Privacy Policy

1. Introduction

FitPockets LLC ("FitPockets," "we," "us," or "our") operates the FitPockets iOS application (the "App") and the website located at fitpockets.co (the "Site"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

We built FitPockets with privacy as a core design principle. Your financial data lives primarily on your device, we never sell your personal information, and when you use optional features that require cloud processing, we strip personally identifiable information before it leaves your device whenever possible.

By using FitPockets, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App or Site.

2. Information We Collect

The information we collect depends on which features of FitPockets you use. Most of your financial data stays on your device and is never transmitted to us.

2.1 Information You Provide Directly

• Account Information. When you create an account, we collect your email address and a securely hashed password.
• Profile & Household Information. Optional display name, and — if you invite a household member — information needed to route the secure invite link (e.g., the invited user's email).
• Financial Information You Enter Manually. Income, bills, budgets, debts, assets, pay schedules, and goals. On the free tier, this data is stored only on your device in encrypted local storage and is never transmitted to our servers.
• Support Requests. If you contact us (support@fitpockets.co or via the contact form), we collect the information you submit (name, email, message contents).

2.2 Information Collected Automatically

• Device & Usage Data. We use Firebase Analytics and Firebase Crashlytics to collect non-identifying information about how the App is used and to diagnose crashes. This includes: anonymized device identifiers, iOS version, device model, app version, crash logs, and in-app event names (for example, "subscription upgraded" or "coaching chat message sent"). We do not collect the contents of your messages, the amounts in your budget, or any personally identifiable financial data through analytics.
• Subscription Status. When you purchase a subscription, Apple provides us with a receipt identifier that tells us which tier you are on. Apple handles all payment information — we never see your credit card number or billing address.

2.3 Information From Connected Services (Optional, Paid Tiers Only)

If you are a Semi-Pro, Pro, or Elite subscriber and choose to opt in, we collect additional data through the following third-party integrations:

• Plaid (Bank Connectivity — Semi-Pro and above). When you connect a financial institution, Plaid provides us with: account balances, account metadata (account type, institution name, account mask), and transaction history. Plaid is independently responsible for the direct collection of your online banking credentials; FitPockets never sees or stores your bank login credentials. Plaid's practices are governed by the Plaid End User Privacy Policy.
• Plaid Investments (Investment Holdings — Elite). For Elite subscribers who connect brokerage accounts, we also collect holdings data: security symbol, share quantity, market value, and (when available) cost basis.
• Anthropic (AI Financial Coach — Pro and above). See Section 4 for a detailed description of what is and is not sent to Anthropic.

2.4 Information We Do Not Collect

• We do not collect your Social Security Number, full date of birth, or government ID numbers.
• We do not collect your precise geolocation.
• We do not access your contacts, photos, microphone, or camera except where you explicitly initiate such an action (for example, choosing a profile photo).
• We do not collect biometric data. Face ID and Touch ID authentication happens entirely on your device; Apple does not share your biometric data with us.

3. How Your Data Is Stored

3.1 Local-First Architecture

By default, FitPockets stores your financial data on your device using Apple's Core Data framework, protected by:

• iOS File Protection (.completeUntilFirstUserAuthentication), which encrypts the data at rest.
• Encryption keys stored in the iOS Keychain, which is hardware-backed on modern Apple devices.
• No sensitive values written to system logs.
• Optional Face ID or Touch ID lock that you can enable in Settings.

If you use only the free (Rookie) tier, your financial data never leaves your device.

3.2 Cloud Storage (Paid Tiers Only)

If you upgrade to Semi-Pro or higher, the following data is synced to Google Firebase (Firestore) so that household members can collaborate and so that bank data can be securely processed:

• Your account identifier and email
• Household membership and permissions
• Bank account metadata and transactions (only if you opt into Plaid)
• Investment holdings (Elite only, via Plaid Investments)
• Subscription tier
• AI coaching rate-limit counters (no message contents)

Cloud data is protected by Firestore Security Rules that restrict each user's access to only their own data and the data of household members who have explicitly granted access. Household invite tokens are cryptographically signed (HMAC) and expire after 72 hours. Plaid access tokens are encrypted with AES-256-GCM before being stored.

4. How the AI Financial Coach Uses Your Data (Pro and Elite Tiers)

Because AI features are sensitive, this section describes our AI data practices in detail. When you use the AI Financial Coach, your question and a sanitized summary of your financial context are sent to Anthropic's Claude API through a secured Firebase Cloud Function. Anthropic processes the request and returns a text response.

4.1 What We Send to Anthropic

• Relative dollar amounts (for example, "credit card balance $10,900")
• Category labels (for example, "Dining," "Mortgage," "Emergency Fund")
• Relative time references (for example, "next Friday's paycheck")
• Your question or conversation turn

4.2 What We Do Not Send to Anthropic

• Your name, email address, or user ID
• Account numbers, account masks, or institution names
• Physical or mailing addresses
• Any information sufficient, on its own, to identify you as an individual

This is enforced in code by a module called the Financial Data Sanitizer, which runs on your device before any request is made.

4.3 Rate Limiting and Retention

• AI coaching is rate-limited to 50 requests per user per day to prevent abuse and control cost.
• We log the number of tokens used per request for cost monitoring; these logs do not contain the text of your messages.
• Conversation history is maintained for the last 10 messages within an active chat session to provide context, and is cleared when you end the session.

4.4 Anthropic's Role

Anthropic is a third-party data processor. We do not authorize Anthropic to use your data to train its models. Anthropic's handling of API requests is governed by its own terms, available at anthropic.com/privacy.

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App and its features.
• Calculate your FitPockets Index (FPI) score and financial projections on your device.
• Process subscription payments (through Apple).
• Sync data between household members when you have opted into a shared household.
• Respond to support requests, bug reports, and feedback.
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
• Comply with legal obligations.
• Send you operational messages (for example, important changes to the App or this Policy). We do not send marketing emails without your consent.

We do not use your financial data to build advertising profiles, and we do not share it with data brokers.

6. How We Share Information

We share your information only in the limited circumstances below.

• Service Providers. We share data with vendors that help us operate the App: Google Firebase (hosting, auth, database, analytics, crash reporting), Plaid (bank connectivity, if you opt in), Anthropic (AI coaching, if you opt in, and only sanitized data), and Apple (app distribution and payments). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Household Members. If you invite another user to your household, they will be able to view the household data you have shared with them, according to the permission level you grant (View Only or View and Edit).
• Legal Requirements. We may disclose information when legally required to do so (for example, in response to a subpoena or court order), to protect our legal rights, or to protect the safety of our users or the public.
• Business Transfers. If FitPockets is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We do not sell your personal information, and we do not "share" it as that term is defined under the California Consumer Privacy Act (for cross-context behavioral advertising).

7. Your Rights and Choices

7.1 All Users

• Access. You can view most of your data directly in the App. To request a copy of data we hold about you on our servers, contact support@fitpockets.co.
• Correction. You can correct most information directly in the App. For information you cannot edit in the App, contact us.
• Deletion. You can delete your account and associated server-side data at any time from within the App (Settings → Account → Delete Account) or by visiting fitpockets.co/delete-account. Deletion is permanent.
• Export. You can export your financial data as a PDF from within the App. Additional export formats may be added in the future.
• Disconnect Integrations. You can disconnect Plaid at any time in Settings; this immediately revokes Plaid's ability to access your bank data and deletes the associated access tokens from our servers.
• Disable Analytics. You can limit certain data collection by enabling "Limit Ad Tracking" or equivalent controls in your iOS device settings.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we have collected about you; (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information (we do not sell or share personal information); and (e) be free from discrimination for exercising these rights. To exercise these rights, contact support@fitpockets.co. You may also designate an authorized agent to make requests on your behalf.

7.3 European Economic Area, United Kingdom, and Switzerland Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the GDPR and comparable laws, including the right to object to processing, restrict processing, and data portability. Our legal basis for processing is typically: (i) performance of a contract (to provide the App); (ii) your consent (for optional features like Plaid and AI coaching); and (iii) our legitimate interests (to secure and improve the App). To exercise your rights, contact support@fitpockets.co.

8. Data Retention

• We retain account information for as long as your account is active.
• When you delete your account, we delete associated server-side data within 30 days, except where we are required to retain certain records to comply with legal obligations (for example, tax and financial records), resolve disputes, or enforce our agreements.
• Backups are retained on a rolling basis and purged within 90 days.
• Anonymized analytics data may be retained indefinitely because it cannot be linked back to you.

9. Children's Privacy

FitPockets is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe a child has provided us with personal information, please contact support@fitpockets.co.

10. International Users

FitPockets is operated from the United States. If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States. U.S. law may provide different protections than the laws of your jurisdiction.

11. Security

We use industry-standard measures to protect your information, including:

• Encryption at rest (Core Data with iOS File Protection; AES-256-GCM for Plaid tokens)
• Encryption in transit (TLS 1.2+)
• Firestore Security Rules that enforce per-user and per-household access
• API keys for third-party services stored server-side in Firebase configuration, never on the device
• Hardware-backed key storage via the iOS Keychain

No method of transmission or storage is 100% secure. If we become aware of a security incident that affects your personal information, we will notify you as required by applicable law.

12. Third-Party Services

FitPockets integrates with the following third-party services. Their privacy practices are governed by their own policies:

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App, by email, or by updating the "Last Updated" date at the top of this page. Your continued use of the App after the effective date of an updated Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: