Pocket Pilot Privacy Policy

Effective date: February 20, 2026

This Privacy Policy explains how Pocket Pilot ("Pocket Pilot", "we", "us", or "our") collects, uses, stores, and shares information when you use our mobile application and related services (the "Service").

For app-store compliance: Pocket Pilot is a personal finance coaching app that provides budgeting tools, transaction tracking, receipt OCR, watchlist/trade logging, AI-generated financial insights, and login security features including OTP email verification.

1) Information We Collect

Depending on how you use the Service, we may collect the following categories of data:

Account and identity data: email address, full name, sign-in credentials (handled through Supabase Authentication), and optional Google sign-in identity token.
Profile data: display name, preferred currency, monthly income, salary date, phone number, emergency fund settings, monthly savings goal, notification preferences, and optional profile picture.
Financial data you provide: transactions (title, amount, category, type, date, notes), budgets, emergency fund values, stock trade logs, and stock watchlist entries.
Receipt and media data: receipt images and related extracted fields (for OCR), and optional profile image content.
Security and login data: one-time passcodes (OTP) sent to your email during MFA-style login flow.
Notification data: local notification preferences and scheduling metadata stored on your device.
Technical/network data: basic request metadata such as IP address and device/network information that may be processed by our hosting and infrastructure providers.

2) Device Permissions

Camera: used when you choose to capture receipt photos in-app.
Photo library/media: used when you choose receipt or image uploads from your device.
Notifications: used for reminders and budgeting/report notifications that you enable.

Permissions are requested at runtime and can be changed in your device settings.

3) How We Use Information

To create and manage your account and authenticate access.
To provide budgeting, transaction tracking, and emergency-fund features.
To process receipt images and extract structured transaction details via OCR/AI services.
To generate AI-based savings tips and investment ideas.
To send OTP emails for login verification.
To provide watchlist and stock-trade logging features.
To schedule and deliver local notifications you request.
To maintain security, prevent abuse, and improve reliability/performance.

4) Third-Party Services and Data Sharing

We do not sell your personal data. We share data only as needed to operate the Service with service providers:

Supabase (authentication, database, storage): account data, profile data, financial records, receipt URLs/content, and app-related records you save.
OpenAI (AI processing via backend): receipt image/base64 content for OCR extraction and transaction/budget payloads for AI savings insight generation.
Yahoo Finance / yfinance (market data): stock symbol requests and related market lookups.
Google Sign-In (optional auth method): identity token used for social login when you choose Google sign-in.
Gmail SMTP (OTP delivery): recipient email and OTP content for authentication emails.
Hosting/Infrastructure providers (API hosting): backend request handling and operational logs.

5) Data Storage and Security

App sessions are persisted using encrypted local storage mechanisms (SecureStore + encrypted AsyncStorage strategy in app code).
Financial and profile records are stored in Supabase services.
We apply technical and organizational safeguards, but no system is 100% secure.

6) Data Retention

We retain account and in-app data for as long as needed to provide the Service or comply with legal obligations.
OTP data is intended for short-lived verification use.
You can remove many records in-app (for example, budgets/watchlist entries), and may contact us for account/data requests.

7) International Processing

Your data may be processed in countries where our providers operate. By using the Service, you understand that data may be transferred and processed outside your country, subject to applicable legal safeguards.

8) Your Privacy Rights

Depending on your jurisdiction, you may have rights such as access, correction, deletion, portability, and objection/restriction of certain processing. You may also withdraw consent for optional permissions (e.g., camera/notifications) through device settings.

9) Children’s Privacy

Pocket Pilot is not directed to children under 13 (or equivalent minimum age in your region). We do not knowingly collect personal information from children. If you believe a child has provided data, contact us to request deletion.

10) Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date. Continued use of the Service after updates means you accept the revised policy.

11) Contact

If you have privacy questions or requests, contact us at: pocketpilot8@gmail.com