Moneytrees Privacy Policy

Effective date: April 16, 2026
Last updated: April 16, 2026

This Privacy Policy explains how Pixel Perfect BV ("Moneytrees", "we", "us", "our") collects, uses, shares, and protects personal data when you use Moneytrees websites, applications, and related services (the "Service").

If you do not agree with this Privacy Policy, please do not use the Service.

1. Contact details

Controller: Pixel Perfect BV
Registered address: Eyckensbeekstraat 12, 9150 Beveren-Kruibeke-Zwijndrecht, Belgium
Email: [email protected]
Support: [email protected]

2. Personal data we collect

We collect personal data you provide directly, data generated through your use of the Service, and limited data from third parties.

a) Account and profile data

  • Name
  • Email address
  • Password hash/authentication credentials
  • Passkey/public key credential metadata (if you enable passkeys)
  • Connected Google account identifiers and email address (if you sign in or connect via Google)
  • Company details, billing address, VAT/tax identifiers (if provided)

b) Financial workflow data you submit

  • Invoice data (customer names, emails, addresses, line items, amounts, VAT/tax info, due dates, notes)
  • Expense data (merchant details, receipt files, categories, amounts, dates)
  • Uploaded documents and attachments
  • Contact records for clients, vendors, or collaborators
  • Team membership, invitations, and workspace collaboration data

c) Billing and subscription data

  • Subscription plan and status
  • Billing history and invoices
  • Limited payment metadata from payment processors (we typically do not store full payment card numbers)

d) Communication preferences and support data

  • Newsletter and product update preferences
  • Support requests, feedback, and related correspondence

e) Usage and device data

  • Log data (IP address, browser type, device information, timestamps)
  • Interaction and feature usage data
  • Error and performance diagnostics

f) Cookies and similar technologies

We may use cookies/local storage to keep you signed in, remember preferences, and understand product usage. See Section 10 for more details.

3. How we use personal data

We use personal data to:

  • provide, operate, and maintain the Service;
  • process invoices, expenses, and related records you manage in the app;
  • authenticate users and secure accounts;
  • process subscriptions, payments, and billing operations;
  • authenticate users through supported sign-in methods such as passwords, passkeys, and Google sign-in;
  • communicate about updates, security alerts, and support requests;
  • send optional product updates or newsletters if you opt in;
  • improve features, performance, and reliability;
  • detect and prevent abuse, fraud, and security incidents;
  • comply with legal obligations and enforce our terms.

We do not sell your personal data.

4. Legal bases (GDPR/UK GDPR)

Where applicable, we process personal data under one or more of these legal bases:

  • Contract: to provide the Service you requested.
  • Legitimate interests: to secure, improve, and operate the Service responsibly.
  • Legal obligation: to comply with laws (e.g., tax/accounting, fraud prevention, law enforcement requests).
  • Consent: where required (e.g., certain marketing cookies or communications).

You can learn more about GDPR at the European Commission website.

5. How we share personal data

We may share personal data with:

  • Service providers/processors supporting hosting, infrastructure, analytics, customer support, authentication, email delivery, and payment processing (including Mailcoach, Stripe, Cloudflare, Laravel Cloud, Google, Fathom, and There There);
  • Integrations you choose to connect;
  • Professional advisors (legal, accounting, auditors) when necessary;
  • Authorities when required by law or to protect rights, safety, and security;
  • Successors in case of merger, acquisition, financing, or sale of assets.

All processors are expected to handle personal data under appropriate confidentiality and security obligations.

6. International transfers

If personal data is transferred outside your jurisdiction (including outside the EEA/UK), we use appropriate safeguards where required, such as:

  • adequacy decisions;
  • Standard Contractual Clauses (SCCs);
  • other legally recognized transfer mechanisms.

7. Data retention

We retain personal data for as long as needed to:

  • provide the Service;
  • comply with legal, tax, accounting, and regulatory requirements;
  • resolve disputes and enforce agreements.

Retention periods vary by data type and legal context. When data is no longer needed, we delete or anonymize it where feasible.

8. Security

We implement technical and organizational safeguards designed to protect personal data, including access controls, encryption in transit, monitoring, and backup practices.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights

Depending on your location, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete data;
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent where processing relies on consent;
  • lodge a complaint with a supervisory authority.

To exercise rights, contact us at [email protected]. We may need to verify your identity.

For EEA users, you can find your authority via the European Data Protection Board.

10. Cookies and tracking

We use essential cookies necessary for core functionality (such as login/session management). We may also use analytics or performance cookies where legally permitted.

Our public website may use privacy-focused analytics tools such as Fathom. Authenticated areas of the Service may also load support tooling such as There There to let users contact us from inside the app.

Where consent is required, we will request it and allow preference management.

You can usually control cookies in your browser settings.

11. Children’s privacy

The Service is not intended for individuals under 18 years old (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children.

If you believe a child has provided personal data, contact us so we can take appropriate action.

12. Third-party links and services

The Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies, not this Privacy Policy.

13. Role of Moneytrees (controller vs processor)

For account, billing, security, support, newsletter, and product analytics data, Moneytrees generally acts as a data controller.

For personal data you upload and manage in invoices/expenses/customer records, Moneytrees may act as a processor on your behalf, depending on applicable law and your use of the Service.

If needed, we can provide a Data Processing Addendum (DPA): Contact us at [email protected].

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice (for example, via email or in-app message).

The "Last updated" date indicates the latest revision.

15. Contact us

If you have questions about this Privacy Policy or personal data handling, contact: