← Back to Pocket Piggy

Privacy Policy

Last Updated: February 4, 2026

Introduction

Pocket Piggy LLC ("we", "us", "our", "the App") is committed to protecting your privacy and ensuring the security of your financial information. This Privacy Policy explains how we collect, use, store, and protect your personal and financial data.

BY USING POCKET PIGGY, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use the App, you provide:

Account Information:

• Email address (required for authentication)
• Password (encrypted and never stored in plain text)
• Profile photo (optional)
• Phone number (optional, for two-factor authentication)

Financial Information:

• Income transactions and sources
• Expense transactions and categories
• Budget allocations and limits
• Account balances (manually entered, not from banks)
• Notes and descriptions for transactions
• Custom categories and tags

Important: We do NOT collect or store:

• Bank account login credentials (Plaid handles authentication securely)
• Credit card numbers
• Social Security numbers
• Tax identification numbers
• Investment account credentials

1.2 Information Collected Automatically

Usage Data:

• App features you use
• Time spent in the App
• Navigation patterns
• Button clicks and interactions
• Screen views
• Feature adoption rates

Device Information:

• Device model and manufacturer
• Operating system version
• App version
• Device identifiers (anonymized)
• Screen resolution
• Language preference
• Time zone

Technical Data:

• IP address (anonymized)
• Crash reports and error logs
• Performance metrics
• Network type (WiFi, cellular)

1.3 Information from Third-Party Services

Firebase (Google):

• Authentication data
• Cloud storage metadata
• Analytics data
• Crash reporting data

Google Sign-In (if used):

• Google account email
• Google account name
• Google profile photo URL

We do NOT receive your Google password.

Plaid (Bank Sync - Pro Feature):

• Transaction descriptions and amounts from linked bank accounts
• Account balances and connection metadata
• Plaid access tokens (stored securely; we never see your bank login credentials)
• You may link or unlink your bank account at any time from Account Settings

RevenueCat (Subscription Management):

• Subscription status and tier
• Purchase history and billing period
• No payment card details (handled by Apple/Google)

AI Categorization (Optional, Pro Feature):

• When enabled, merchant names and approximate transaction amounts may be sent to OpenAI (GPT-4o-mini) for categorization assistance
• No exact amounts, account numbers, or personally identifiable information is sent
• You opt in via a consent dialog and can disable AI categorization at any time from Sync Settings

exchangerate.host:

• Currency conversion rates only
• No personal or financial data is shared

Google Gemini (Image Generation):

• AI-generated images used for daily financial tips
• No personal or financial data is shared

2. How We Use Your Information

2.1 To Provide and Improve the Service

• Account Management: Create, maintain, and secure your account
• Data Storage: Store your financial data securely
• Cloud Sync: Sync non-financial data (profile, gamification progress) across devices via Firebase
• App Functionality: Provide budgeting, tracking, and reporting features
• Calculations: Perform financial calculations and projections
• Personalization: Customize your experience based on your usage

2.2 To Communicate With You

• Service Updates: Notify you of important changes or updates
• Security Alerts: Inform you of suspicious account activity
• Feature Announcements: Share new features and improvements
• Support Responses: Reply to your questions and support requests

We will NEVER:

• Send promotional emails without your consent
• Sell your email to third parties
• Spam you with excessive communications

2.3 To Ensure Security and Prevent Fraud

• Authentication: Verify your identity
• Security Monitoring: Detect and prevent unauthorized access
• Fraud Prevention: Identify suspicious patterns
• Abuse Prevention: Detect violations of Terms of Service

2.4 To Analyze and Improve

• Usage Analytics: Understand how features are used
• Performance Monitoring: Identify and fix bugs
• Product Development: Develop new features based on user needs
• A/B Testing: Test improvements before full rollout

Important: Analytics data is anonymized and aggregated. We cannot identify individual users from this data.

3. How We Store and Protect Your Data

3.1 Local Storage (On Your Device)

Encryption:

• All financial data stored on your device is encrypted using AES-256
• Encryption keys stored in secure device storage (Keychain on iOS, Keystore on Android)
• Data cannot be accessed without your authentication

Local Database:

• Uses Hive (encrypted NoSQL database)
• Stored in app-specific secure storage
• Automatically deleted if you uninstall the App

3.2 Cloud-Synced Data (Non-Financial)

Firebase Cloud Firestore:

• Stores only non-financial data: user profile, gamification progress (XP, levels, streaks, achievements), and app preferences
• Encryption in transit (TLS/SSL) and at rest on Google servers
• Access controlled by Firebase Security Rules

Important: Your financial data (transactions, budgets, balances) is NEVER uploaded to the cloud. It remains 100% on your device in encrypted local storage.

3.3 Security Measures

Technical Safeguards:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Secure password hashing (bcrypt/PBKDF2)
• Regular security audits
• Automated vulnerability scanning
• Secure coding practices

Access Controls:

• Multi-factor authentication (optional)
• Biometric authentication (optional)
• Session timeout after inactivity
• Secure password requirements
• Account lockout after failed attempts

3.4 Data Retention

Active Accounts: Data stored as long as your account is active. No automatic deletion of financial records.

Inactive Accounts: Accounts inactive for 2+ years may be flagged for deletion. Email notification sent before deletion. 30-day grace period to reactivate.

Deleted Accounts: Data permanently deleted within 30 days of account deletion. Backup copies deleted within 90 days.

4. Data Sharing and Disclosure

4.1 We DO NOT Sell Your Data

NEVER, EVER:

• We do NOT sell your personal information
• We do NOT sell your financial data
• We do NOT sell your usage data
• We do NOT share data with advertisers
• We do NOT create data profiles for marketing

4.2 Service Providers

We share limited data with trusted service providers:

Google Firebase: Purpose: Authentication, cloud storage, analytics, crash reporting.

Plaid Inc. (Bank Sync): Purpose: Secure bank account linking and transaction retrieval. Your bank login credentials are handled entirely by Plaid and never reach our servers.

RevenueCat: Purpose: Subscription management and billing.

OpenAI (AI Categorization): Purpose: Fallback transaction categorization for unrecognized merchants. Data: Merchant names and approximate amounts only (no PII, no exact figures). Opt-in only; can be disabled at any time.

4.3 Legal Requirements

We may disclose information if required by law: court orders, law enforcement requests, national security requests, legal process.

5. Your Rights and Choices

5.1 Access and Portability

• View all your personal data
• Download your data in machine-readable format (CSV, JSON)
• Request a copy of data we hold about you

5.2 Right to Correction

• Edit your profile information
• Correct financial transaction data
• Update account settings

5.3 Right to Deletion

• Delete your account and all data
• Permanent and irreversible
• Use in-app account deletion or contact support@pocketpiggy.app

5.4 Right to Object

• Opt out of analytics
• Disable cloud backup
• Limit data collection

6. Children's Privacy

Minimum age: 13 years old. Users 13-17 require parental consent. We do not knowingly collect data from children under 13. Parents: If you believe your child under 13 has created an account, contact us immediately at support@pocketpiggy.app.

7. International Data Transfers

Your data may be stored and processed in the United States (primary servers), in countries where Google Firebase operates, and in regions selected for cloud backup. For international transfers, we ensure EU-US Privacy Framework compliance, Standard Contractual Clauses with processors, and adequate protection as required by law.

8. California Privacy Rights (CCPA/CPRA)

Categories of Personal Information Collected: Identifiers (email, name, user ID), Financial information (transactions, budgets), Internet activity (usage data, device info), Geolocation (approximate, from IP).

Sale of Data: We do NOT sell personal information.

Your California Rights: Right to Know, Right to Delete, Right to Opt-Out, Right to Non-Discrimination.

9. Nevada Privacy Rights

Nevada residents may opt out of the sale of covered information. We do NOT sell personal information, so this right does not apply to Pocket Piggy.

10. Cookies and Tracking Technologies

We do NOT use: Advertising cookies, Cross-site tracking, Social media pixels, Marketing pixels.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. For significant changes: 30-day notice before effective date, option to review changes, ability to download data and delete account.

12. Data Breach Notification

In the event of a data breach: We will investigate immediately, contain and remediate, notify affected users within 72 hours, notify relevant authorities as required by law.

13. Contact Us

• Email: privacy@pocketpiggy.app
• General Support: support@pocketpiggy.app
• Security Issues: security@pocketpiggy.app
• Mail: 1621 Central Ave #8296, Cheyenne, WY 82001, USA

---

Pocket Piggy LLC - Your Privacy is Our Priority
Version 1.1 | Last Updated: February 4, 2026