1. Why this page exists
Running a modern app means relying on a small number of trusted third-party partners — to host servers, deliver email, accept payments, run AI features, and so on. We list ours here so you always know who else, beyond Marvin, has access to a slice of your data while we run the Service for you. Many privacy laws require transparency around service providers and data handling; we publish this page because we believe users deserve clarity.
2. Our principles
Three commitments that shape every decision we make:
You stay in control
Upload what you want, delete what you want, export everything anytime — receipts, transactions, chat history — as CSV, PDF, or JSON, on every plan including Free.
Marvin never sees your bank password
Marvin never sees or stores your online-banking username or password, and we never screen-scrape. The core app needs no bank login at all. The optional bank connection (Pro+, US & Canada) is the one you turn on yourself — and even then you sign in through our secure bank-connection provider, so your credentials go to the provider and your bank, never to Marvin. You decide what Marvin sees: receipts, statements, manual entries, or that optional connection.
Encrypted by default
Encrypted in transit and at rest. Personal fields like your name and email get an additional layer of encryption on top, so they aren't readable in plaintext even in worst-case scenarios.
We chose at-rest encryption rather than end-to-end-on-your-device because Marvin's AI features — reading a receipt, answering a question, drawing your forecast — need to process the actual numbers to give you a useful answer. End-to-end would mean a notebook that can't read itself.
3. What we promise about every partner
To run Marvin securely and reliably, we work with a small number of carefully chosen partners — for hosting, payments, AI features, market data, communications, and the optional bank connection. Whoever they are, four promises always hold:
- No ads, ever. None of our partners are advertising networks. Marvin doesn't run ads, so we have no business sharing your data with anyone who does.
- Your credentials never reach Marvin. The optional bank connection you choose to turn on authenticates you through a secure bank-connection provider — your banking password goes to that provider and your bank, never to Marvin, and we never store it.
- No AI training on your data. Every partner is contractually barred from using your data to train their own AI or machine-learning models.
- Minimum data, only what's needed. We share only the data each partner needs to do its specific job for Marvin — never the whole picture, never more than necessary.
4. Who helps us run Marvin
Below are the categories of trusted third-party providers we work with to deliver the Service, what each category does for Marvin, and what data each touches in order to do it. The mix will change over time as our stack evolves.
| Category | What it does for Marvin | Data accessed |
|---|---|---|
| Cloud hosting & infrastructure | Hosts the application, database, and encrypted backups on enterprise-grade infrastructure. | Your data at rest (encrypted) and in process. |
| AI model providers | Powers select AI features such as receipt reading, statement understanding, transaction categorisation, and conversational assistance. | Only the minimum data required for the specific request, such as uploaded documents, transaction text, or chat prompts. Not used for training under applicable commercial terms. |
| App-store distribution & in-app purchases | Distributes the iOS and Android apps and processes mobile subscription payments via the relevant app store. | Account identifiers and payment-related identifiers from the relevant app store. |
| Web payment processing | Handles card and local-payment-method checkout for web subscriptions. | Email, billing-tax fields where required, and payment-instrument tokens. Card numbers never touch our servers. |
| Push notifications | Delivers in-app push notifications when you've opted in (via platform-mandated channels). | Anonymous device push tokens. Notifications never include account numbers or balances. |
| Transactional email | Sends operational email — sign-up, password reset, billing receipts, security alerts. We don't run a marketing programme. | Your email address and the message content for that email. |
| Market data (FX rates) | Provides reference exchange rates for currency conversion. | No personal data — only currency-pair codes (e.g., "USD→INR"). |
| Application monitoring & error reporting | Captures application errors and performance metrics so we can fix bugs. | Stack traces, anonymised user IDs, and request metadata. Request bodies and credentials are stripped. |
We share specific sub-processor names with enterprise customers and their data-protection officers under NDA. To request the named list, email legal@marvinmoney.com.
5. Where your data lives
Your account, expenses, receipts, and encrypted backups are stored on enterprise-grade cloud infrastructure located in Canada (Montréal region). Your data does not leave Canada at rest.
When you contact us from outside Canada — opening the app from Mumbai, London, Sydney — your requests are still routed to and stored on these Canadian servers. Cross-border transfers are covered by the same contractual safeguards that bind every partner in section 4.
6. Who's not on our list — and never will be
- No advertising or attribution networks (Meta pixel, Google Ads, AppsFlyer, Adjust, etc.). We don't run ads.
- No data brokers, identity-graph vendors, or "wellness score" platforms.
- No third-party AI training pipelines. Your receipts and statements are never available to anyone for model training.
7. Want to dig deeper?
- Privacy page — what we hold, why, and how, in plain English.
- Terms of Service — the contract behind the Service, including liability, AI disclosures, and country-specific rights.
- Compliance & vetting details — notification of changes, your right to object, vetting standards, cross-border transfer mechanisms.
- Enterprise & DPA requests — email legal@marvinmoney.com for a Data Processing Addendum, security questionnaire, or vendor review.
Mars Enterprises Inc. · India · © 2026. Last updated April 26, 2026.