Our Philosophy
We only store and collect what's necessary to give you the best experience on Pocketsaurus. We don't go beyond this to figure out your address, gender, age, income level, or anything else that isn't directly needed to help you manage your finances.
We will never sell your personal information to third parties. We will never sell your data to advertisers. Your financial data is yours.
What We Collect
We collect only what's required to provide the service:
- Account information — your name and email address, used for authentication and communication about your account.
- Financial data you enter — transactions, accounts, budgets, savings goals, and investment holdings that you manually add to the app.
- Usage data — basic analytics like page views and feature usage to improve the product. We do not track you across other websites.
What We Don't Collect
- Your bank login credentials — we never ask for or store your banking passwords.
- Your physical address, phone number, date of birth, or government ID.
- Your gender, age, income level, or demographic information.
- Browsing history outside of Pocketsaurus.
Data Security
- Encryption at rest — all data is encrypted at rest using AES-256 encryption at the infrastructure level.
- Encryption in transit — all connections use TLS/HTTPS. We enforce HSTS headers.
- Password security — passwords are hashed using bcrypt with a high cost factor. We never store plaintext passwords.
- Multi-factor authentication — optional TOTP-based MFA is available to protect your account.
- Session management — sessions expire after 1 hour of inactivity. JWT tokens are signed and verified on every request.
Third-Party Services
We use a limited number of third-party services to operate:
- Neon — database hosting (PostgreSQL). Your financial data is stored here, encrypted at rest.
- Vercel — application hosting. Handles serving the app and running server-side code.
- Midtrans — payment processing for subscriptions. We do not store your payment card details — Midtrans handles this directly.
- Yahoo Finance / Bibit — market data for investment tracking. We send ticker symbols to fetch prices. No personal data is shared.
- Open Exchange Rates — currency conversion rates. No personal data is shared.
We do not share your financial data with any of these services beyond what's necessary to provide the functionality described above.
Cookies
We use cookies strictly for authentication (session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Data Retention
We retain your data for as long as your account is active. Your financial history is kept so you can access historical reports, trends, and analysis.
If you delete your account, all your data — transactions, accounts, budgets, investments, and personal information — is permanently deleted from our systems. This action is irreversible.
Your Rights
You have the right to:
- Access — export all your data at any time from Settings.
- Correction — edit or update any of your financial data within the app.
- Deletion — permanently delete your account and all associated data.
- Portability — export your transactions and financial data in CSV format.
Children's Privacy
Pocketsaurus is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you via email or through the app. Your continued use of Pocketsaurus after changes are posted constitutes acceptance of the updated policy.