PocketLedgerPrivacy Policy
Last updated: May 26, 2026
PocketLedger helps you record, search, and report personal finance transactions through the web app and connected AI assistants such as ChatGPT. This policy explains what we collect, why we collect it, and how you can control it.
Information we collect
- Account information, such as your email address, password hash, locale, timezone, and default currency.
- Financial records you create, including transaction amounts, currencies, merchants, categories, dates, notes, and parsed expense text.
- OAuth and integration data, including connected client names, granted scopes, access tokens, refresh tokens, consent records, and token revocations.
- Operational logs needed for security, idempotency, audit trails, debugging, fraud prevention, and abuse prevention.
How we use information
- To provide expense logging, reports, categories, search, undo, restore, and MCP tool access.
- To authenticate you, secure your account, honor OAuth scopes, and prevent duplicate write actions.
- To respond to export and deletion requests.
- To improve reliability, detect abuse, and maintain service integrity.
AI assistant integrations
When you connect PocketLedger to ChatGPT or another MCP-compatible assistant, that assistant can call only the tools and scopes you approve. Read-only scopes allow account, category, transaction, or report access. Write scopes allow creating, updating, deleting, restoring, or undoing transactions. You can revoke access by signing out, revoking tokens, or contacting support.
Data sharing
We do not sell personal data. We share data only as needed to provide the service, comply with law, protect PocketLedger and users, or operate infrastructure providers such as hosting, database, email, and logging providers.
Retention and deletion
You can request an export or account deletion from your account endpoints. Deletion requests schedule hard deletion after 30 days. Some security, audit, and transaction integrity records may be retained where required to prevent abuse, resolve disputes, meet legal duties, or preserve an accurate audit trail.
Your choices
- Request a data export at
/privacy/export/. - Request account deletion at
/privacy/delete-account/. - Disconnect AI clients by revoking OAuth access or contacting support.
- Contact us about privacy questions at [email protected].
Security
We use HTTPS, secure cookies in production, OAuth2 authorization code flow with PKCE, scoped tokens, idempotency checks for write tools, and audit logs for sensitive transaction actions. No system is perfect, so please report suspected issues to [email protected].
Children
PocketLedger is not intended for children under 13 or for anyone below the minimum age required in their jurisdiction.
Changes
We may update this policy as the product changes. Material changes will be reflected on this page and, when appropriate, communicated through the app or email.