Pocketed, also branded as PKTD ("PKTD," "Pocketed," "we," "us," or "our"), is operated by Lumin Marketing Group in Alberta, Canada. This Privacy Policy explains how we handle information collected through the PKTD website, waitlist, iOS app, and related services.
We designed PKTD to keep receipt and spending data primarily on your device, while still using a small set of online services for AI features, waitlist management, security, referrals, and limited service operations.
1. Scope
This Privacy Policy applies to:
- the PKTD website, including the waitlist form at pktd.ca,
- the PKTD iOS app, and
- our related backend services used for AI receipt parsing, AI chat, referrals, promo codes, security, and account/data deletion.
2. Information We Collect
2.1 Information you provide
| Category | Examples | Why we collect it |
|---|---|---|
| Receipt content | Receipt images, OCR text, merchant name, totals, taxes, dates, line items, categories, notes | Scanning, organization, export, analytics, and receipt management features |
| Budget and spending inputs | Budgets, recurring expenses, categories, receipt edits, manual entries | Core app functionality |
| Mileage data | Trip start/end, route points, distance, duration, purpose, addresses | Mileage tracking and reimbursement calculations |
| Waitlist details | Email address and any information you voluntarily submit through the website waitlist | Waitlist signups, launch updates, and related follow-up |
| Support and privacy requests | Emails and messages you send us | Support, compliance, and recordkeeping |
2.2 Information collected from your device or through app features
| Category | Examples | Why we collect it |
|---|---|---|
| Device-generated identifier | A device ID stored locally and sent with certain API requests | Security, abuse prevention, rate limiting, referrals, promo redemption, and deletion requests |
| Consent records | Whether and when you enabled AI parsing, analytics, notifications, or camera-related consent flows | Compliance and preference management |
| Precise location | GPS coordinates and route history while using mileage tracking | Trip tracking, mileage calculations, and trip-to-receipt conversion |
| Derived merchant location | Coordinates created by geocoding a store address found on a receipt | Receipt enrichment and location-based spending insights |
| Security signals | Device attestation and request integrity headers | Fraud prevention and API protection |
2.3 Website and waitlist data
- Waitlist form data: the website submits your email address to our waitlist service.
- Anti-abuse checks: if enabled, the site uses Cloudflare Turnstile to help prevent automated abuse.
- Browser storage: the site uses local storage for lightweight website behavior such as remembering a local waitlist count display.
2.4 What we do not currently collect for advertising
- We do not use third-party advertising SDKs in the app.
- We do not sell personal information.
- We do not use your data for cross-context behavioral advertising.
3. How We Use Information
We use information to:
- provide receipt scanning, storage, categorization, export, and spending insight features,
- provide optional AI receipt parsing and the AI assistant when you enable those features,
- operate mileage tracking and calculate business mileage reimbursements,
- operate referral codes and promo code redemption,
- enforce reasonable usage limits, prevent abuse, and protect our API,
- maintain consent records and honor privacy choices,
- run and manage the PKTD website and waitlist, and
- comply with legal obligations and resolve support or privacy requests.
4. AI Processing Disclosure
- On-device OCR first. PKTD uses Apple frameworks on your device to extract text from receipt images.
- Text, not images, for AI parsing. If you enable AI parsing, the app sends extracted receipt text, not the receipt image itself, to our backend for processing through OpenAI.
- AI assistant. If you use the in-app assistant, your messages and app-generated spending context are sent to our backend and then to OpenAI to generate a response.
- No model training by OpenAI API. OpenAI API content is processed under OpenAI's API data usage terms and is not used by OpenAI to train their models.
- PKTD model training. We do not currently use your receipt data or chat content to train PKTD models.
- Your choice. AI parsing can be declined or revoked in the app. Some AI features will not work if consent is off.
5. How We Share Information
We do not sell your personal information. We share information only as needed to run PKTD:
| Recipient | What may be shared | Purpose |
|---|---|---|
| OpenAI | Receipt text for AI parsing, chat messages, and app-generated spending context when you use AI features | AI-powered features |
| Apple | App Store purchase data, iCloud / CloudKit synced app data if your device and configuration support it, Apple location/geocoding services, biometric authentication handled by iOS | Platform features and app operation |
| Beehiiv | Waitlist email address and source metadata | Waitlist management |
| GoHighLevel / LeadConnector | Waitlist contact details received from Beehiiv webhooks | CRM follow-up |
| Resend | Email address for welcome or waitlist emails | Email delivery |
| Slack | Waitlist signup notification details | Internal operational alerts |
| Cloudflare Turnstile | Challenge response data when enabled on the site | Spam and abuse prevention |
We may also disclose information if required by law, legal process, or to protect users, our services, or our rights.
6. Storage, Sync, and Security
6.1 Primary app storage
Your receipt data is designed to live primarily on your device. PKTD stores receipts, images, budgets, trips, and related data locally using Apple's on-device storage technologies.
6.2 iCloud / CloudKit sync
PKTD may attempt to use Apple's CloudKit / iCloud sync when that capability is available on your device and configuration. That means copies of app data, including receipt images and related records, may also be stored through your Apple account rather than only on the device itself.
6.3 Limited backend records
Although we are not building a traditional account system today, our backend does store some limited service data, including device-linked rate-limit records, referral or promo records, aggregated API usage statistics, and waitlist/contact operations data.
6.4 Security practices
- Receipt images are stripped of embedded EXIF metadata before the app stores or processes them.
- The app uses iOS platform protections such as passcode protection and optional Face ID app lock where enabled.
- Our API uses authentication and request-integrity checks for protected endpoints.
- We apply reasonable technical and organizational safeguards, but no system is perfectly secure.
7. Retention
| Data type | How long we keep it |
|---|---|
| Receipt and spending data on device | Until you delete it, delete the app data, or remove synced copies from your Apple account where applicable |
| Consent audit records on device | Until deleted by the user or during full data/account deletion |
| Referral and promo records | Until deleted, expired, or no longer needed for the program |
| Device-linked rate-limit and operational records | For as long as reasonably needed for abuse prevention, service operation, or until removed through cleanup or deletion workflows |
| Aggregated service analytics | May be retained longer because they are used for operational reporting and are not intended to identify you directly |
| Waitlist data | Until you unsubscribe, request deletion, or it is no longer needed for launch and follow-up communications |
| Support and privacy communications | As long as reasonably needed to respond, document, and comply with legal obligations |
If you use the in-app deletion flow, we will delete local data from the device and make a best effort to remove associated backend records that are linked to the device identifier we receive.
8. Your Choices and Rights
- AI consent: You can enable or disable AI processing in the app settings.
- Export: The app includes tools to export your receipt and related data.
- Delete: You can delete receipts, clear app data, or use the app's delete-everything flow.
- Waitlist unsubscribe: You can unsubscribe from waitlist or launch emails using the unsubscribe method in the message or by contacting us.
- Privacy requests: You can request access, correction, or deletion by emailing privacy@pktd.ca.
Depending on where you live, you may also have additional rights under laws such as PIPEDA, Alberta PIPA, Quebec Law 25, CCPA/CPRA, and other state privacy laws.
9. Children's Privacy
PKTD is not directed to children. The app is intended for adults, and we do not knowingly collect personal information from children.
10. Do Not Sell or Share
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
11. International Transfers
Your information may be processed in Canada, the United States, or other jurisdictions where our service providers operate. By using PKTD, you understand that information may be transferred to and processed in those locations, subject to applicable safeguards.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice through the app, website, or email where appropriate.