Privacy Policy

Last updated: April 7, 2026

PocketWatcher is operated by Logan Nickels ("we," "us," or "our"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Contact us anytime at support@trypocketwatcher.com.

1. Data We Collect

Account Information

• Email address and password — used for authentication. Passwords are hashed by our auth provider (Supabase) and are never stored in plain text.
• Apple ID token — if you sign in with Apple, we receive a token from Apple to verify your identity. We do not receive your Apple password.
• Display name and username — chosen by you during profile setup, visible to group members.
• Profile photo — optional, uploaded by you and stored in our cloud storage.

Financial Data

• Transaction data — merchant name, amount, date, and category for each transaction. This is synced from your bank through Plaid, or entered manually by you.
• Plaid access token — a secure token that allows us to sync your transactions. This is not your bank login. We cannot use it to make charges, transfers, or view your bank balance.
• Budget amount — the monthly budget you set within the app.

What we do NOT collect or store:

• Bank account numbers
• Bank login credentials
• Bank balances
• Routing numbers
• Credit or debit card numbers

Social and Group Data

• Group membership — which groups you belong to
• Privacy settings — the privacy level you set on each transaction (public, category-only, or private)
• Reports and blocks — if you report or block another user, we store that action and any reason you provide

Subscription Data

• Subscription status — whether you have an active subscription, managed through RevenueCat and Apple. We do not store your payment method or billing details — Apple handles all payment processing.

2. How We Use Your Data

We use your data to:

• Provide and operate the app (display transactions, compute budgets, rank leaderboards)
• Sync transactions from your bank via Plaid
• Show your spending activity to group members according to your privacy settings
• Process and manage your subscription
• Respond to support requests
• Review user reports and enforce our Terms of Service

We do not sell your data to anyone. We do not use your data for advertising. We do not share your financial data with any party other than the third-party services listed below that are necessary to run the app.

3. Third-Party Services

We use the following third-party services to operate PocketWatcher:

• Supabase — hosting, database, authentication, and file storage. Your data is stored on Supabase's infrastructure.
• Plaid — bank account connection and transaction syncing. Plaid accesses your bank data on your behalf per their own privacy policy.
• RevenueCat — subscription management. RevenueCat processes subscription status and anonymous purchase data.
• Apple — payment processing for subscriptions and app distribution via the App Store.

Each of these services has their own privacy policy governing how they handle your data.

4. Data Visibility to Other Users

When you join a group, other members can see:

• Your display name, username, and profile photo
• Your budget amount and percentage used (on the leaderboard)
• Your transactions, subject to the privacy level you set on each one:
  • Public: Merchant name, amount, category, and date
  • Category only: Category, amount, and date (merchant name hidden)
  • Private: Completely hidden from other members

You can change the privacy level of any transaction at any time.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account (Settings > Delete Account in the app), all of your data is permanently deleted from our systems, including:

• Your profile (name, username, avatar)
• All your transactions
• Your budgets
• Group memberships
• Plaid access tokens
• Reports and blocks

This deletion is irreversible.

6. Data Security

We take reasonable measures to protect your data:

• All data is transmitted over HTTPS (TLS encryption in transit)
• Passwords are hashed and never stored in plain text
• Plaid access tokens are stored server-side and are never exposed to other users
• Row Level Security (RLS) policies on our database ensure users can only access their own data and data shared within their groups

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

7. Your Rights

You have the right to:

• Access your data — your data is visible to you within the app at all times
• Correct your data — you can edit your profile, transactions, and privacy settings
• Delete your data — you can delete your entire account from within the app
• Control visibility — you choose what other group members can see via privacy settings

If you have questions or requests regarding your data, contact us at support@trypocketwatcher.com.

8. Children's Privacy

PocketWatcher is not intended for anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email. The "Last updated" date at the top will always reflect the most recent version.

10. Contact

Questions or concerns about your privacy? Reach us at support@trypocketwatcher.com.