Last Modified: June 12, 2025
We at Lunchbag Labs Inc. ("us," "we," "our" or "Lunch Money") respect your privacy, and we are committed to protecting it by complying with this policy (our "Privacy Policy") and being transparent about our privacy practices.
In this policy, we explain how we collect, use, process, and share your personal information when you communicate directly with us or within our community, as well as when you access and use the websites, applications, and other offerings we provide, including https://lunchmoney.app/, its related mobile applications and our API (collectively, the "Services").
When we talk about your “information” in this Privacy Policy, we are referring to personal information about an identifiable individual (which includes personal information that can be used on its own or with other information to identify, contact, or locate you).
Our Privacy Policy applies to anyone using our Services (whether paid or unpaid), but it does not apply to third parties’ privacy practices and policies, except to the extent we use third parties to store or process your data. Third parties that you engage with should have their own privacy policies, which are their responsibility.
If you have any questions, concerns or requests relating to this Privacy Policy, please contact us at [email protected] (our "Contact Information").
We recommend reading this entire Privacy Policy, but here are a few answers to the most common privacy questions we get asked:
Does Lunch Money have access to my money?
No. Lunch Money is an application that only has “read-only” access to your synced bank accounts.
Does Lunch Money have access to my banking credentials?
No. We never have access to your banking credentials.
Does Lunch Money sell my information?
Never. We do not (and will not!) sell any information about our customers to others.
Is my information secure?
It is. We use industry standard security protocols across wherever we can. That, coupled with the fact we don’t have access to your bank credentials, means your information is safe and secure.
Again, please read the rest of this document, but we thought it’d be helpful to answer some of your most important questions right at the start.
To provide our Services to you, we collect and receive the following information:
We do not intend for children under the age of 18 to use our Services, and we do not knowingly collect information about individuals under the age of 18. If you are under the age of 18, please do not use our Services or provide any information to us. If you believe we might have any information from or about a child under 18, please contact us using the Contact Information above.
When using our Services, you’re invited to import bank transaction or crypto wallet data directly.
When you import bank transaction data, we do not save or store your banking credentials. All bank transaction data is provided through Plaid.
When you import bank transaction data via Plaid, we receive the following information:
Similarly, when you import information about your crypto wallet into our Services, we do not save or store your wallet credentials. Instead, the read-only data is provided through an API that you connect to our systems.
When you import crypto wallet information via an API, we receive the following information:
We do not sell your information to anyone for any reason. We use the information you provide for the purpose you intended and as outlined in this Privacy Policy. For example, if you provide us with your telephone number for the purposes of enabling 2-factor authentication, we will only use that information to authenticate your access to our Services, and we will not send you marketing information via SMS simply because you provided your telephone number.
When we collect and use your information, we only do so for the following purposes:
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, please contact us using the Contact Information (detailed above). Please note that if you withdraw your consent, we may not be able to provide you with access to and/or use of our Services and other offerings.
Protecting your information is important to us. That is why we take steps to protect your information from unauthorized access, destruction and misuse. All the steps we take to protect your information will be commensurate with the sensitivity of the information we collect and reasonable in the circumstances.
Here are a few examples of how we keep your information secure:
Additionally, to help protect your data, we will not store your data for longer than we need it unless you agree otherwise or the law permits us to keep the information for a longer period of time. If we anonymize your data, however, you agree we may use that anonymized information as we choose and keep the data for longer periods of time.
In any case and despite our efforts, using the internet is never risk-free. As a result, we cannot guarantee the security of your data, and – ultimately – you use the internet at your own risk.
We use automated technologies to help us improve your user experience. To do that, we may store your preferences, remember you for future visits to our Services, or otherwise gather information about how our Services are used.
Our automated technologies may include browser cookies, flash cookies, or web beacons, and we may use them to collect information about your devices and internet use.
A cookie is a small piece of data – a text file – that a website asks your browser to store on your device to remember information about you, such as your language preference or login information, that can later be retrieved to identify you when you return to our Services.
For example, we may collect data about the tools and mechanisms you use to access our Services, including your IP address, browser, or operating systems. We may also collect information about your visits to our Services, such as location data, web traffic data and what you do with our Services.
Our automated technologies may also collect information about your online activities over time or on others’ websites, using methods like behavioral tracking. If you wish to opt out of behavioural tracking, please contact us using the Contact Information outlined above.
When we use automated technologies (like cookies), the information we collect is generally statistical in nature. Nevertheless, it may include personal information or otherwise be associated with the information we collect, as described in this Privacy Policy.
If you wish to disable our cookies, you can typically disable them by changing your browser settings. In most modern browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.youradchoices.ca.
Before deciding to delete our cookies, please note that some of our cookies are necessary to access the essential features of the Services, and we recommend that you leave cookies enabled. If you choose to disable our cookies, some of our Services’ functionality may no longer be available to you.
We may share your information when one of the following circumstances applies:
We limit how we share your information, only providing it to the following:
Please note that you may have opportunities to provide information directly to third parties through application programming interfaces (APIs) we offer. If you use our API, please review our API Terms of Service posted on our website.
We may choose to process, transfer or store your information in countries different from where you live. For example, we store Lunch Money’s data in the United States, which may have privacy requirements that are more or less comprehensive than the privacy obligations applicable to our relationship with you. Nevertheless, we will implement appropriate technical and organizational measures to ensure our contractors and service providers protect your data.
By using our Services or providing your information to us, you agree to us processing, transferring, or storing your information in other countries. You may obtain more information about our international processing, transfer and storage practices using the Contact Information noted above to contact our designated privacy officer.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, unless the law requires or permits otherwise. We may also keep information for the purposes of satisfying any legal, accounting, or reporting requirements applicable to us.
The length of time we keep your information for will generally depend on the type of information collected, why it was collected, and the sensitivity of the information. If, at any time, you wish to have your information deleted, please contact us.
Here are some examples of how and when we delete information provided to us:
When we retain information, we may also choose to anonymize your personal information so that it can no longer be associated with you, and we may use such anonymous and de-identified data for our legitimate business purposes.
We strive to keep the information we collect accurate and current, and we invite you to contact us when your information has changed. Privacy laws applicable to our relationship with you may give you the right to request access to the information we collect about you and often allow you to correct outdated information.
If you wish to access or correct your information, please contact us using the Contact Information above. Likewise, please contact us if you have any concerns or complaints about how we use or collect your information.
Please note that we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Additionally, in accordance with our data retention practices and applicable law, we may destroy or limit access to certain information we collect about you. Nevertheless, we will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
If we are unable to provide you with access to your information, we will explain why (subject to applicable law about these sorts of disclosures).
There are European privacy laws, including the European General Data Protection Regulation (GDPR), that can apply to you, our customer. To the extent these laws apply, we provide additional rights for our European customers.
With respect to the information that we collect when you use the Services, we are the data controller for that information and our service providers (with whom we share your information) are the data processors. Our lawful basis for collecting this information is to fulfill our agreement(s) with you, our legitimate interest in providing the Services to you, or to comply with our legal obligations. In some instances, our lawful basis for processing your information may also be your consent.
If the GDPR applies to our relationship with you, you may exercise your right to:
Additionally, residents of the EEA and Switzerland may file a complaint with a data protection authority.
Any disputes arising out of or related to this Privacy Policy will be handled in accordance with the dispute resolution process indicated in your contract with us that refers to this Privacy Policy, if applicable.
Please contact us (using the Contact Information above) if you have any questions about exercising any of the above rights.
It is our policy to post any changes we make to our Privacy Policy on this page. Should we make any significant changes to our Privacy Policy and how we engage with your information, we will notify you. We also encourage you to periodically review our Privacy Policy to check for updates. The date the Privacy Policy was last revised is identified at the top of the page. Your continued access and use of the Services will be deemed to be your acceptance of this Privacy Policy.