Last updated: May 30, 2026
When you set up Monk Portfolio, a passkey is created on your device. Your portfolio data is encrypted locally using a key derived from that passkey before it leaves your device. Our server is designed to store only the encrypted blob, a non-secret cryptographic salt, a lastModified timestamp, and your registered passkey credential. Because the key is held only on your device, the system is built so that we cannot decrypt or read your portfolio contents.
When the app fetches current prices, ticker symbols are sent to our backend, which retrieves pricing data from a third-party pricing API. These requests are not linked to your identity or your portfolio composition — we do not store identity with pricing requests.
When you use AI chat, AI portfolio evaluation, Monk Insights, or AI-powered screenshot import, your input is sent to a third-party AI service for processing. The specific data shared with that service includes:
We never send dollar amounts, account balances, your name, email, Apple ID, or any other personal identifiers to that service; the text features (chat, evaluation, insights) also never send share counts. Each AI chat carries a random, non-identifying request identifier used only to group a single conversation's transient history; it is separate from analytics and is not tied to you. Chat history is intended to be transient — it is held briefly in a server-side cache that auto-expires and is cleared when you start a new chat. The AI service is a third party, and how it handles this data is governed by its own policies.
The app is designed to require your explicit consent before any data is shared with that service, and that consent is enforced both in the app and at our server. You can review this consent at any time in Settings.
Monk has two separate analytics layers. Both are first-party — every request goes only to monkportfolio.com. No cookies. No third-party trackers, ad pixels, or analytics services.
Layer 1 — anonymous pulse. Once per session we send a single ping to our server that records the date, the platform (web or ios), and a coarse country. The country is derived at the edge from your request and the underlying IP address is not stored. We do not store a session id, user agent, or referrer with this ping. It is designed to let us see whether the app is being used without identifying any individual. This layer does not require consent.
Layer 2 — consented event names. We ask on your very first screen via a clearly labelled checkbox alongside “Get started” — you can leave it on, untick it, or flip it any time in Settings. When it is on, the app sends short event names like Add Asset Succeeded or Export CSV Clicked. Each event includes a per-launch random session id, the platform, a coarse country derived from the edge request header, parsed device/browser/OS buckets, viewport dimensions, the referring URL when your browser provides one, and any event-specific data the code attaches. The raw user agent string is parsed at ingest and we do not intend to retain it. We do not send portfolio contents, symbols, holdings, dollar amounts, your name, email, or account identifiers. We do not use this data to identify you by name or account, though some technical fields (such as device and browser details) are inherently approximate and we do not represent them as fully anonymous.
You can change this choice at any time in Settings.
Using Monk Portfolio takes no account, name, email address, phone number, location, or payment information. The one exception is entirely your choice: if you write to us through the optional Contact Us form, you may include an email so we can reply, and we use it solely for that.
Your encrypted data is stored on our server solely to enable sync between your devices. The sync mechanism works by passing your encrypted blob between devices through the server. The system is designed so that the server only ever holds and transmits your portfolio data as ciphertext, never in unencrypted form.
We aim to keep as little as possible, for as short a time as possible. Your encrypted blob is retained only while sync is enabled and is removed when you erase your data or disable sync. AI chat history is held only briefly in a transient cache and then cleared. Anonymous and consented usage events are retained in aggregate to understand product usage. Operational logs that may incidentally contain technical request details are short-lived. If you email us, we keep that correspondence only as long as needed to handle your request.
We use strong, industry-standard encryption and design the app to minimize the data we hold in the first place. That said, no method of electronic storage or transmission is ever completely secure, and no software is free of bugs. We cannot and do not guarantee absolute security. We work to fix issues we become aware of, and where a security incident affects your data and the law requires us to notify you, we will do so.
Monk Portfolio is not directed to children, and it is not intended for use by anyone under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children. Because the app requires no account and no personal information, we generally do not receive such information at all.
Monk Portfolio is a free app provided on an “as is” and “as available” basis, without warranties of any kind, whether express or implied, including any implied warranties of merchantability, fitness for a particular purpose, accuracy, or non-infringement. This policy describes how the app is intended to work; it is not a guarantee of any particular outcome.
We do our best, but software can contain errors and services can fail or behave unexpectedly. To the maximum extent permitted by applicable law, we are not liable for any loss of data, loss of portfolio information, inaccurate prices or AI output, or any indirect, incidental, or consequential damages arising from your use of the app. Nothing in the app is financial, investment, tax, or legal advice — always verify important information and keep your own backups. Some jurisdictions do not allow certain disclaimers or limitations, so some of the above may not apply to you.
Because we store only an encrypted blob with no personal information attached, there is no account to delete. You stay in control from within the app: Erase Data → Erase everywhere and Disable Sync & Encryption remove the encrypted blob and your registered passkey credential from our server. Erase Data always wipes the local copy on your device, and you can choose to erase this device only (leaving your encrypted backup and other devices intact). Server-side deletions are permanent, with no soft-delete or hidden copy on our side.
We may update this privacy policy from time to time. When we do, we will update the date at the top of this page. For material changes, we will make a reasonable effort to surface a notice in the app. Your continued use of the app after a minor update constitutes acceptance of the revised policy; where the law requires fresh consent for a material change, we will ask for it.
Questions about this privacy policy? Visit our Contact Us page or email us at info@monkportfolio.com.