← Back to Home

Privacy Policy

Last Updated: March 5, 2026

1. Introduction

This Privacy Policy describes how Pockito collects, uses, and protects your personal information when you use our mobile application and related services.

  • App Name: Pockito — AI Expense Tracker
  • Effective Date: March 5, 2026
  • Last Updated: March 5, 2026

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, display name (when creating an account)
  • Transaction data: expense amounts, categories, merchant names, notes (entered manually, via voice, or via receipt scanning)
  • Budget and financial goal data
  • Voice input: processed using Apple's on-device Speech Recognition framework — audio is NOT transmitted to our servers
  • Receipt images: processed on-device using OCR — images are stored locally and optionally synced to your encrypted cloud storage
  • Payment information: All subscription payments are processed by Apple through the App Store. We do not collect, store, or have access to your credit card or payment details

2.2 Information Collected Automatically

  • Device information: device model, operating system version, app version
  • Usage analytics: feature usage patterns, screen views, interaction events (collected via Amplitude)
  • Crash reports and performance data
  • Subscription status and purchase history (managed via Adapty)

2.3 Information from Third-Party Sources

  • Bank SMS messages: parsed entirely on-device to extract transaction data. SMS content is NEVER transmitted to any server. Parsing happens locally using on-device algorithms.
  • Apple Pay transactions: tracked via user-configured iOS Shortcuts. Transaction data is entered locally.

3. How We Use Your Information

  • To provide and maintain the Pockito expense tracking service
  • To process and categorize your financial transactions
  • To provide AI-powered financial insights and recommendations
  • To manage your subscription and payment processing (via Apple's App Store)
  • To send push notifications (budget alerts, bill reminders) — only with your permission
  • To improve our app through anonymized analytics
  • To provide customer support
  • To comply with legal obligations

4. Data Storage and Security

  • Local storage: All transaction data is stored locally on your device using Core Data with AES-256 encryption and iOS FileProtection.complete
  • Cloud sync: When you create an account, data is optionally synced to Firebase Firestore (Google Cloud) with encryption in transit and at rest
  • Anonymous users: Data remains local-only. No cloud sync occurs for anonymous users.
  • We use Face ID / Touch ID for app-level authentication
  • No bank login credentials are ever collected or stored

5. Third-Party Services

We use the following third-party services that may collect data:

ServicePurposeData Shared
Firebase (Google)Authentication, cloud sync, storageEmail, user ID, transaction data (encrypted)
AdaptySubscription managementSubscription status, purchase transactions
AmplitudeAnalyticsAnonymized usage events, device info
Apple StoreKitIn-app purchasesPayment processed by Apple — we do not receive credit card details

6. Subscription and Payment Data

  • All payments are processed by Apple through the App Store. We do NOT collect or store credit card numbers, bank account details, or other payment instruments.
  • We receive confirmation of subscription status (active, expired, trial) from Apple via Adapty SDK.
  • Subscription data is used solely to provide access to premium features.

7. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion request
  • Transaction data: retained while your account is active. You can export your data at any time via CSV/PDF export.
  • Analytics data: anonymized and retained for up to 24 months

After account deletion, all personal data is removed from our servers. Local data on your device can be removed by uninstalling the app.

8. Your Rights

For all users:

  • Access your personal data
  • Export your data (CSV/PDF)
  • Delete your account and all associated data
  • Opt out of analytics

For EU/EEA users (GDPR):

  • Right to access, rectification, erasure, data portability
  • Right to restrict or object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal basis for processing: consent (account creation), legitimate interest (analytics), contract performance (service delivery).

For California users (CCPA/CPRA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of sale of personal information — Pockito does NOT sell personal information
  • Right to non-discrimination for exercising privacy rights

9. Children's Privacy

  • Pockito is not directed at children under 13 (or 16 in the EU)
  • We do not knowingly collect personal information from children
  • If we discover such data has been collected, we will delete it promptly

10. International Data Transfers

  • If you are outside the United States, your data may be transferred to and processed in the United States where Firebase (Google Cloud) servers are located
  • We ensure appropriate safeguards are in place for international transfers

11. Cookies and Tracking Technologies

  • Pockito is a native iOS app and does not use browser cookies
  • We use Firebase Analytics and Amplitude for anonymous usage analytics to improve the app experience
  • You can opt out of analytics through your device settings
  • We do not sell your data to third parties or use it for advertising purposes

12. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time
  • We will notify you of significant changes via in-app notification or email
  • Continued use of the app after changes constitutes acceptance

13. Contact Us

Email: support@pockitoai.app

Website: https://www.pockitoai.app