⚠️ Draft — not yet reviewed by legal counsel. This Privacy Policy must be reviewed by a German data protection lawyer before the app is promoted to real users. Budget ~€500. Required before first user onboards. Contact: hello@pocketmoneyadvisor.com

Privacy Policy

Last updated: June 2026 · Version 1.0 (Beta)

Pocket Money Advisor ("we", "us", "our") is committed to protecting your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law (BDSG).

1. Who We Are (Controller)

The data controller for this service is:

Pocket Money Advisor
[Legal entity name to be confirmed — pending UG/GmbH formation]
[Address — pending registration]
Email: hello@pocketmoneyadvisor.com

2. What Data We Collect and Why

Data	Source	Purpose	Legal basis (GDPR Art. 6)
Email address, full name, profile picture	Clerk authentication provider (sign-up / OAuth)	Account identification and communication	Art. 6(1)(b) — contract performance
Financial goals questionnaire responses	User input on first login	Personalising the dashboard experience	Art. 6(1)(a) — consent
Imported bank transaction data (CSV)	User-uploaded CSV export from their bank	Spending analysis, categorisation, insights	Art. 6(1)(a) — explicit consent; Art. 6(1)(b) — service provision
App preferences (language, currency, notifications)	Settings page	Personalising your experience	Art. 6(1)(b) — contract performance
In-app feedback (page rating, optional comment)	Feedback widget	Product improvement	Art. 6(1)(a) — consent
Waitlist sign-up (email, interest areas)	Waitlist form	Notifying you when premium features launch	Art. 6(1)(a) — consent
Error and performance data (Sentry)	Automatic — browser and server	Bug detection and reliability	Art. 6(1)(f) — legitimate interest

3. How We Store and Protect Your Data

3.1 Database

All personal data is stored in a PostgreSQL database hosted on Supabase EU (Frankfurt, Germany) — within the European Economic Area. Data is encrypted at rest and in transit (TLS).

3.2 Authentication

Authentication is handled by Clerk (clerk.com), which processes your email and identity data. Clerk is GDPR-compliant and can be configured for EU data residency. See Clerk's Privacy Policy.

3.3 CSV Import Data

When you upload a bank CSV export, the file is processed in memory on our server and never stored as a raw file. Only the parsed and normalised transaction rows (date, description, amount, category) are stored in our database. The original CSV file is discarded immediately after parsing.

Your bank credentials are never requested or stored. CSV import is entirely offline — no connection is made to your bank.

3.4 Error Tracking

We use Sentry to capture application errors. Error reports may include IP addresses, browser type, and anonymised stack traces. Sentry processes data under a Data Processing Agreement. No financial transaction data is included in error reports.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following processors under GDPR-compliant agreements:

Supabase — database hosting (Frankfurt, EU)
Clerk — authentication
Sentry — error tracking
Hostinger — VPS hosting (EU server)

No data is transferred outside the EU/EEA.

5. Data Retention

Data type	Retention period
Account data	Until account deletion
Transaction data (CSV imports)	Until account deletion or manual deletion of the import
Questionnaire responses	Until account deletion
Feedback submissions	Until account deletion, or 2 years after submission
Waitlist entries	Until you request removal or premium launches
Error logs (Sentry)	30 days

6. Your Rights Under GDPR

You have the following rights:

Access: request a copy of all data we hold about you
Portability: download your data as JSON via Settings → Export my data
Rectification: correct inaccurate data via the Settings page
Erasure ("right to be forgotten"): delete your account and all associated data via Settings → Danger Zone → Delete Account. All data is permanently deleted within 24 hours.
Restriction: request that we stop processing your data in certain circumstances
Objection: object to processing based on legitimate interest
Withdraw consent: where processing is based on consent, you may withdraw at any time

To exercise any right, email hello@pocketmoneyadvisor.com. We will respond within 30 days.

7. Cookies and Local Storage

We use localStorage in your browser to store your preferences (language, currency, onboarding status). We use session cookies issued by Clerk for authentication. No marketing or advertising cookies are set.

We will ask for your consent before setting any non-essential cookies (analytics, error tracking).

8. Children

This service is not directed at users under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy. We will notify you of material changes via email (if provided) or a prominent notice in the app. Continued use after notification constitutes acceptance.

10. Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or the relevant state authority (Landesbeauftragter).

11. Contact

Data protection enquiries: hello@pocketmoneyadvisor.com

🇪🇺 GDPR compliant 🏛️ Hosted in Europe 🔒 No data sold 📂 CSV — no bank credentials stored