Privacy Policy
Effective date: 2026-06-28 Last updated: 2026-06-28
1. Who we are
Pocketz (the "App") is operated by Michael Ostrovskii ("we", "us", "our"), based in Israel. You can contact us at [email protected].
Pocketz is a virtual ledger for tracking allowances, chores, points, screen time, and other family "currencies." Pocketz does not hold, process, or transfer real money. All balances are virtual entries within the App.
2. Our privacy-first design: no account, no personal data
Pocketz is anonymous by default. You do not create an account, and you do not give us your name, email, or password to use the App.
When you first open Pocketz, the App generates a random, meaningless account
identifier (for example, anon_4f3c…) and stores a secret key on your device
(in the system Keychain/Keystore) so the App can sign you back in automatically.
We never see a real-world identity tied to that account.
2.1 What we collect by default
| Category | Examples | Purpose |
|---|---|---|
| Anonymous account ID | App-generated identifier (anon_…) |
Identifies your data on our server; not linked to any real-world identity |
| Display name (optional) | A nickname you may type (e.g. "Alex") | Shown in the App and in shared accounts; you choose whether to set one |
| Ledger data | Virtual balances, deposits, withdrawals, recurring rules, account and currency names | Core feature |
| Sharing data | Invite tokens, shared-user permissions | Account sharing |
| Device/session | Access and refresh tokens, revoked-token list | Keeping you signed in; security |
| Security signals | IP address used for rate-limiting and active-session records | Abuse prevention and letting you see/curtail your sessions |
| Diagnostics | Crash reports, error events, request IDs (via Sentry) | Reliability |
The display name is a nickname, not verified contact information. Please do not enter a full legal name or other identifying details you don't want shown to people you share an account with.
2.2 What we collect only if you turn on Backup & Sync (optional)
Anonymous accounts live on the device. If you want to recover your account on a new device, you can optionally link Sign in with Apple or Google Sign-In under the "You" tab. Only if you choose this do we receive and store:
| Category | Examples | Purpose |
|---|---|---|
| Provider identifier | The stable user ID ("sub") from Apple or Google | Recovering/recognizing your account on another device |
| Email / name from the provider | Whatever Apple or Google passes us | Linking the backup to your account |
You can use Pocketz fully without ever enabling this.
2.3 What we never collect
Payment card data, bank details, government IDs, biometric data (Face ID / Touch ID / PIN are handled on your device only and never sent to us), precise location, contacts, photos from your library, or advertising identifiers. We use no third-party advertising or cross-app tracking SDKs.
3. How we use the information
- Operate the App and provide the features you request.
- Keep you signed in and protect your account (rate limits, token blacklist, session management).
- Improve reliability through crash and error reporting.
We do not sell your data, not use it for behavioral advertising, and not run behavioral analytics. We send no marketing email (anonymous accounts have no email to send to).
4. Legal basis (EEA/UK users — GDPR)
| Purpose | Legal basis |
|---|---|
| Provide the App's features (anonymous account, ledger, sharing) | Performance of contract (Art. 6(1)(b)) |
| Optional Backup & Sync via Sign in with Apple / Google | Performance of contract; you choose to enable it |
| Security, fraud prevention, rate limiting | Legitimate interests (Art. 6(1)(f)) |
| Crash/error reporting | Legitimate interests (Art. 6(1)(f)) |
5. Sub-processors
We use the following service providers. They process data on our behalf under contract.
| Provider | Purpose | Region |
|---|---|---|
| Fly.io | Backend hosting | Frankfurt, EU |
| Neon (managed PostgreSQL) | Managed database | EU |
| Sentry | Crash & error reporting | EU/US |
| Resend (transactional email only) | Transactional email (only where an email exists, e.g. legacy or support) | Global |
| Apple / Google | App distribution; optional Sign in with Apple / Google identity verification (only if you enable Backup & Sync) | Global |
6. Data retention
- Active accounts: retained while the account exists on our server.
- Deleted accounts: when you choose "Delete my account," your data is purged within 30 days, except where law requires longer retention.
- Security/session records and audit logs: retained for 30 days for abuse investigation, then deleted.
- Backups: retained for 30 days; deletion requests propagate on the next backup rotation.
Because anonymous accounts have no email or name, the practical way to delete your data is the in-app Delete my account action (under the "You" tab).
7. Your rights
You may:
- Access the data we hold about your account.
- Correct inaccurate data (most fields, including your display name, are editable in-app).
- Delete your account and associated data (in-app, under "You").
- Object to certain processing or lodge a complaint with your data protection authority.
For an anonymous account, the in-app controls are the fastest route. For anything else, contact [email protected]; we respond within 30 days. (Note: because we hold no real-world identity for anonymous accounts, we may be unable to locate your data from an email alone — please use the in-app controls where possible.)
8. Children
Pocketz collects no personal information by default — no name, email, phone number, or contact details — from anyone, including children. A child can use the App on their own device with an anonymous account, or be invited by a parent to a shared account, without providing personal data to us.
- The optional display name is a nickname and is not required.
- Backup & Sync uses Sign in with Apple / Google, which require an Apple/Google account governed by those providers' own age rules; it is an optional, opt-in feature.
- There is no chat/messaging, no photo upload of library images to us, no location collection, no advertising, and no behavioral profiling.
Because we do not collect personal information from children, the App is designed
to avoid the obligations that COPPA (US) and similar laws impose on services that
do. See COPPA_ASSESSMENT.md for our operational stance. If you believe a child
has provided us personal data, contact [email protected] and we will delete
it.
9. Security
We use industry-standard measures: TLS in transit; an app-held secret stored in the device Keychain/Keystore for anonymous sign-in; JWT access/refresh tokens with a server-side blacklist; rate limiting; security headers; and audit logging. No system is perfectly secure; we will notify affected users (where we have a way to reach them) of any breach within 72 hours where required.
10. International transfers
Our primary data store is in the EU. Where data is transferred outside the EEA/UK (e.g. to Sentry or to Apple/Google for optional OAuth), we rely on Standard Contractual Clauses or equivalent safeguards.
11. Changes
We will notify you in-app of material changes at least 14 days before they take effect.
12. Contact
Michael Ostrovskii — [email protected]