Leaky Wallet

Privacy Policy

Last updated: February 2026

Our Commitment to Privacy

At Where Is My Money Going?, your privacy is our top priority. We built this tool with a privacy-first architecture, meaning we never store, log, or share your financial data.

Voluntary Upload

All uploads are entirely voluntary. You choose what data to submit for analysis. You may also use our “Try with sample data” feature without uploading any personal information.

How We Process Your Data

  • In-Memory Processing Only: Your bank statement is processed entirely in server memory during your session. No data is written to disk, databases, or cloud storage.
  • Immediate Disposal: Once your analysis is complete and delivered to your browser, all transaction data is immediately discarded from memory. Buffers are cleared.
  • No Account Required: We don't require login or registration, so there's no user account storing your information.
  • No Tracking of Financial Data: We do not log, store, or transmit your actual transaction details. Server logs contain only request metadata (timestamps, status codes), never statement text or transaction content.

What We Analyze

We only process three fields from your transactions: date, description (merchant name), and amount. We do not read or process names, account numbers, BSB/IBAN numbers, addresses, or credentials.

PII Redaction Before AI Analysis

Before any data is sent to our AI provider for enhanced analysis, we apply automated redaction to strip likely personally identifiable information (PII) including: names, addresses, account numbers, BSB/IBAN numbers, reference IDs, email addresses, and phone numbers. Only anonymized, aggregated spending categories are shared with the AI — never raw merchant names or exact amounts.

What We Do Collect

We may collect minimal, non-financial analytics data to improve our service:

  • Basic usage metrics (page views, feature usage counts)
  • Error logs (without transaction data or statement text)
  • Browser type and general location (country level)

Analytics event payloads contain only booleans and counts (e.g., number of transactions analyzed), never raw text from your statement. This data cannot be used to identify you or reconstruct your financial information.

Third-Party Services

We use the following third-party services:

  • Vercel — Frontend hosting. Vercel does not receive your financial data.
  • Render — Backend hosting. Processing is in-memory only; Render does not persist your data.
  • Anthropic (Claude API) — Optional AI-enhanced analysis. Only receives anonymized, redacted, aggregated category summaries. Per Anthropic's API terms, data sent through the API is not used for model training.
  • Google Analytics — Privacy-safe usage analytics only. No financial data is sent.

Data Not Sold or Shared

We do not sell, rent, or share your data with any third party for marketing or commercial purposes. Your financial data exists only in temporary server memory during analysis and is never persisted.

Your Rights

Since we don't store your personal financial data, there's nothing to delete or export. If you have questions about our privacy practices, contact us at support@whereismymoneygo.com.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

← Back to Analyzer