This Privacy Policy explains how Pecunia Labs Corp. (“Pecunia”, “we”, “us”) collects, uses, shares, stores, and protects personal and financial data when you use Pecunia’s web and mobile apps and related services (the “Service”), including features described in our Product Breakdown (transaction aggregation, Pecunia Score, budgets, group goals, CSV/manual import, receipt scanning, social feed, AI insights).
Financial data: account/transaction data via Plaid (or similar), CSV uploads, receipt images/text, payment tokens (we do not store full card numbers or raw bank credentials).
Improve the product: analytics, model quality, anonymized research.
Communications: service messages, updates, marketing (with opt-out).
Legal bases where applicable: contract performance, user consent, and legitimate interests.
Who we share with
Service providers: Plaid (bank connectivity), AI providers (GPT API / Perplexity), Firebase/Google Cloud (Firestore, Storage, Hosting, Cloud Functions/Cloud Run), payment processors, analytics vendors. All under contractual safeguards (DPAs).
Legal requests: comply with court orders or legal requirements.
Aggregated data: anonymized insights that do not identify you.
User-shared data: anything you post publicly or share with other users in group features.
Retention
Transaction & financial data: up to 7 years for record-keeping and tax/audit needs.
AI logs (prompts/responses): up to 90 days (unless needed for investigations or legal holds).
Account data & backups: retained while account is active and per legal/operational requirements.
Account deletion requests are honored subject to legal obligations (fraud prevention, accounting).
Security
We apply industry-standard safeguards: TLS in transit; strong encryption at rest (e.g., AES-256 or equivalent); bcrypt for passwords; JWT with short expirations and revocable refresh tokens; MFA options; least-privilege IAM and Firebase Security Rules; KMS for secrets; logging, monitoring and regular security testing.
Although we take extensive steps to protect your information, no system is completely secure. Pecunia cannot guarantee absolute protection and is not liable for unauthorized access, breaches, or incidents outside of our reasonable control.
Your rights
You can request: access, correction, data portability (CSV/JSON export), deletion (subject to retention obligations), restriction/objection to processing, and withdrawal of consent where applicable. To exercise rights email support@pecunia.gg. We will verify requests and respond within 30 days where practicable.
Children
Pecunia is intended for users 13 years and older. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided data, we will delete it.
Breach notification
We maintain an incident response plan. Where required by law, we will notify affected users and regulators promptly (and within 72 hours where applicable).
Cross-border transfers
Data may be stored or processed in multiple countries (via Google Cloud, Plaid, AI providers). Transfers are protected by SCCs, DPAs, or other lawful safeguards.
Cookies & tracking
We use cookies and Firebase Analytics for operation and improvement. Opt-out controls are available in-app or via device/browser settings.
Automated decisions & AI
AI generates categorization, forecasts and the Pecunia Score. Outputs are informational only (not financial, tax or legal advice). You may opt out of certain automated personalization and can request human review or an explanation at support@pecunia.gg.
Contact & complaints
Privacy & Data: support@pecunia.gg
Support: support@pecunia.gg
You may also contact the Office of the Privacy Commissioner of Canada or your local data protection authority.
Implementation notes (for engineers)
Use Keychain / SecureStore for tokens on mobile (avoid AsyncStorage).
Store Plaid access tokens encrypted in KMS; implement revocation flow.
Minimize PII in prompts to AI providers; log what is sent; offer per-user AI opt-out.