PeggyPeggyDownload

Peggy Privacy Policy

Effective Date: May 8, 2026 Last Updated: May 8, 2026

This Privacy Policy describes how Brooklyn Social House LLC ("Brooklyn Social House," "we," "us," or "our"), the operator of the Peggy mobile application and any associated websites and services (collectively, "Peggy" or the "Service"), collects, uses, shares, and protects information about you. By using Peggy, you acknowledge and agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use Peggy.

1. About Peggy and What Makes It Different

Peggy is a personal finance application with a social, multiplayer dimension: users may form private "Circles" with friends and choose to share aggregated weekly summaries of their spending and savings within those Circles. Other users in your Circle can see these aggregated totals when you choose to share them. They never see your individual transactions, merchants, or balances. Section 5 of this Policy explains the multiplayer feature in detail.

This Privacy Policy applies to Peggy across iOS, any future Android or web versions, and our backend services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information. When you sign in to Peggy, we receive your Apple ID identifier and, on first sign-in only, the display name you provide via Sign in with Apple. We do not collect or store your Apple ID password. We do not require an email address; if Apple shares one (you may choose "Hide My Email"), we do not store it.
  • Profile information. Display name, avatar color, and (optionally) a monthly budget you set within the app.
  • Circle / friend information. Invite codes you generate or accept; identities of users you choose to add to your Circle.
  • Communications. Information you provide if you contact us for support (e.g., emails to daryl@peggymoney.com).

2.2 Information We Collect from Third Parties

Plaid (financial-account connections)

When you connect a financial account, you are routed through Plaid Inc. ("Plaid"), a third-party data network. Plaid (not Peggy) prompts you for your bank credentials. Plaid then provides Peggy with a token that allows us to retrieve financial information from your accounts, including:

  • Account metadata: institution name, account name, partial account number (e.g., "•••• 1234"), account type and subtype.
  • Transaction data: amount, date, merchant name, category, and pending status.
  • Account balances (only if explicitly required by a feature you use).

We do not receive your bank login credentials. Your relationship with Plaid is governed by Plaid's own End User Privacy Policy. Peggy will never ask you for online banking credentials directly.

Apple

Through Sign in with Apple, Apple shares with us your unique Apple ID identifier and (on first sign-in) the name you authorize Apple to release. We do not access your Apple Wallet, contacts, photos, or other on-device data unless explicitly permitted in-app.

Subscription / Payment Processing

If and when Peggy is a paid product, payments are processed exclusively by Apple In-App Purchase. Apple, not Peggy, processes your payment information. We receive only a transaction identifier and subscription status from Apple; we do not receive your credit card number, billing address, or other payment instrument details.

2.3 Information Collected Automatically

  • Device information. Device model, iOS version, app version, time zone, language, and an anonymized device identifier used to keep your sign-in session alive.
  • Usage information. Pages viewed within the app, feature interactions, error reports, and crash logs (used to diagnose bugs and improve the Service).
  • Log data. Server-side logs of HTTP requests (method, path, status, latency, authenticated user identifier). Logs are retained for ninety (90) days unless required longer for security or legal purposes.

2.4 Information We Do Not Collect

  • We do not collect your physical location (no GPS access).
  • We do not collect your contacts list unless you explicitly use the (future) Contacts-based friend-discovery feature, in which case contact information is hashed on your device before transmission and never stored in plaintext.
  • We do not collect biometric data — Face ID and Touch ID happen entirely on your device; we never receive your face or fingerprint data.
  • We do not maintain advertising profiles, behavioral tracking IDs, or third-party advertising SDKs.

3. How We Use Your Information

We use the information described in Section 2 to:

  • Provide the Service. Authenticate your sign-in, display your transactions, compute weekly summaries, render leaderboards within your Circle, send you in-app updates.
  • Personalize your experience. Categorize transactions, detect recurring subscriptions, populate budgets and progress bars, choose which "penguin" emotion to display.
  • Operate and secure the Service. Detect abuse, investigate security incidents, enforce our Terms of Use, comply with legal obligations.
  • Communicate with you. Respond to support requests, send important account or service messages.
  • Improve the Service. Aggregate and de-identify data to understand product usage and improve features. We do not use individual financial data to make decisions about you that produce legal or similarly significant effects.
  • Comply with law. Respond to lawful requests, prevent fraud, and meet our regulatory obligations.

We do not:

  • Sell your personal information.
  • Share your individual transactions with advertisers, data brokers, or any third party for marketing purposes.
  • Use your financial data to make credit decisions, set insurance rates, or any other adverse decision-making.

4. Legal Bases (for users in the EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Performance of a contract — to deliver the Service you signed up for.
  • Legitimate interests — to operate, secure, and improve the Service in ways you would reasonably expect.
  • Consent — for any optional sharing (e.g., joining a Circle, contact-based friend discovery), which you may withdraw at any time.
  • Legal obligation — where required by applicable law.

5. The Multiplayer / Social Feature ("Circles")

Peggy lets you compete with friends on weekly savings. This is opt-in and works as follows:

5.1 What is shared inside a Circle

When you join or create a Circle, the following information is visible to other Circle members for each completed week:

  • Your display name and avatar color.
  • The total dollars you spent that week.
  • The total dollars you saved that week (relative to a weekly portion of your monthly budget).
  • A breakdown of spending across six high-level categories (Housing, Food, Shopping, Transport, Entertainment, Other).
  • Your rank within the Circle.
  • Your monthly budget total (so the bar chart has a denominator).

5.2 What is NOT shared, ever

The following information is never shared with anyone in your Circle, regardless of any Circle settings:

  • Individual transactions, merchant names, or transaction amounts.
  • Account balances.
  • Account or routing numbers.
  • The identity of your bank or financial institutions.
  • Detailed subcategories or sub-merchant data.
  • Your real legal name (unless you chose your real name as your display name).
  • Your email address or phone number.

This boundary is enforced both at the database layer (a separate weekly_summaries table is the only source of friend-visible data) and at the application layer (the API endpoint serving Circle data physically cannot read your individual transactions).

5.3 Joining and leaving Circles

  • Joining a Circle requires accepting an invite (single-use, time-limited token) from the inviter. You are not added without your explicit action.
  • You can leave a Circle, mute yourself within a Circle, or remove a friend from your Circle at any time within the app. After you leave, your future weekly summaries are no longer shared with that Circle. Past summaries already viewed by Circle members may persist in their app cache.

5.4 Plaid + Circle interaction

Plaid receives no information about your Circle, Circle members, or your social activity within Peggy. Circle data is computed exclusively on Peggy's servers from data we have already received via Plaid.

6. How We Share Your Information

We share personal information only as described in this Section.

6.1 With service providers

We share information with third parties that perform services on our behalf and are contractually bound to use it only for those services:

ProviderPurposeWhat they receiveCompliance
PlaidBank account connection and transaction retrievalAccount-link token; in return, gives us your transactions and account metadataSOC 2 Type II, ISO 27001
Supabase (database)Encrypted storage of all account, transaction, and summary dataAll data described in Section 2, encrypted at restSOC 2 Type II
Hosting provider (e.g., Render)Backend runtime hostingBackend server runtime; HTTPS-encrypted traffic in transitSOC 2
AppleSign in with Apple, In-App PurchaseIdentity assertion; subscription receiptsApple Privacy Framework

6.2 With other Circle members

As described in Section 5, only the aggregated weekly summary data is shared with users you have invited or accepted into your Circle.

6.3 For legal reasons

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with a subpoena, court order, or other valid legal process.
  • Enforce our Terms of Use or this Privacy Policy.
  • Protect the rights, property, or safety of Brooklyn Social House, our users, or the public.
  • Investigate or prevent fraud, security violations, or technical problems.

We will challenge requests we believe are unlawful, overbroad, or improper.

6.4 In aggregated or de-identified form

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

6.5 Business transfers

If Brooklyn Social House is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you (e.g., by email or in-app notice) before your information becomes subject to a different privacy policy.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data and authentication: until you delete your account.
  • Transactions and weekly summaries: until you delete your account or disconnect the relevant Plaid item.
  • Plaid access tokens: until you disconnect the Plaid item or delete your account, at which point we revoke the token via Plaid and remove the encrypted blob from our database.
  • Server logs: ninety (90) days.
  • Aggregated, de-identified data: indefinitely (cannot be linked back to you).
  • Backups: Supabase performs encrypted daily backups with a seven (7) day point-in-time-recovery window.

When you delete your account (see Section 9.2), we cascade-delete your records across users, plaid_connections, transactions, weekly_summaries, circles, and circle_memberships, and revoke the Plaid item via Plaid's /item/remove API, typically within twenty-four (24) hours.

We may retain a minimal record of the deletion event for security and legal-compliance purposes.

8. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Apple Sign-In only. No passwords are stored.
  • Encryption in transit. TLS 1.2+ on all client-server communications, with HSTS headers enforced.
  • Encryption at rest. All data is encrypted at rest by Supabase using AES-256 disk-level encryption. Plaid access tokens are additionally encrypted at the application layer using Fernet (AES-128-CBC + HMAC-SHA256) with a 256-bit key held in production environment variables only.
  • Token security. Authentication tokens are stored in iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly and never sync to other devices.
  • Biometric lock. The app re-authenticates you via Face ID or Touch ID after five (5) minutes of background time and hides content behind a blur overlay when backgrounded.
  • Defense in depth. Database row-level security policies restrict access to your data. Application-layer authorization checks gate every API endpoint.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. Report suspected vulnerabilities to daryl@peggymoney.com; we acknowledge reports within one (1) business day.

9. Your Privacy Rights

9.1 Access, correction, and download

You can view your account information and transaction data within the app at any time. To request a copy of your information in a portable format, email daryl@peggymoney.com.

9.2 Deletion ("Right to Erasure")

You may delete your account at any time from Settings → Delete Account. Account deletion immediately revokes the Plaid item and cascade-deletes your records from our systems within twenty-four (24) hours. After deletion, your data cannot be recovered.

9.3 Withdrawing consent

You may disconnect Plaid at any time from Account → Linked Accounts → Unlink. Disconnecting Plaid stops further data retrieval; previously retrieved transaction data remains in your account until you delete the account.

9.4 Opting out of social sharing

You may leave any Circle, mute yourself within a Circle, or refuse to join any Circle. You are never automatically enrolled in social features.

9.5 California rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell or share. (We do not sell or share personal information for cross-context behavioral advertising.)
  • Delete your personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Limit the use of "sensitive personal information." We do not use sensitive personal information for purposes that require a separate opt-out.
  • Non-discrimination. We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email daryl@peggymoney.com. We will respond within forty-five (45) days. We may verify your identity using account information you provided.

9.6 EEA / UK rights (GDPR)

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict processing, object to processing, and the right to data portability. You may also lodge a complaint with your local data-protection authority. Email daryl@peggymoney.com to exercise any of these rights.

9.7 Other U.S. state rights

Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have similar rights to know, correct, delete, and opt out of certain processing. The same email contact applies.

10. Children's Privacy

Peggy is not directed to children under the age of eighteen (18), and we do not knowingly collect information from individuals under eighteen. If you believe a child under eighteen has provided us with personal information, contact us at daryl@peggymoney.com and we will promptly delete the account and associated data.

11. International Users

Peggy is operated from the United States. If you use the Service from outside the U.S., you understand and consent to the transfer of your information to the United States, where data-protection laws may differ from those in your country. We use service providers that participate in industry-standard data-transfer mechanisms where required.

12. Cookies and Similar Technologies

The Peggy mobile application does not use cookies. We do not embed third-party advertising SDKs or behavioral trackers. Crash diagnostics, if any, are limited to anonymized device and OS-level information necessary to fix bugs.

13. Third-Party Services and Links

The Service may include links to third-party websites or services (for example, links to Plaid's own privacy policy, or App Store legal terms). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third party before providing them with information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by in-app notice and/or email at least seven (7) days before they take effect, except where immediate change is required to address a security or legal issue. The "Last Updated" date at the top of this document indicates when the policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or your personal information:

Brooklyn Social House LLC Website: https://peggymoney.com Email: daryl@peggymoney.com Subject line for privacy requests: "Privacy Request — [your topic]"

The current version of this Privacy Policy is also published at https://peggymoney.com/privacy.

We acknowledge requests within one (1) business day and aim to resolve them within the timelines required by applicable law.

This Privacy Policy is governed by the laws of the State of Delaware, without regard to its conflict-of-laws principles. If any provision is found unenforceable, the remaining provisions shall remain in full effect.