Privacy Policy

• We do not collect or store your credit card numbers, expiration dates, CVV, or any other payment instrument data.
• We do not connect to your bank, read transactions, or use any aggregator (Plaid, MX, Finicity, etc.).
• You add a card product(e.g. "Amex Platinum"); we map its benefits. You log when you use a benefit. That's the data.
• We use Sign in with Apple and only ever see the relay email Apple gives us.
• You can delete your account and all associated data at any time from inside the app or at walletbuddy.app/delete-account.

We collect the minimum information needed to operate WalletBuddy.

Account information

• Apple ID identifier and relay email.When you sign in with Apple, we receive a stable user identifier and an email address — which may be a private Apple relay address if you choose "Hide My Email."
• Display name (optional). Only if you provide it during sign-in.

Wallet & benefit usage data

• The credit card productsyou add to your wallet (e.g. "Chase Sapphire Reserve"). We do not ask for, see, or store your actual card number, expiration date, CVV, or cardholder name.
• The benefits you mark as used: which benefit, the date, and the dollar amount you logged.
• Notification preferences (which reset reminders you want to receive).

Subscription information

• If you purchase a WalletBuddy Pro subscription, the purchase is processed by Apple via in-app purchase. We receive a subscription status flag (active / inactive) through RevenueCat, our subscription-management provider. We do not receive your Apple ID payment details.

Device & diagnostic data

• Standard, anonymized product analytics (screens viewed, feature taps, app version, OS version, device model). We use PostHog for this; analytics events are not tied to your name or any payment identifier.
• Crash reports and performance traces to keep the app stable.
• Approximate region (derived from IP at the time of a request) for security and rate-limiting. We do not collect GPS or precise location.

• Operate the core features of the app — your wallet, benefit tracking, and reset reminders.
• Send local and push notifications you've enabled (e.g. reset reminders).
• Process and validate subscription entitlements through Apple and RevenueCat.
• Diagnose bugs, prevent abuse, and improve product quality.
• Respond when you contact support.
• Comply with legal obligations.

We do not sell your personal information, and we do not use your data for cross-context behavioral advertising.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract — to deliver the Service you requested; (b) legitimate interests — to keep the Service secure, improve product quality, and prevent fraud; (c) consent — for optional push notifications and certain analytics, which you can withdraw at any time in your device settings; and (d) compliance with legal obligations.

We share limited information with the providers below only as needed to run the Service. Each provider acts as a data processor on our behalf.

• Apple Inc. — Sign in with Apple, App Store distribution, in-app purchase, and push notification delivery.
• Convex — Our backend database and serverless functions. Your wallet and benefit data live here.
• RevenueCat — Subscription entitlement management.
• PostHog — Anonymized product analytics and crash telemetry.
• Expo (EAS) — App build, release, and over-the-air updates.
• Vercel — Hosting for walletbuddy.app.

We keep your account data for as long as your account is active. When you delete your account, we delete your wallet, your benefit usage history, and your account record within 30 days, except where we are required to retain limited records (e.g. subscription receipts) for legal, tax, or fraud-prevention purposes. Anonymized, aggregated analytics may persist with no link back to you.

We use industry-standard safeguards: TLS in transit, encryption at rest, hardened authentication via Apple, and least-privilege access to our backend. No system is perfectly secure, but because we do not store payment instrument data, the blast radius of any incident is intentionally small.

WalletBuddy is rated 17+ and is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us using the methods published on our support page and we will delete it.

Depending on where you live, you may have the right to access, correct, port, restrict, or delete the personal information we hold about you, and to object to or withdraw consent for certain processing. You can exercise most of these rights from inside the app:

• Access / export: Settings → Account → Export my data.
• Delete account: Settings → Account → Delete account, or at walletbuddy.app/delete-account.
• Push notifications: manage in your iOS Settings.

You can also reach us using the channels listed on our support page. California residents may exercise rights under the CCPA/CPRA, and EEA/UK residents may lodge a complaint with their data protection authority.

We process data in the United States. If you access WalletBuddy from outside the U.S., your information will be transferred to and processed in the U.S. by our service providers, who are bound by appropriate safeguards (standard contractual clauses where required).

If we make material changes, we will post the updated policy here and, where appropriate, notify you in the app. Continued use after the effective date means you accept the updated policy.

Questions or requests? Contact information will be published on our support page when WalletBuddy launches.