Zero-Knowledge Architecture

Privacy Policy

Version 2025.01 | Last updated: January 2025

TL;DR

Your financial data stays on your device. We never see, store, or have access to your transactions, balances, or account information. PocketSafe is built with a zero-knowledge architecture.

Our Privacy Promise

PocketSafe is built with a zero-knowledge architecture. This means your financial data is stored exclusively on your iPhone using iOS Keychain and Secure Enclave. Our servers act as a stateless relay — we forward requests to financial service providers and return responses directly to your device without logging or storing any data.

What Data We Collect

Data We Never Collect

  • Bank account credentials
  • Account balances
  • Transaction history
  • Financial institution names
  • Personal financial info

Data We May Collect

  • Email: Waitlist, support, subscriptions
  • Analytics: App usage (opt-in only)
  • Crash reports: Bug fixes (opt-in only)
  • Subscription: Pro status via Apple
  • Device ID: Hashed, for rate limiting

Legal Basis for Processing (GDPR)

Consent

Optional features like analytics and crash reporting

Contract

Core app functionality and subscription management

Legitimate Interest

Service improvement, security, fraud prevention

How Bank Connections Work

We use Plaid and Finicity to facilitate secure connections to your financial institutions.

1

You authenticate directly with Plaid's or Finicity's secure interface

2

The provider sends an encrypted access token to your device

3

This token is stored in your device's Secure Enclave

4

When syncing, requests pass through our stateless proxy

5

Financial data returns directly to your device

Our servers never see, log, or store any of this data

Data Storage

All your financial data is stored locally on your iPhone using:

iOS Keychain

Credentials & tokens (hardware-encrypted)

Secure Enclave

Encryption keys (isolated hardware)

Local Database

Transactions & settings (encrypted at rest)

If you enable iCloud backup, your data can be encrypted and backed up to iCloud. This backup is encrypted with keys only you have access to — neither Apple nor PocketSafe can read it.

Third-Party Services

F
A

Apple

Distribution, subscriptions, crash reports

C

Cloudflare

Proxy infrastructure (no data stored)

Your Rights

  • Export all your data at any time (Settings → Export Data)
  • Delete all your data with one tap (deleting the app removes all local data)
  • Disconnect any bank account at any time
  • Update your consent preferences (Settings → Privacy)
  • Request deletion of your email from our waitlist
EU

For European Users (GDPR)

Under the General Data Protection Regulation, you have additional rights:

Right of Access (Art. 15)

Request a copy of your personal data

Right to Rectification (Art. 16)

Correct inaccurate personal data

Right to Erasure (Art. 17)

Request deletion of your personal data

Right to Restrict (Art. 18)

Limit how we use your data

Right to Portability (Art. 20)

Receive your data in a portable format

Right to Object (Art. 21)

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time

Right to Lodge a Complaint

File with your local supervisory authority

International Transfers: When you use Plaid or Finicity, your data may be transferred to the United States. These providers maintain appropriate safeguards including Standard Contractual Clauses.

CA

For California Residents (CCPA/CPRA)

Categories of Personal Information Collected

  • • Identifiers (email address, hashed device ID)
  • • Commercial information (subscription status)
  • • Internet activity (app usage analytics, if opted-in)

We Do Not Sell Your Personal Information

PocketSafe does not sell, rent, or share your personal information for monetary or other valuable consideration. We do not engage in cross-context behavioral advertising.

Your California Privacy Rights

Right to Know: Request what we collect
Right to Delete: Request deletion
Right to Correct: Fix inaccuracies
Non-Discrimination: Equal service

Exercising Your Rights: Contact us at privacy@pocketsafe.app. We will respond within 45 days.

Data Retention

Your financial data is stored only on your device — retention is entirely under your control. Delete the app, and all your data is gone.

Data Type Retention Period
Waitlist emails Until removal request or conversion
Subscription records As required by Apple/tax laws
Crash reports 90 days
Anonymous analytics 2 years (aggregated)

Children's Privacy

PocketSafe is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@pocketsafe.app.

Security

TLS 1.3 encryption for all communications
Certificate pinning (MITM protection)
Hardware-backed Secure Enclave encryption
Biometric authentication (Face ID/Touch ID)
Rate limiting and security headers on API

Contact Us

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Notifying you within the app (for significant changes)
  • Sending an email (for material changes affecting your data)

Your continued use of the App after changes constitutes acceptance of the new Privacy Policy.