Security & Privacy

Your money data, guarded

MoneyTree only works if you trust it. So we built it to earn that — with real protections, a promise never to sell your data, and plain English about how it all works.

Passwords are one-way Hashed with PBKDF2 and a unique salt. Not even we can read yours back.
Encrypted in transit Every request travels over TLS and is verified server-side before it touches your data.
Never sold, never ads Your financial data powers your tracking and nothing else. You aren't the product.

Your password

We never store the password you type

When you sign up, your password is transformed into a one-way hash. That hash is what we keep — the original can't be worked backward from it.

Your password what you type + unique salt random, per account PBKDF2 100,000 rounds One-way hash all we store The math only runs left to right — there's no way back to your password.

When you log in, we run the same steps on what you typed and compare the result — in constant time, so the comparison itself leaks nothing.

Your data in motion

Locked from your device to the database

Nothing you enter travels in the clear, and nothing reaches your records without proving it's really you.

Your device app in your browser Signed-in check JWT on every request Your data Cloudflare D1 TLS encrypted authorized only

Requests are encrypted in transit, then re-checked on the server. The app never trusts the browser alone to decide what you can see.

Guarding your account

Built to shrug off attacks

Strong hashing is only half the job. These protections make an account hard to break into in the first place.

Brute-force throttling

Repeated wrong sign-ins are rate-limited per account and per network, so guessing attacks stall fast instead of running free.

Constant-time checks

Passwords and security tokens are compared in constant time, closing the timing side-channels attackers use to guess secrets.

Sessions you control

Trusted-device sign-in expires after 90 idle days, and a suspended or compromised session can be cut off server-side at once.

Verified on the server

Every request re-checks who you are and what's yours on the server. The client can't grant itself access to another account's data.

Backed up, recoverable

Your data lives on Cloudflare's managed database with regular backups, so an accident or outage doesn't mean it's gone.

Verified email sign-ups

New accounts confirm their email with a time-limited, hashed code — keeping accounts tied to real, reachable owners.

Our promise

What we will never do

You're in control

Your data, your call

Delete anytime

Remove any transaction, or delete your entire account from Settings — which wipes your profile and records from the active database.

Export your data

Pull a full copy of your account's data whenever you want. Your records aren't locked inside the app.

Notifications off anytime

Turn reminders off in one tap, which also removes the stored push subscription. You choose what reaches you.

Straight with you

Honest about the limits

No app can promise perfect security, and we won't pretend otherwise. What we can promise is to use strong, well-understood protections, to collect as little as possible, and to be clear about how your information is handled.

For the full details, read our Privacy Policy and Terms of Service.

Track your money with confidence

Strong protection, zero data-selling, and a calm app that coaches instead of nags. Start in seconds.

Install now

On iPhone, add MoneyTree to your Home Screen from the Share menu. Native App Store & Google Play apps are coming soon.