AI privacy — what's sent to the provider

Each time you send a message in Insights, MoneyVue forwards a summary of your financial data to your configured AI provider so it has context to answer with. Here's exactly what gets sent and what doesn't.

What's sent on every chat message

For each message, the request to the provider includes:

• Your message — the question you typed.
• Conversation history — earlier messages in the current session (not stored after you leave the page).
• A financial context summary built from your data:
  • Account names and current balances (e.g., Chase Checking: $1,234.56).
  • Last-30-days spending totals and by-category breakdown.
  • Current-month spending by category and by merchant.
  • The top ~20 merchants for the current month with dollars and category.
  • The 15 most recent expense transactions (date, merchant, amount, category).
  • Current-month income total.
  • Active-subscription monthly run-rate total.

What's NOT sent

• Account numbers — never.
• Bank credentials — never (we don't have them; SimpleFIN does).
• Your password or session token — never.
• Other users' data — every request is scoped to your user ID.

Where it goes

Whichever provider you've configured. Out of the box:

• OpenAI → api.openai.com
• Anthropic → api.anthropic.com
• Google → generativelanguage.googleapis.com
• OpenRouter → openrouter.ai
• Custom → a host on the admin allowlist (AI_CUSTOM_PROVIDER_ALLOWED_HOSTS).

Each provider has its own data-handling policy. Check theirs before relying on what they will or won't do with the input. MoneyVue's role ends at the request boundary.

How to limit exposure

• Use a provider you trust. OpenAI, Anthropic, and Google all publish enterprise data-handling terms.
• Use a self-hosted custom provider. A locally-run OpenAI-compatible model means data never leaves a host you control. Custom providers require an admin to add the host to the allowlist.
• Don't ask the chat about anything you wouldn't put in an email to that provider.
• Skip Insights entirely. Insights is opt-in; if you don't configure a provider, no data is ever sent to one.

Where the API key is stored

Your provider API key is stored encrypted at rest in MoneyVue's database (AES-GCM with per-row IV and auth tag). The plaintext key only exists in memory during a request to the provider.

FAQ

Does MoneyVue use my data to train AI models? No. MoneyVue does not train models. Whether your provider does is governed by your provider's terms.

Can I see exactly what gets sent? The shape is documented above; the exact source is in src/server/routes/ai.js (buildFinancialContext).

Is the chat history saved on MoneyVue's servers? No. Messages are not persisted server-side. Closing the page wipes the conversation.