Last updated: 16 June 2026
Pouch ("we", "our", or "the app") is a personal finance and budgeting app. This policy explains what data Pouch handles, why, and the choices you have. We built Pouch to be privacy-first: most of your data stays on your device, and you stay in control.
Contact: For any privacy question or request, email: vkforge001@gmail.com.
Account information. When you sign in with email or Google, we receive your email address (and, for Google sign-in, your basic profile) through Firebase Authentication to create and secure your account.
Financial data you enter or approve. Transactions, budgets, goals, debts, recurring rules, categories, and app settings. This is the core data the app exists to help you manage.
Optional profile photo. If you add one, it is stored with your profile.
Subscription status. If you purchase Pouch Pro, our payments partner (RevenueCat, with Google Play Billing) tells us whether your subscription is active. We never receive your card or payment details.
We do not collect your contacts, location, microphone, or browsing history.
Pouch includes an optional feature called Auto-Track that can log your spending automatically by reading the notifications your payment apps post (for example, a "You paid ¥1,170" notification from Google Wallet or PayPay).
This feature is off by default and works only if you explicitly turn it on. When you do, the following is true:
You choose exactly which apps Pouch may read. Only the payment apps you switch on are ever read. Notifications from every other app — including messages, email, and personal apps — are ignored and never processed.
All reading happens on your device. Pouch extracts only the amount, merchant, and date from a payment notification. The original notification text is processed locally and is never uploaded to our servers or any third party.
You review before anything is saved (unless you opt in to automatic adding).
You can turn it off any time, either inside Pouch or by revoking notification access in your phone's system settings.
Pouch does not read SMS messages or email. Auto-Track only works with dedicated payment apps you select.
To enable Auto-Track, Android requires the Notification access permission (BIND_NOTIFICATION_LISTENER_SERVICE). Pouch requests it solely for the purpose described above.
On your device. By default, your financial data is stored locally on your phone.
In the cloud (Pouch Pro). If you subscribe to Pouch Pro and enable cloud sync, your data is stored in Google Firebase (Cloud Firestore) under your account so it can sync across your devices and be backed up. Data in transit is encrypted (HTTPS/TLS). Access is restricted to your authenticated account.
We use your data only to:
Provide the app's features (tracking, budgets, goals, recurring automation, reports).
Sync and back up your data across your devices (Pro).
Send you notifications you have enabled (e.g. weekly summary, budget alerts) — you can turn each type off in Settings → Notifications.
Verify your subscription status.
Diagnose crashes and improve the app (see "Analytics" below).
We do not sell your personal data. We do not use your financial data for advertising.
Pouch uses the following service providers, each under their own privacy terms:
Google Firebase (Authentication, Cloud Firestore, Cloud Messaging, Crashlytics, Analytics, Remote Config) — backend, sync, crash reporting, and anonymous usage analytics.
RevenueCat with Google Play Billing — subscription management.
Google ML Kit (on-device) — optional receipt-scanning text recognition runs entirely on your device; receipt images are not uploaded.
Analytics & crash data. We use Firebase Analytics and Crashlytics to understand which features are used and to fix crashes. This data is aggregated and does not include the content of your transactions or notifications.
We do not share your personal or financial data with third parties except:
The service providers above, strictly to operate the app.
If required by law or to protect rights and safety.
We never sell your data.
Cloud data is transmitted over encrypted connections (TLS) and stored in access- controlled Firebase, readable only by your authenticated account.
You can protect the app with a PIN and biometric (fingerprint/face) lock.
Notification content read by Auto-Track never leaves your device.
No method of storage or transmission is 100% secure, but we take reasonable measures to protect your information.
Delete your data / account. Settings includes options to delete your data and to permanently delete your account, which removes your data from our cloud.
Export your data. You can export your transactions to CSV or PDF.
Control notifications. Settings → Notifications lets you turn each notification type on or off.
Disable Auto-Track. Turn it off in Pouch, or revoke notification access in system settings, at any time.
Pouch is not directed to children under 13 (or the minimum age in your country) and we do not knowingly collect data from them.
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated in the app.
Questions or requests? Email vkforge001@gmail.com.