Security | moneymood

Our Principles

Security built in, not bolted on

Encryption Everywhere

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Member financial information is protected by the same standards used by Australian banking systems.

Privacy by Design

Privacy is built into every feature from the start. We collect only what is needed, and we are transparent about how member data is used. Organisations never see individual member data.

Member Data, Member Purpose

Member financial data exists solely to provide them with financial insights and guidance. We are transparent about data usage and never share data with third parties without explicit consent.

🛡

Organisation Privacy Boundary

✔️ Organisations cannot see member financial data

✔️ Member data is isolated per individual

✔️ No aggregated financial data shared with employers

✔️ Members control their own data at all times

Organisation Privacy

Complete privacy between organisations and members

One of the most important aspects of moneymood's security architecture is the strict privacy boundary between organisations and their members. When your organisation deploys moneymood, you cannot see, access, or analyse any individual member's financial data.

This separation is built into the platform architecture, not just enforced by policy. Members can use moneymood with full confidence that their financial information remains private.

Architectural separation between org and member data

No individual financial data shared with organisations

Members maintain full control of their own data

Delete account and all data at any time

Authentication

Secure access, every time

Member accounts are protected with industry-standard security measures. Passwords are hashed using bcrypt with salt. Session tokens are securely rotated and expire automatically.

Rate limiting protects against brute force attempts, and anti-enumeration measures ensure that attackers cannot discover registered accounts.

Industry-standard password hashing (bcrypt)

Secure session management with automatic expiry

Protection against brute force and enumeration attacks

Multi-factor authentication (2FA) support planned

🔒

Secure Authentication

✔️ Passwords hashed with bcrypt

✔️ JWT with secure refresh token rotation

✔️ Rate limiting on all endpoints

✔️ Anti-enumeration on sensitive routes

✔️ Email verification required

🤝

Member Data Rights

✔️ Right to access their data

✔️ Right to export their data

✔️ Right to delete their data

✔️ Right to revoke consent

Member Control

Members decide what happens with their data

moneymood gives every member full control over their financial data. They can export their data at any time, revoke any connected account, or delete their entire account and all associated data.

We believe financial data belongs to the individual. We are custodians of it while they use moneymood, not owners of it.

Revoke any data connection at any time

Export data whenever needed

Delete account and all data permanently

Clear, transparent privacy policy

Consumer Data Right

Secured by Australia's open banking framework

moneymood connects to financial accounts using Australia's Consumer Data Right (CDR), the government-backed framework that gives individuals secure, controlled access to their own financial data.

Government Backed

CDR is established under Australian federal law, administered by the ACCC and OAIC.

Read Only Access

moneymood can view data but can never move money, make payments, or change accounts.

No Passwords Shared

Members authorise connections directly with their bank. Banking credentials are never shared.

Revoke Any Time

Disconnect any account at any time through moneymood or directly through the bank.

Data Handling

How we handle member information

Data Collection

We collect only the financial data needed to provide members with insights and analysis. We do not collect unnecessary personal information, browsing history, or data from other apps.

Data Storage

Member data is stored securely on Australian-hosted infrastructure. All data at rest is encrypted using AES-256. Database access is restricted and monitored.

Data Deletion

When a member deletes their account, all personal data and financial information is permanently removed from our systems. We do not retain data after account closure.

Secure. Private. Enterprise-ready.

CDR accredited. Bank-grade encryption. Complete member privacy. Free for your organisation.

Book a Demo Read Privacy Policy