Security & Privacy

Security first.

Financial data is the most sensitive data you have. We treat it that way — and we deliberately limit our own access. Here is exactly how PocketSpend protects every transaction.

Read-only bank access

Every Open Banking connection is read-only. The app can see your transactions — it cannot initiate payments, change beneficiaries, or move money. Enforced at the provider API contract level.

Credentials never touch us

You authenticate inside the bank's own consent flow (opened in SFSafariViewController on iOS, Chrome Custom Tab on Android). Your bank returns a scoped, read-only token to your aggregator. We never see your username, password, or 2FA code.

Regulated aggregators

Plaid (US + Canada), Yapily (UK + EU + Ireland — FCA-authorised AISP), Basiq (Australia — CDR-accredited), and Lean Technologies (GCC — Central Bank of UAE regulated). Each is independently regulated under their jurisdiction's Open Banking framework.

Apple Sign-In + Email OTP

iOS users can sign in with Apple — Apple's privacy relay hides your email if you choose. Email OTP available across both platforms. No password to leak.

Biometric app lock

Face ID / Touch ID on iOS, and biometric unlock on Android (API 26+). Required before viewing balances or transactions. Toggleable per device.

Certificate pinning (iOS)

The iOS app pins the SPKI of our backend host. Even if a CA were compromised, a MITM'd connection would fail the pin check and the app would refuse to talk to it.

Row-level security

Per-user data is isolated at the database layer with row-level security policies. A user can never read another user's rows, even via a server bug.

iOS Privacy Manifest

We ship a PrivacyInfo.xcprivacy manifest declaring exactly which data types are collected and why — Apple's 2024 requirement, future-proofed.

No data selling. Ever.

We do not sell your data. We do not share transaction data with advertisers. Aggregated, anonymised cohort metrics may be used internally to improve categorisation models — never anything that could identify you.

One-tap account deletion

Tap "Delete account" in Settings. A server-side function wipes your profile, transactions, AI memory, and bank connections within seconds. No email tickets, no retention dark patterns.

GDPR / CCPA aligned

Right to access, right to delete, right to portability. Data subject requests via email get a CSV export and confirmation of deletion within 30 days.

Read-only is the only mode

We do not offer money-movement features. There is no payment-initiation surface, no bill-pay, no card issuance. This is a deliberate scope limit so the worst-case breach is still read-only.

Security & privacy questions

Can PocketSpend move money from my bank account?â–Ľ

No. Every Open Banking connection is read-only. The app can see your transactions but cannot initiate payments, change beneficiaries or move money. This is enforced at the provider API contract level and is a deliberate scope limit.

Does PocketSpend store my bank login credentials?â–Ľ

No. You authenticate inside your bank’s own consent flow (opened in SFSafariViewController on iOS, Chrome Custom Tab on Android). The bank returns a scoped, read-only OAuth token to your aggregator. We never see your username, password, or 2FA code.

Which Open Banking aggregators does PocketSpend use?â–Ľ

Plaid (US and Canada), Yapily (UK, EU and Ireland — FCA-authorised), Basiq (Australia — CDR-accredited), and Lean Technologies (Gulf — Central Bank of UAE regulated). Each is independently regulated under its jurisdiction’s Open Banking framework.

How does Apple Sign-In work in PocketSpend?â–Ľ

iOS users can sign in with Apple. Apple’s privacy relay can hide your real email if you choose. We also support email OTP across iOS and Android. There is no password to leak.

Is biometric app lock required?â–Ľ

It is toggleable per device. Once enabled, Face ID, Touch ID or Android fingerprint / face unlock is required before viewing balances or transactions.

What is certificate pinning?â–Ľ

The iOS app pins the SPKI of our backend host. Even if a certificate authority were compromised, a man-in-the-middle connection would fail the pin check and the app would refuse to talk to it.

Does PocketSpend sell my data?â–Ľ

No. We do not sell user data, and we do not share transaction data with advertisers. The business is funded entirely by subscriptions.

How do I delete my PocketSpend account?â–Ľ

Tap "Delete account" in Settings. A server-side function wipes your profile, transactions, AI memory and bank connections within seconds. No email tickets, no retention prompts.

Is PocketSpend GDPR compliant?â–Ľ

Yes. We are aligned with UK GDPR, EU GDPR, CCPA (US), CDR Privacy Safeguards (Australia) and CBUAE Open Finance. Data subject requests get a CSV export and confirmation of deletion within 30 days.

Report a vulnerability

Found something? Email security@pocketspend.cloud with reproduction steps. We aim to acknowledge within 24 hours.