Privacy Policy

Coral Dash ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy describes our practices regarding the collection, use, and disclosure of your information.

Important: Coral Dash is an independent project and is not affiliated with, endorsed by, or connected to Monzo Bank Ltd. We do not have direct access to your Monzo account or banking credentials.

By using Coral Dash, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our service.

2.1 Account Information

When you create an account, we collect:

• Email address (via Google OAuth)
• Name and profile information (as provided by Google)
• Account preferences and settings you configure

2.2 Google Sheets Data

When you connect your Google Sheets account, we access your spreadsheet data in read-only mode to:

• Retrieve your transaction data from the connected spreadsheet
• Process and display your financial information in the dashboard
• Generate insights, summaries, and reports

We only access the specific spreadsheet you authorise. We do not access, read, or store any other files in your Google Drive or Google account.

2.3 Usage Data

We may automatically collect information about how you use the service:

• Pages and features you access
• Time spent on the service
• Device information (browser type, operating system)
• IP address

2.4 Payment Information

Payment processing is handled entirely by Stripe, a PCI-compliant payment processor. We do not store your complete credit card number, CVV, or other sensitive payment details on our servers. We may receive and store:

• Last four digits of your card (for display purposes)
• Card type and expiry date
• Billing address
• Stripe customer ID

We use the information we collect to:

• Provide, operate, and maintain the Coral Dash service
• Process your subscription and manage your account
• Display your financial data and generate insights
• Send you service-related communications (account updates, billing notices)
• Respond to your enquiries and provide customer support
• Improve and optimise the service
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

Coral Dash uses the following third-party services to operate. By using our service, you acknowledge that your data may be processed by these providers in accordance with their respective privacy policies:

We follow the security best practices and guidelines established by these providers. However, we cannot guarantee the security practices of third-party services beyond what they publicly disclose.

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS (TLS encryption)
• Database access is protected by row-level security policies
• Authentication is handled via secure OAuth protocols
• Access to production systems is restricted and logged

Your data is primarily stored on Supabase's cloud infrastructure, which may be located in data centres in the United States or other regions. Vercel's edge network operates globally.

We retain your personal data for as long as your account is active or as needed to provide you with the service.

• Active accounts: Data is retained while your subscription is active.
• Account deletion: Upon your request to delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.
• Legal retention: We may retain certain data as required by law (e.g., transaction records for tax purposes) or to protect our legal rights.

If you are located in the UK or European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request that we correct any inaccurate or incomplete data.
• Right to erasure: You can request that we delete your personal data (subject to legal retention requirements).
• Right to data portability: You can request a copy of your data in a structured, machine-readable format.
• Right to object: You can object to certain types of processing.
• Right to withdraw consent: Where we process data based on your consent, you can withdraw that consent at any time.

To exercise any of these rights, please contact us through our contact page or delete your account through your account settings.

Coral Dash uses cookies for the following purposes:

• Essential cookies: Required for authentication and maintaining your session. These cannot be disabled.
• Preference cookies: Remember your settings and preferences (e.g., theme selection).

We do not use third-party tracking cookies or advertising cookies. We do not share cookie data with third parties for advertising purposes.

Coral Dash is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

Your data may be processed and stored in countries outside the United Kingdom and European Economic Area, including the United States, where our third-party service providers (Supabase, Vercel, Stripe, Google) maintain their infrastructure.

These providers are selected for their compliance with applicable data protection standards and, where applicable, participate in data protection frameworks recognised by UK and EU authorities.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email for significant changes

Your continued use of the service after any changes indicates your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us through our contact page.