PocFin - Privacy Policy

Last updated: June 17, 2025

This Privacy Policy explains how PocFin ("the App," "we," "us," or "our") collects, uses, processes, stores, and protects your personal information when you use our mobile application. Your privacy is paramount to us, and we are committed to protecting your data in accordance with the Protection of Personal Information Act, 4 of 2013 ("POPIA") of South Africa, and other applicable data protection laws.

By using PocFin, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

PocFin is designed with your privacy in mind, focusing on minimal data collection necessary for the App's functionality. We collect the following types of information:

• Information You Provide Directly:
  • Account Information: When you create an account, we collect your email address and a password (stored securely as a hash). We do not collect your name, physical address, or phone number unless explicitly provided for support or specific optional features.
  • Financial Data: This includes all transactional data you manually input or choose to import (e.g., transaction amounts, dates, categories, descriptions), budget settings, financial goals, account balances (as entered by you), and any notes related to your financial activities.
  • Feedback & Support: If you contact us for support or provide feedback, we collect the information you provide in your communication.
• Information Collected Automatically (Non-Personal):
  • Device Information: We may collect non-personal information about the device you use to access PocFin, such as device type, operating system version, unique device identifiers (non-PII), and mobile network information.
  • Usage Data: We collect aggregated, anonymized usage statistics (e.g., features accessed, duration of use, crash reports). This data does not identify you personally and is used solely to improve the App's performance, stability, and user experience.
• Information NOT Collected:
  • PocFin explicitly does NOT collect, store, or have access to any sensitive financial credentials such as bank account numbers, credit/debit card numbers, PINs, or online banking login details. All financial data within PocFin is entered by the user or securely imported without PocFin directly handling or storing your banking credentials.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the App: To operate, deliver, and maintain PocFin's core functionalities, including tracking transactions, managing budgets, and displaying financial summaries.
• Account Management: To manage your account, verify your identity (for login purposes), and provide secure access to your data.
• To Improve and Personalize the App: We use aggregated, anonymized usage data to understand user behavior, troubleshoot issues, develop new features, and enhance overall user experience.
• Customer Support: To respond to your inquiries, provide technical support, and address any issues you may encounter.
• For AI Features (Opt-in only):
  • If you explicitly opt-in to use PocFin's AI-powered features, your financial data (as described in Section 1) will be processed by our AI algorithms.
  • The purpose of AI processing is to provide you with insights, categorize transactions, identify spending patterns, suggest budget adjustments, and generate personalized financial insights and reports.
  • Crucially, data used for AI model training and improvement will be anonymized or pseudonymized where possible and practical, and where required by law, to protect your personal identity. We will not use personally identifiable data from your account to train our public AI models without your explicit, separate consent.
• Security and Fraud Prevention: To protect PocFin, our users, and third parties from fraud, unauthorized access, and other malicious activity.
• Compliance with Legal Obligations: To comply with applicable laws, regulations, and legal processes (e.g., responding to lawful requests from public authorities).

3. Sharing Your Information

PocFin is committed to minimizing data sharing. We do not sell your personal financial data to third parties. We may share your information only in the following limited circumstances:

• With Your Consent: We may share information when you give us explicit consent to do so (e.g., when you choose to integrate with a specific third-party service).
• Service Providers: We may share information with trusted third-party service providers who perform services on our behalf, such as cloud hosting, analytics, error tracking, and email delivery. These providers are contractually obligated to protect your information and are only permitted to use it for the specific services they provide to us. They must adhere to data protection standards no less stringent than our own.
• Anonymized/Aggregated Data: We may share aggregated or anonymized data that cannot be used to identify you personally with partners, researchers, or for marketing purposes. This data provides general insights into user trends without compromising individual privacy.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction. We will notify you before your personal information becomes subject to a different Privacy Policy.

4. Data Security

We implement robust technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Data at rest on our servers is also encrypted.
• Access Controls: Access to your data is restricted to authorized personnel who need to access it for legitimate business purposes.
• Hashing: Passwords are never stored in plain text; they are stored as strong, one-way cryptographic hashes.
• Regular Security Audits: We regularly review our security practices and update them as necessary.
• No Sensitive Financial Credentials Stored: As stated, we do not store direct payment credentials, significantly reducing the risk associated with financial data breaches.

While we strive to use commercially acceptable means to protect your Personal Information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Data: Your account information and financial data are retained for the duration of your active account.
• Deleted Accounts: If you delete your account, we will initiate the process of deleting your personal and financial data from our active databases within a reasonable timeframe, subject to any legal obligations to retain certain data (e.g., for audit purposes or compliance with POPIA's Section 14). Anonymized or aggregated data derived from your information may be retained indefinitely for analytical and service improvement purposes.

6. Your Rights Under POPIA (South Africa)

As a data subject in South Africa, you have the following rights regarding your personal information under POPIA:

• Right to Be Informed: The right to be informed about the collection and use of your personal information (as outlined in this policy).
• Right of Access: The right to request access to the personal information we hold about you.
• Right to Rectification: The right to request that we correct or update inaccurate or incomplete personal information.
• Right to Erasure (Deletion): The right to request the deletion or destruction of your personal information, subject to certain legal exceptions (e.g., where we are required to retain it by law).
• Right to Object to Processing: The right to object to the processing of your personal information on reasonable grounds relating to your particular situation.
• Right to Object to Direct Marketing: The right to object to the processing of your personal information for direct marketing purposes.
• Right to Not Be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless specifically allowed by law.
• Right to Lodge a Complaint: The right to lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been violated.

To exercise any of these rights, please contact us using the information provided in Section 9 of this policy. We will respond to your request within the timeframe required by POPIA.

7. Third-Party Links and Services

PocFin may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party websites or services. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page within the App or on our website and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Your continued use of PocFin after any modifications constitutes your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data subject rights, please contact us

By using PocFin, you acknowledge that you have read, understood, and agree to this Privacy Policy.