Privacy Policy

1. Introduction

This Privacy Policy explains how Show Me The Money (the “Service”) collects, uses, and protects your personal data. The data controller responsible for your personal data is Left Tail Consulting Lda (“we”, “us”, “our”). If you have any questions or wish to exercise your rights, contact us at hello@showmethemoney.finance. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Portuguese law.

2. Data we collect

• Account data: when you sign in, we collect your email address. This is required to create and secure your account.
• Profile data: if you sign in with Google, we receive basic profile information from Google — your name and profile picture — which we store to personalise your account.
• Financial scenario data: the figures and assumptions you enter into the planner, such as income, savings, expenses, and life events, are saved to your account. This data is stored privately and isolated to your account by database row-level security; it is not visible to other users.
• Billing data: if you purchase a paid subscription, our payment processor Stripe collects and processes your payment details. We do not receive or store your full card number; we retain a customer identifier and your subscription status to manage your plan.
• Usage and analytics data: we collect product-analytics events — such as which features you use and actions you take in the planner — through PostHog, to understand and improve the Service.
• Technical data: we and our providers process limited technical information such as cookies, browser type, and similar identifiers needed to run the Service. See Cookies below.

3. How we use your data and our legal bases

We use personal data to:

• provide, secure, and operate the Service, including authenticating you and saving your scenarios — legal basis: performance of a contract with you (GDPR Art. 6(1)(b));
• process payments and manage subscriptions — legal basis: performance of a contract (Art. 6(1)(b));
• maintain, troubleshoot, and improve the Service, and understand how it is used — legal basis: our legitimate interests in running and improving the Service (Art. 6(1)(f));
• communicate with you about service-related matters — legal basis: contract performance and legitimate interests;
• comply with legal obligations — legal basis: legal obligation (Art. 6(1)(c));
• do anything for which we specifically ask your consent — legal basis: consent (Art. 6(1)(a)), which you may withdraw at any time.

4. How we share your data

We do not sell your personal data. We share it only with service providers (“processors”) that help us run the Service, under contracts that require them to protect it:

• Supabase — database hosting, authentication, and storage of your account and scenario data;
• Stripe — payment processing and subscription billing;
• Google — sign-in, if you choose Google as your login method;
• PostHog — product analytics.

We may also disclose data where required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.

5. International transfers

Some of our providers may process data outside the European Economic Area, including in the United States. Where that happens, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses — to ensure your data remains protected.

6. Data retention

We keep your personal data for as long as your account is active and as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data and scenarios within a reasonable period, except where we must retain certain information to comply with legal obligations (for example, billing and tax records) or to resolve disputes.

7. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate or incomplete data;
• erase your data (the “right to be forgotten”);
• restrict or object to certain processing;
• receive your data in a portable format (data portability);
• withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at hello@showmethemoney.finance. You also have the right to lodge a complaint with a supervisory authority — in Portugal this is the Comissão Nacional de Proteção de Dados (CNPD).

8. Security

We take reasonable technical and organisational measures to protect your data, including encryption of data in transit and database row-level security that isolates each user’s scenarios to their own account. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

9. Cookies

We use a small number of cookies and similar technologies — some strictly necessary for the Service to function, and some for analytics:

• Essential cookies: authentication and session cookies (set by Supabase) keep you signed in. A “smtm.returning” cookie remembers that this browser has signed in before, so we can show a returning-visitor greeting. These are required for the Service to work.
• Analytics cookies: PostHog may set cookies or similar identifiers to measure how the Service is used, so we can improve it.

You can control or delete cookies through your browser settings. Blocking essential cookies may prevent you from signing in or using parts of the Service.

10. Children’s privacy

The Service is not directed to children. You must be at least 18 years old, or the age of majority in your jurisdiction, to use it. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The “last updated” date above reflects the latest revision; your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

For any privacy question, or to exercise your rights, contact the data controller, Left Tail Consulting Lda, at hello@showmethemoney.finance.