Privacy was a major reason we started Monarch since many other finance apps make money by selling your data to other companies so they can use it to sell you credit cards, loans or things that make them money. We think this is a bad idea.
We try to collect only the minimum amount of financial data needed for a feature in Monarch to work. With the data collected, Monarch employs industry-leading security practices, as do the data providers we partner with.
When you connect a financial account to Monarch it does not store your user name or password and has read-only access. This means Monarch can not move money in or out of your accounts.
The two main data providers that Monarch uses to connect financial accounts are Plaid and Finicity (owned by mastercard).
The data providers maintain very strict security practices including encryption, role-based access controls at each layer of their infrastructure, publishing a SOC 2 type 2 report, API traffic control, and one of the strongest bug bounty programs in the industry.
You can learn more details about Plaid's security practices here and Finicity's security practices here.