Legal Documents

Last Updated: March 10, 2026

1. Privacy Policy

Introduction

aequitas labs LLC ("we," "us," or "our") operates the matcha money website and application (the "Service"). We are committed to protecting your personal and financial information. This Privacy Policy explains how we collect, use, and share information when you use our Service.

Information We Collect

1. Account Information

When you create an account, we collect your email address and authentication credentials (managed via secure providers).
If you subscribe to a paid plan, our payment processor (Stripe) collects your billing details. We do not store full credit card numbers on our servers.

2. Financial Data

We use Plaid Inc. ("Plaid") to connect your financial accounts. When you connect a bank account, we collect and store:

Account balances and names
Transaction history (merchant names, dates, amounts, categories)
Investment holdings

We do not store your online banking username or password. These are handled exclusively by Plaid.

3. Usage Data

We use privacy-preserving analytics to understand website traffic. This data is anonymized and does not track your browsing history across other websites.

How We Use Your Information

To provide the budgeting, forecasting, and net worth tracking features of the Service.
To maintain and improve our infrastructure and security.
To communicate with you regarding your account, security alerts, or support requests.

Data Sharing and Subprocessors

We do not sell your personal data. We only share data with third-party service providers ("Subprocessors") required to operate the Service:

Provider	Purpose	Data Shared
Plaid	Banking Connectivity	Banking Credentials (processed directly by Plaid), Transaction Data
Stripe	Payments	Billing Information, Email
Cloud Database Provider	Database Hosting	Encrypted Access Tokens, User Data, Financial Records
Cloud Hosting Provider	Application Hosting	Access Logs
Cloud Analytics Provider	Privacy-Preserving Analytics	Anonymized Usage Data
Cloud Email Provider	Email Delivery	Email Addresses
Cloud Error Monitoring	Error Monitoring	Application Error Reports
Cloud Logging Provider	System Monitoring	Performance Logs

Family & Shared Workspaces

matcha money allows you to create or join a "Family" to manage finances together.

Internal Sharing: If you invite other members (e.g., a partner or spouse) to your Family, they will have access to view the financial data, accounts, and transactions associated with that Family.
Consent: By joining a shared Family, you consent to sharing your connected financial data with the other members of that Family.
Control: The Family Owner (Admin) controls member access and can revoke access at any time.

External AI Agents (User-Directed Sharing)

matcha money is designed to act as a data source for Artificial Intelligence agents (e.g., ChatGPT, Claude). We do not internally process your data using AI models.

If you choose to connect an external AI Agent to your matcha money account (via API Key or OAuth):

You explicitly authorize us to transmit your financial data to that third-party AI provider.
Once data leaves our infrastructure, it is governed by that AI provider's Privacy Policy.
We are not responsible for how external AI agents use, store, or hallucinate based on your data.

Data Retention & Deletion

We retain your data as long as your account is active.
You may request account deletion at any time by emailing support@matcha.money or using the "Delete Account" feature in Settings.
Upon deletion, we will purge your data from our database and instruct Plaid to revoke access to your financial institutions.

Security

We implement industry-standard security measures, including:

Encryption of sensitive tokens (AES-256) at rest.
TLS/SSL for all data in transit.
Strict access controls for internal operations.

2. Terms of Service

1. Acceptance of Terms

By accessing or using matcha money, you agree to be bound by these Terms. If you disagree with any part of the terms, you may not use the Service.

2. Description of Service

matcha money is a personal finance dashboard and API provider. It allows users to aggregate financial data and access it via a web interface or programmatic API.

3. Not Financial Advice

THE SERVICE IS FOR INFORMATIONAL PURPOSES ONLY.

matcha money is not a financial planner, broker, or tax advisor.
The Service is intended to assist you in your financial organization and decision-making and is broad in scope.
Your financial situation is unique, and any information sourced via the Service (or via AI agents connected to the Service) may not be appropriate for your situation.
You should verify all financial data (bank balances, transaction amounts) with your financial institution before making decisions.

4. User Responsibilities

Security: You are responsible for safeguarding your login credentials and API Keys. You must notify us immediately of any unauthorized use of your account.
Shared Access: If you invite others to your account (e.g., Family Mode), you are responsible for their actions within the Service.
API Usage: You agree not to use the API for any illegal purpose, or to overload our infrastructure ("button mashing" or DDoS). We reserve the right to revoke API keys or ban users for abusive behavior.

5. Third-Party Services

Plaid: By using our Service, you grant Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.
AI Agents: If you connect third-party tools (like ChatGPT or Claude) to our Service, you assume all risks associated with sharing your financial data with those tools. We make no warranties regarding the accuracy or security of third-party AI models.

6. Subscription & Refunds

Billing: Paid services are billed in advance on a subscription basis (Monthly or Annual).
Cancellation: You may cancel your subscription at any time. Your access will generally continue until the end of the current billing period.
Refund Policy:
- Monthly Plans: Generally non-refundable.
- Annual Plans: We offer pro-rated refunds for Annual plans. If you cancel an Annual subscription, you will be refunded for the unused full months remaining in your term. (e.g., If you use 3 months of a 12-month term, we will refund the remaining 9 months).
- Satisfaction Guarantee: If you are unsatisfied with the service or experience technical issues, please contact support@matcha.money.

7. Limitation of Liability

To the maximum extent permitted by law, Aequitas Labs LLC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from (a) your access to or use of or inability to access or use the Service; (b) any conduct or content of any third party on the Service.

8. Governing Law

These Terms shall be governed by the laws of the State of Maryland, without respect to its conflict of laws principles.

3. Cookie Policy

Our Approach to Cookies

We believe in minimizing data tracking. matcha money does not use tracking cookies, advertising pixels, or third-party marketing scripts.

Strictly Necessary Cookies

We use a limited number of cookies that are essential for the Service to function. According to privacy laws (such as GDPR and ePrivacy Directive), these cookies do not require user consent because the website cannot function without them.

Cookie Name	Purpose	Duration
better-auth.session_token	Used by our authentication system to keep you logged in securely.	7 days

Analytics (Cookie-less)

To improve our Service, we use privacy-preserving analytics tools.

These tools are configured to run in a "privacy-friendly" mode.
They do not place persistent cookies on your device to track your history across other websites.
Data is anonymized or stored in ephemeral local storage only while you are actively using our application to prevent data loss during your session.

Managing Cookies

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set strictly necessary cookies, you may be unable to log in to matcha money.

4. Browser Extension Privacy

The matcha money Receipt Sync Chrome extension automatically imports your order history from supported retailers (Amazon, Costco, Walmart, Target) and syncs them to your matcha money account as transactions. This section explains exactly what the extension accesses, why, and how your data is handled.

Data the Extension Accesses

The extension only accesses data that is necessary to retrieve your own order history. It does not read, record, or transmit any other browsing activity.

Data Type	Source	Purpose
Order history (order IDs, dates, items, totals)	Amazon, Costco, Walmart, Target	Imported as transactions to your matcha money account
Payment method (card type & last 4 digits)	Retailer order pages	Stored alongside transactions for reference
Retailer session tokens / cookies	Retailer websites (`localStorage`, page cookies)	Used to authenticate API requests to fetch your orders on your behalf; never transmitted off-device
matcha.money session cookie	matcha.money	Verifies you are logged in before pushing receipt data to your account
Anonymous usage events (sync counts, errors)	Extension internals	Sent to PostHog for product improvement; opt-out available in extension Settings

Chrome Permissions Used

Permission	Why it's needed
storage	Stores your sync preferences, cached receipts, and sync cursors locally in `chrome.storage.local`. Nothing is shared with third parties.
alarms	Schedules automatic daily or weekly syncs so new orders are imported even when the popup is closed.
cookies	Reads your matcha.money session cookie to confirm you are logged in before pushing receipt data to your account.
scripting	Injects scripts into retailer pages to read auth tokens from `localStorage` (e.g. Costco MSAL tokens) needed to call the retailer's order API on your behalf.
tabs	Opens a retailer order page in the background to trigger scraping, then closes it automatically when done.

What the Extension Does Not Do

Does not read or record any browsing activity outside of supported retailer order pages.
Does not transmit retailer session tokens or cookies off your device.
Does not store your retailer usernames or passwords.
Does not access financial account numbers or full payment card numbers.
Does not modify any pages or inject ads.

Local Storage & Sync

Scraped receipts are cached locally in chrome.storage.local on your device and pushed to your matcha money account over an encrypted HTTPS connection. Local data can be cleared at any time from the extension's Settings panel.

Analytics & Opt-Out

The extension sends anonymous, aggregated usage events (e.g., number of receipts synced, sync errors) to PostHog to help us improve the product. No personally identifiable information or receipt contents are included in these events. You can opt out at any time in the extension's Settings panel.

Questions?

If you have any questions about these legal documents, please contact us.

Contact Support

← Back to Home