PeggyPeggyDownload

Peggy Privacy Policy

Effective Date: May 17, 2026 Last Updated: May 17, 2026

This Privacy Policy describes how Brooklyn Social House LLC ("Brooklyn Social House," "we," "us," or "our"), the operator of the Peggy mobile application and any associated websites and services (collectively, "Peggy" or the "Service"), collects, uses, shares, and protects information about you. By using Peggy, you acknowledge and agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use Peggy.

1. About Peggy and What Makes It Different

Peggy is a personal finance application built for couples. Its core feature lets two users — a "Couple" — share visibility into each other's spending so they can budget together. When you join a Couple, your linked partner can see your individual transactions, including merchant names, amounts, dates, and categories, in addition to your daily, weekly, and monthly spending totals. This is the central trade-off Peggy asks you to make, and you should understand it before you connect a bank or accept a partner invite. Section 5 of this Policy explains exactly what your partner sees, what they do not see, and how to limit visibility.

Peggy also offers a secondary "Friends Circle" feature that supports lightweight comparison with friends and family using only aggregated weekly summaries — described in Section 6.

This Privacy Policy applies to Peggy across iOS, any future Android or web versions, and our backend services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information. When you sign in to Peggy, we receive your Apple ID identifier and, on first sign-in only, the display name you provide via Sign in with Apple. We do not collect or store your Apple ID password. We do not require an email address; if Apple shares one (you may choose "Hide My Email"), we do not store it.
  • Profile information. Display name, avatar color, and a monthly budget you set within the app.
  • Couple membership and partner invites. Invite codes you generate or accept, and the identity of the user with whom you are paired.
  • Onboarding survey responses. Your answers to the optional pre-paywall survey (e.g., how you heard about us, relationship status, how you currently manage money). These are used for product analytics and to improve onboarding; they are not shared with your partner.
  • Privacy preferences. Your "Hide individual transactions from partner" toggle setting (see Section 5.2).
  • Friends Circle data. Invite codes for Circles and identities of users in your Circle.
  • Communications. Information you provide if you contact us for support (e.g., emails to daryl@peggymoney.com).

2.2 Information We Collect from Third Parties

Plaid (financial-account connections)

When you connect a financial account, you are routed through Plaid Inc. ("Plaid"), a third-party data network. Plaid (not Peggy) prompts you for your bank credentials. Plaid then provides Peggy with a token that allows us to retrieve read-only financial information from your accounts, including:

  • Account metadata: institution name, account name, partial account number (e.g., "•••• 1234"), account type and subtype.
  • Transaction data: amount, date, merchant name, category, and pending status.
  • Account balances (only if explicitly required by a feature you use).

We do not receive your bank login credentials, and we cannot initiate transfers, payments, or any other money movement. Your relationship with Plaid is governed by Plaid's own End User Privacy Policy. Peggy will never ask you for online banking credentials directly.

Apple

Through Sign in with Apple, Apple shares with us your unique Apple ID identifier and (on first sign-in) the name you authorize Apple to release. We do not access your Apple Wallet, contacts, photos, or other on-device data unless explicitly permitted in-app.

RevenueCat

We use RevenueCat to manage subscription state. RevenueCat receives your user identifier and your Apple subscription receipt; it does not receive your transaction data or any other financial information.

Subscription / Payment Processing

Payments are processed exclusively by Apple In-App Purchase. Apple, not Peggy, processes your payment information. We receive only a transaction identifier and subscription status; we do not receive your credit card number, billing address, or other payment instrument details.

2.3 Information Collected Automatically

  • Device information. Device model, iOS version, app version, time zone, language, and an anonymized device identifier used to keep your sign-in session alive.
  • Usage information. Pages viewed within the app, feature interactions, error reports, and crash logs (used to diagnose bugs and improve the Service).
  • Log data. Server-side logs of HTTP requests (method, path, status, latency, authenticated user identifier). Logs are retained for ninety (90) days unless required longer for security or legal purposes.

2.4 Information We Do Not Collect

  • We do not collect your physical location (no GPS access).
  • We do not collect your contacts list.
  • We do not collect biometric data — Face ID and Touch ID happen entirely on your device; we never receive your face or fingerprint data.
  • We do not maintain advertising profiles, behavioral tracking IDs, or third-party advertising SDKs.

3. How We Use Your Information

We use the information described in Section 2 to:

  • Provide the Service. Authenticate your sign-in, display your transactions, compute monthly summaries, render shared views for you and your partner, detect recurring subscriptions, and send you in-app updates.
  • Personalize your experience. Categorize transactions, surface subscriptions, populate budgets and progress bars, and choose which "penguin" emotion to display.
  • Operate and secure the Service. Detect abuse, investigate security incidents, enforce our Terms of Use, comply with legal obligations.
  • Communicate with you. Respond to support requests, send important account or service messages, and send opt-in notifications (e.g., your weekly spending summary).
  • Improve the Service. Aggregate and de-identify data to understand product usage and improve features. We do not use individual financial data to make decisions about you that produce legal or similarly significant effects.
  • Comply with law. Respond to lawful requests, prevent fraud, and meet our regulatory obligations.

We do not:

  • Sell your personal information.
  • Share your individual transactions with advertisers, data brokers, or any third party for marketing purposes.
  • Use your financial data to make credit decisions, set insurance rates, or any other adverse decision-making.

4. Legal Bases (for users in the EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Performance of a contract — to deliver the Service you signed up for.
  • Legitimate interests — to operate, secure, and improve the Service in ways you would reasonably expect.
  • Consent — for any optional sharing (e.g., pairing with a partner, joining a Friends Circle, receiving push notifications), which you may withdraw at any time.
  • Legal obligation — where required by applicable law.

5. The Couples Feature — Partner Sharing

Peggy's primary feature is the ability to pair with one other person — your "Partner" — and share visibility into your spending. This section explains exactly what your Partner can and cannot see, and how to control that visibility.

5.1 What your Partner sees by default

When you and another user are paired in a Couple, each of you can see the other's:

  • Individual transactions, including amount, date, merchant name, category, and whether the transaction is pending.
  • Daily, weekly, and monthly spending totals, on combined or individual views.
  • Category-level spending across Housing, Food, Shopping, Transport, Entertainment, and Other.
  • Detected recurring subscriptions (e.g., Netflix, gym membership, streaming services), including the merchant and recurring amount.
  • Monthly budget total that the partner has set.
  • Net cash flow (income minus expenses) for the current month.
  • Display name and avatar color.

This is a significant disclosure. You should pair only with someone you trust to see this level of detail about your spending. Pairing is always opt-in: a Couple is only formed when one user generates an invite code and the other user explicitly enters that code or taps the invite link.

5.2 The "Hide individual transactions" option

You can limit what your Partner sees about your spending at any time. In Account → Privacy → Hide my transactions, you may toggle on a setting that:

  • Replaces your individual transaction rows in your Partner's view with daily consolidated entries (e.g., "Your spending — May 12 — $187") so your Partner can see the total but not the merchants.
  • Disables drill-down into a category from your Partner's view; a "your partner has hidden their individual transactions" placeholder appears instead.
  • Keeps your category totals, daily totals, monthly totals, and budget visible so combined household views and shared budgeting continue to function.

This setting is per-user and can be toggled on or off at any time. It affects only your Partner's view of you; it does not change what you see.

5.3 What is NOT shared with your Partner

The following information is never shared with your Partner, regardless of any setting:

  • Bank login credentials (we never receive them in the first place).
  • Bank account or routing numbers beyond the last four digits of the account name (e.g., "Checking •••• 1234").
  • Account balances. Peggy only retrieves and displays transactions, not standing balances.
  • The identity of your bank or financial institution (it appears in your own view, not in your Partner's view).
  • Your email address, phone number, or Apple ID.
  • Your real legal name (unless you chose your real name as your display name).
  • Onboarding survey responses.

5.4 Joining and leaving a Couple

  • Joining. Pairing requires explicit acceptance of a single-use, time-limited invite code or link from the inviter. You are not added to a Couple without your explicit action.
  • One Couple at a time. Each user can be in at most one Couple at any given time. To pair with a new partner, you must first unlink from your current Couple.
  • Leaving. Either Partner can unlink at any time from Account → Your Partner → Unlink. Upon unlinking:
    • Your Partner immediately loses the ability to see your transactions or any data added after the unlink.
    • Your own historical data remains in your account.
    • If you were inheriting a subscription from your Partner, your access ends (see Section 5.5).

5.5 Subscription sharing in a Couple

A single Peggy subscription covers both Partners. The user who originally subscribed is the "Paying User." The other is the "Inheriting User." When the Paying User's subscription is active, the Inheriting User has full access to the Service at no additional cost.

  • If the Paying User cancels their subscription, both users lose paid access at the end of the current billing period.
  • If the Inheriting User leaves the Couple, they lose paid access immediately (and may purchase their own subscription).
  • If the Paying User leaves the Couple, the Inheriting User loses paid access immediately. The Paying User's subscription remains active for their own continued use.

5.6 Plaid + Couple interaction

Plaid receives no information about your Partner, the existence of a Couple, or your sharing preferences. Each user's Plaid connection is independent. If both Partners connect the same joint bank account, transactions are de-duplicated server-side so the same charge does not appear twice in combined views.

6. The Friends Circle Feature (Secondary)

Peggy also offers a "Friends Circle" feature that lets you compare aggregated weekly savings with people who are not your Partner — for example, roommates or close friends.

6.1 What is shared inside a Circle

For each completed week, the following information is visible to other Circle members:

  • Your display name and avatar color.
  • The total dollars you spent that week.
  • The total dollars you saved that week.
  • A breakdown of spending across the six high-level categories.
  • Your rank within the Circle.
  • Your monthly budget total.

6.2 What is NOT shared inside a Circle

Circles never expose your individual transactions, merchants, account balances, account numbers, the identity of your bank, your email, phone, or Apple ID — regardless of any setting. Circles are weekly-summary-only. Drilling into individual transactions is not possible from another Circle member's view.

6.3 Joining and leaving Circles

Joining a Circle requires accepting an invite from the inviter. You can leave a Circle, mute yourself within a Circle, or remove a friend from your Circle at any time within the app. After you leave, your future weekly summaries are no longer shared with that Circle.

7. How We Share Your Information

We share personal information only as described in this Section.

7.1 With service providers

We share information with third parties that perform services on our behalf and are contractually bound to use it only for those services:

ProviderPurposeWhat they receiveCompliance
PlaidBank account connection and transaction retrievalAccount-link token; in return, gives us your transactions and account metadataSOC 2 Type II, ISO 27001
SupabaseEncrypted storage of all account, transaction, and summary dataAll data described in Section 2, encrypted at restSOC 2 Type II
Railway (backend hosting)Backend server runtimeBackend runtime; HTTPS-encrypted traffic in transitSOC 2
AppleSign in with Apple, In-App Purchase, App Store servicesIdentity assertion; subscription receiptsApple Privacy Framework
RevenueCatSubscription state managementUser identifier; subscription receipts (no transaction data)SOC 2

7.2 With your Partner (Couples feature)

As described in Section 5, when you are paired in a Couple, the data listed in Section 5.1 is shared with your Partner, subject to any limits you set via the "Hide individual transactions" toggle (Section 5.2).

7.3 With other Friends Circle members

As described in Section 6, only the aggregated weekly summary data is shared with users in your Circle.

7.4 For legal reasons

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with a subpoena, court order, or other valid legal process.
  • Enforce our Terms of Use or this Privacy Policy.
  • Protect the rights, property, or safety of Brooklyn Social House, our users, or the public.
  • Investigate or prevent fraud, security violations, or technical problems.

We will challenge requests we believe are unlawful, overbroad, or improper.

7.5 In aggregated or de-identified form

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

7.6 Business transfers

If Brooklyn Social House is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you (e.g., by email or in-app notice) before your information becomes subject to a different privacy policy.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data and authentication: until you delete your account.
  • Transactions and summaries: until you delete your account or disconnect the relevant Plaid item.
  • Plaid access tokens: until you disconnect the Plaid item or delete your account, at which point we revoke the token via Plaid and remove the encrypted blob from our database.
  • Couple membership history: retained while the Couple exists; deleted within twenty-four (24) hours of either party unlinking.
  • Onboarding survey responses: retained while your account is active.
  • Server logs: ninety (90) days.
  • Aggregated, de-identified data: indefinitely (cannot be linked back to you).
  • Backups: Supabase performs encrypted daily backups with a seven (7) day point-in-time-recovery window.

When you delete your account (see Section 10.2), we cascade-delete your records across all tables that reference your user identifier, and revoke any Plaid item via Plaid's /item/remove API, typically within twenty-four (24) hours.

If you were paired with a Partner at the time of deletion, that Partner's reference to you is cleared and they are returned to a single-user state. Your Partner's own data is not affected.

We may retain a minimal record of the deletion event for security and legal-compliance purposes.

9. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Apple Sign-In only. No passwords are stored.
  • Encryption in transit. TLS 1.2+ on all client-server communications, with HSTS headers enforced.
  • Encryption at rest. All data is encrypted at rest by Supabase using AES-256 disk-level encryption. Plaid access tokens are additionally encrypted at the application layer using Fernet (AES-128-CBC + HMAC-SHA256) with a 256-bit key held in production environment variables only.
  • Read-only bank access. Peggy's Plaid integration is restricted to retrieving transaction and account data; we cannot move money, initiate transfers, or change account settings.
  • Token security. Authentication tokens are stored in iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly and never sync to other devices.
  • Biometric lock. The app re-authenticates you via Face ID or Touch ID after five (5) minutes of background time and hides content behind a blur overlay when backgrounded.
  • Defense in depth. Database row-level security policies restrict access to your data. Application-layer authorization checks gate every API endpoint. Couple membership and the "Hide individual transactions" preference are enforced at the API layer; your Partner's app receives only what they are authorized to see.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. Report suspected vulnerabilities to daryl@peggymoney.com; we acknowledge reports within one (1) business day.

10. Your Privacy Rights

10.1 Access, correction, and download

You can view your account information and transaction data within the app at any time. To request a copy of your information in a portable format, email daryl@peggymoney.com.

10.2 Deletion ("Right to Erasure")

You may delete your account at any time from Settings → Delete Account. Account deletion immediately revokes any Plaid item, removes you from your Couple (if any), and cascade-deletes your records from our systems within twenty-four (24) hours. After deletion, your data cannot be recovered.

10.3 Withdrawing consent

  • Plaid: disconnect at any time from Account → Linked Accounts → Unlink. Disconnecting Plaid stops further data retrieval; previously retrieved transaction data remains in your account until you delete the account.
  • Couple: unlink at any time from Account → Your Partner → Unlink (Section 5.4).
  • Friends Circle: leave or mute at any time within the app.
  • Notifications: disable in iOS Settings → Peggy Money → Notifications.

10.4 Limiting what your Partner sees

Toggle Hide my transactions in Account → Privacy at any time (Section 5.2). This takes effect immediately.

10.5 California rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell or share. (We do not sell or share personal information for cross-context behavioral advertising.)
  • Delete your personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Limit the use of "sensitive personal information." We do not use sensitive personal information for purposes that require a separate opt-out.
  • Non-discrimination. We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email daryl@peggymoney.com. We will respond within forty-five (45) days. We may verify your identity using account information you provided.

10.6 EEA / UK rights (GDPR)

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict processing, object to processing, and the right to data portability. You may also lodge a complaint with your local data-protection authority. Email daryl@peggymoney.com to exercise any of these rights.

10.7 Other U.S. state rights

Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have similar rights to know, correct, delete, and opt out of certain processing. The same email contact applies.

11. Children's Privacy

Peggy is not directed to children under the age of eighteen (18), and we do not knowingly collect information from individuals under eighteen. If you believe a child under eighteen has provided us with personal information, contact us at daryl@peggymoney.com and we will promptly delete the account and associated data.

12. International Users

Peggy is operated from the United States. If you use the Service from outside the U.S., you understand and consent to the transfer of your information to the United States, where data-protection laws may differ from those in your country. We use service providers that participate in industry-standard data-transfer mechanisms where required.

13. Cookies and Similar Technologies

The Peggy mobile application does not use cookies. We do not embed third-party advertising SDKs or behavioral trackers. Crash diagnostics, if any, are limited to anonymized device and OS-level information necessary to fix bugs.

14. Third-Party Services and Links

The Service may include links to third-party websites or services (for example, links to Plaid's own privacy policy, or App Store legal terms). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third party before providing them with information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes — including any change that broadens what your Partner can see — will be communicated by in-app notice and/or email at least seven (7) days before they take effect, except where immediate change is required to address a security or legal issue. The "Last Updated" date at the top of this document indicates when the policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

16. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or your personal information:

Brooklyn Social House LLC Website: https://peggymoney.com Email: daryl@peggymoney.com Subject line for privacy requests: "Privacy Request — [your topic]"

The current version of this Privacy Policy is also published at https://peggymoney.com/privacy.

We acknowledge requests within one (1) business day and aim to resolve them within the timelines required by applicable law.

This Privacy Policy is governed by the laws of the State of Delaware, without regard to its conflict-of-laws principles. If any provision is found unenforceable, the remaining provisions shall remain in full effect.