1. Introduction
This Privacy Policy describes how Pockito collects, uses, and protects your personal information when you use our mobile application and related services.
- App Name: Pockito — AI Expense Tracker
- Effective Date: March 5, 2026
- Last Updated: March 5, 2026
2. Information We Collect
2.1 Information You Provide
- Account information: email address, display name (when creating an account)
- Transaction data: expense amounts, categories, merchant names, notes (entered manually, via voice, or via receipt scanning)
- Budget and financial goal data
- Voice input: processed using Apple's on-device Speech Recognition framework — audio is NOT transmitted to our servers
- Receipt images: processed on-device using OCR — images are stored locally and optionally synced to your encrypted cloud storage
- Payment information: All subscription payments are processed by Apple through the App Store. We do not collect, store, or have access to your credit card or payment details
2.2 Information Collected Automatically
- Device information: device model, operating system version, app version
- Usage analytics: feature usage patterns, screen views, interaction events (collected via Amplitude)
- Crash reports and performance data
- Subscription status and purchase history (managed via Adapty)
2.3 Information from Third-Party Sources
- Bank SMS messages: parsed entirely on-device to extract transaction data. SMS content is NEVER transmitted to any server. Parsing happens locally using on-device algorithms.
- Apple Pay transactions: tracked via user-configured iOS Shortcuts. Transaction data is entered locally.
3. How We Use Your Information
- To provide and maintain the Pockito expense tracking service
- To process and categorize your financial transactions
- To provide AI-powered financial insights and recommendations
- To manage your subscription and payment processing (via Apple's App Store)
- To send push notifications (budget alerts, bill reminders) — only with your permission
- To improve our app through anonymized analytics
- To provide customer support
- To comply with legal obligations
4. Data Storage and Security
- Local storage: All transaction data is stored locally on your device using Core Data with AES-256 encryption and iOS FileProtection.complete
- Cloud sync: When you create an account, data is optionally synced to Firebase Firestore (Google Cloud) with encryption in transit and at rest
- Anonymous users: Data remains local-only. No cloud sync occurs for anonymous users.
- We use Face ID / Touch ID for app-level authentication
- No bank login credentials are ever collected or stored
5. Third-Party Services
We use the following third-party services that may collect data:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, cloud sync, storage | Email, user ID, transaction data (encrypted) |
| Adapty | Subscription management | Subscription status, purchase transactions |
| Amplitude | Analytics | Anonymized usage events, device info |
| Apple StoreKit | In-app purchases | Payment processed by Apple — we do not receive credit card details |
6. Subscription and Payment Data
- All payments are processed by Apple through the App Store. We do NOT collect or store credit card numbers, bank account details, or other payment instruments.
- We receive confirmation of subscription status (active, expired, trial) from Apple via Adapty SDK.
- Subscription data is used solely to provide access to premium features.
7. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Transaction data: retained while your account is active. You can export your data at any time via CSV/PDF export.
- Analytics data: anonymized and retained for up to 24 months
After account deletion, all personal data is removed from our servers. Local data on your device can be removed by uninstalling the app.
8. Your Rights
For all users:
- Access your personal data
- Export your data (CSV/PDF)
- Delete your account and all associated data
- Opt out of analytics
For EU/EEA users (GDPR):
- Right to access, rectification, erasure, data portability
- Right to restrict or object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Legal basis for processing: consent (account creation), legitimate interest (analytics), contract performance (service delivery).
For California users (CCPA/CPRA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of sale of personal information — Pockito does NOT sell personal information
- Right to non-discrimination for exercising privacy rights
9. Children's Privacy
- Pockito is not directed at children under 13 (or 16 in the EU)
- We do not knowingly collect personal information from children
- If we discover such data has been collected, we will delete it promptly
10. International Data Transfers
- If you are outside the United States, your data may be transferred to and processed in the United States where Firebase (Google Cloud) servers are located
- We ensure appropriate safeguards are in place for international transfers
12. Changes to This Privacy Policy
- We may update this Privacy Policy from time to time
- We will notify you of significant changes via in-app notification or email
- Continued use of the app after changes constitutes acceptance
13. Contact Us
Email: support@pockitoai.app
Website: https://www.pockitoai.app