase Cloud Messaging — push notifications

If you allow notifications, Google delivers them to your device. Google receives the device token and the contents of the notification (for example "You have used 80% of your Groceries budget"). If you deny or turn off notifications, no token is created and nothing is sent.

Hosting

Our servers and database are run by our hosting provider. They hold the data at rest on our behalf and do not use it for anything.

Exchange rates

We fetch currency exchange rates from a public rates feed on a schedule. That request contains no user data — it asks for rates, not about you.

3. Sharing with other people

Nomoo has shared households. If you join one, the other members see the wallets, transactions, budgets and recurring entries in that shared workspace, and they see your username. That is the point of the feature, but it bears saying plainly: anything you record in a shared household is visible to everyone in it. Your personal workspace stays yours and is never visible to them.

Other than that, we share your data with nobody. We do not sell it, rent it, or hand it to data brokers. We would disclose data if a valid legal order compelled us to, and not otherwise.

4. Where it is stored and how it is protected

No system is perfectly secure, and we will not pretend otherwise. But we hold as little as we can, and the sensitive things are hashed.

5. Deleting your data

You are in control of this, and you do not need to ask us.

When you delete your account, we immediately and irreversibly erase the information that identifies you — your name, your email address and your username are removed from our database, and your password is destroyed. Your wallets, transactions, budgets, recurring entries, categories, Nemo conversation, notifications and device registrations are removed with them. There is no undo, and we cannot restore the account afterwards.

What remains is a de-identified record that is no longer linked to a person; it is retained briefly to protect against accidental loss and abuse, and residual copies in encrypted backups are overwritten within 30 days. Shared households you belong to are handled as described on the deletion page — data other members contributed is theirs, and stays with them.

6. How long we keep things

Your data lives as long as your account does. We do not expire it, and we do not archive it elsewhere. Delete the account and it goes, as described above.

7. Children

Nomoo is not directed at children under 13, and we do not knowingly collect their data. If you believe a child has created an account, contact us and we will remove it.

8. Your rights

You can access your data (it is all in the app), correct it, export it (CSV export, on the Pro plan), and delete it — all yourself, without asking. If you would rather we did something for you, or you want to know exactly what we hold, email us and we will answer.

9. Changes to this policy

If we change what we collect or who processes it, we will update this page and change the date at the top. Material changes will be announced in the app.

10. Contact

Privacy questions, deletion requests, anything else: privacy@nomooai.com.