Privacy Policy

Effective Date: November 25, 2025

Pancake Money LLC ("Pancake," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using Pancake, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Table of Contents

1. Information We Collect

1.1 Information You Provide

Account Information

  • Email address
  • Password (stored securely using bcrypt hashing)
  • Name (optional)
  • Phone number (optional, used for MFA)
  • Profile preferences (display color, notification settings)

Multi-Factor Authentication Data

  • Phone number for SMS verification
  • Backup recovery codes (encrypted)

Financial Goals and Notes

  • Custom budget names and limits
  • Financial goals you set
  • Notes you add to transactions

1.2 Information from Plaid

When you connect your financial accounts through Plaid, we receive:

Account Information

  • Account name and type (checking, savings, credit card, etc.)
  • Account balances (current and available)
  • Institution name
  • Account status

Transaction Data

  • Transaction amounts and dates
  • Merchant names and descriptions
  • Transaction categories
  • Payment channel (online, in-store, etc.)
  • Pending transaction status
  • Recurring transaction patterns

What We Do NOT Receive or Store

  • Your bank login credentials (handled securely by Plaid)
  • Full account numbers
  • Social Security numbers
  • Credit card CVV/security codes

1.3 Information Collected Automatically

Usage Data

  • Features you use and interactions within the app
  • Time and date of access
  • App performance data and crash reports

Device Information

  • Device type and operating system
  • Unique device identifiers
  • IP address
  • User agent

Security and Audit Data

  • Login timestamps and locations
  • Security event logs (password changes, MFA events)
  • API access logs

1.4 Biometric Data

If you use biometric authentication (e.g., FaceID, TouchID) to log into the Service, please be aware that Pancake does not collect, access, store, or transmit your biometric information.

  • The biometric verification happens entirely on your device's operating system.
  • The Service only receives a "pass/fail" confirmation token from your device to allow access.

2. How We Use Your Information

We use your information to:

2.1 Provide the Service

  • Create and manage your account
  • Connect to your financial institutions via Plaid
  • Display your transactions and account balances
  • Calculate and track your budgets
  • Sync your financial data

2.2 Deliver AI-Powered Features

  • Analyze spending patterns to generate insights
  • Provide personalized budget suggestions
  • Identify savings opportunities
  • Detect unusual transaction activity
  • Categorize transactions automatically

2.3 Improve the Service

  • Understand how users interact with features
  • Identify and fix bugs and errors
  • Develop new features and improvements
  • Conduct analytics and research

2.4 Communicate with You

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Send budget alerts and financial insights
  • Notify you of changes to our policies

2.5 Ensure Security

  • Protect against fraud and unauthorized access
  • Monitor for suspicious activity
  • Enforce our Terms of Service
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information.

We may share your information in the following circumstances:

3.1 With Plaid

We share necessary information with Plaid to connect your financial accounts. Plaid's handling of your data is governed by the Plaid End User Privacy Policy.

3.2 With Service Providers

We may share information with third-party vendors who assist us in operating the Service, including:

  • Cloud hosting providers (for data storage)
  • Analytics providers (for app performance)
  • Email service providers (for notifications)

All service providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.3 For Legal Purposes

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government requests
  • Protection of our rights, property, or safety
  • Investigation of potential violations of our Terms

3.4 Business Transfers

If Pancake is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement robust security measures to protect your information:

4.1 Encryption

  • Data in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
  • Data at Rest: Sensitive data is encrypted using AES-256 encryption
  • Plaid Tokens: Access tokens are encrypted with per-user encryption salts
  • Passwords: Stored using bcrypt hashing (never stored in plain text)

4.2 Access Controls

  • Role-based access to production systems
  • Multi-factor authentication required for administrative access
  • Principle of least privilege enforced

4.3 Monitoring

  • Continuous security monitoring and logging
  • Audit trails for sensitive operations
  • Regular security assessments

4.4 Mobile Security

  • Sensitive data stored in iOS Keychain
  • Biometric authentication support (Face ID, Touch ID)
  • App Transport Security enforced

Despite our security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

5.1 Active Accounts

We retain your information for as long as your account is active and as needed to provide the Service.

5.2 Deleted Accounts

When you delete your account:

  • Personal data is scheduled for deletion within 30 days
  • Some data may be retained longer for legal compliance (up to 7 years for financial records)
  • Backup copies are purged according to our retention schedule

5.3 Aggregated Data

We may retain anonymized, aggregated data that cannot identify you for analytical purposes.

6. Your Rights and Choices

6.1 Access Your Data

You can view your account information and transaction data at any time within the app.

6.2 Update Your Information

You can update your profile information (name, email, phone number) through the app settings.

6.3 Disconnect Financial Accounts

You can disconnect linked bank accounts at any time through the app settings. This stops new data from being retrieved but does not automatically delete historical data.

6.4 Delete Your Account

You can request account deletion through:

Upon deletion, we will remove your personal data subject to our retention requirements.

6.5 Notification Preferences

You can manage push notifications and email preferences in the app settings.

6.6 Export Your Data

You may request a copy of your personal data by contacting support@pancakemoney.com.

7. U.S. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you may have specific rights regarding your personal data under state laws (such as the CCPA, CPRA, VCDPA, CPA, and CTDPA).

7.1 Your Rights

Depending on your state of residence, you may have the right to:

  • Request Access: Know what personal data we have collected about you.
  • Request Deletion: Ask us to delete your personal data (subject to legal retention requirements).
  • Request Correction: Update inaccurate personal data.
  • Data Portability: Receive a copy of your data in a portable format.
  • Non-Discrimination: Not receive discriminatory treatment for exercising these rights.

7.2 "Do Not Sell or Share"

Pancake does not sell your personal information to third parties for monetary value. We do not share your personal information for cross-context behavioral advertising.

7.3 Do Not Track Signals

Some web browsers transmit "Do Not Track" signals to websites. Because of differences in how web browsers interpret this feature and a lack of standardization, we currently do not respond to such signals.

8. Children's Privacy

Pancake is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete that information promptly.

If you believe a child under 18 has provided us with personal information, please contact us at support@pancakemoney.com.

9. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

9.1 Plaid

Your use of Plaid to connect financial accounts is subject to Plaid's End User Privacy Policy.

10. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting the updated policy in the app
  • Sending a notification to your registered email address
  • Updating the "Effective Date" at the top of this policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Pancake Money LLC

Email: support@pancakemoney.com

Website: https://pancakemoney.com

Last updated: November 25, 2025