Privacy Policy for Pinpin

Last Updated: April 8, 2026 | Effective Date: April 4, 2026

1. Data We Collect

We collect the following types of information to provide our financial analysis and guidance services:

1.1 Personal Information

• Name (first and last name)
• Age and date of birth
• Civil status (single, married, etc.)
• Number of dependents and their ages
• Contact information (email address, phone number - optional)
• Location (city/province - for localized financial guidance)

1.2 Financial Information (SENSITIVE DATA)

Income Sources:

• Employment income (salary, wages)
• Business income
• Freelance/side hustle income
• Government benefits (SSS pension, etc.)
• Other income sources

Monthly Expenses:

• Housing costs (rent, mortgage, utilities)
• Food and groceries
• Transportation
• Healthcare and insurance
• Debt payments
• Other recurring expenses

Debt Information:

• Loan amounts and balances
• Interest rates
• Payment schedules
• Lender names (for harassment reporting)
• Debt harassment details (if reported)

Assets and Savings:

• Bank account information (number of accounts, balance ranges)
• Emergency fund balance
• Savings balances
• Investment account information (if applicable)

Insurance and Benefits:

• PhilHealth coverage status
• SSS/GSIS membership status
• Pag-IBIG membership status
• Private health insurance (HMO)
• Life insurance coverage

1.3 Push Notification Data

If you grant notification permission, we collect and store on your device:

• Bill schedule data (bill names, amounts, due days) to send bill-due and overdue reminders
• Mission progress data to send mission-nudge notifications
• Daily financial insights derived from your stored income and expense data

1.4 Purchase and Billing Data

Pinpin offers a Pinpin Premium one-time purchase (product ID: pinpin_premium_lifetime) through the Google Play Store. When you make a purchase:

• Payment processing is handled entirely by Google Play — Pinpin does NOT receive, store, or process your credit card, GCash, or payment details.
• We use RevenueCat (revenuecat.com) as our purchase verification service. RevenueCat receives a confirmation of your purchase from Google Play and returns your entitlement status (premium or free) to the App. RevenueCat does NOT receive your payment details. Their privacy practices are governed by the RevenueCat Privacy Policy.
• Purchase history is managed by Google Play and may be subject to Google's own Privacy Policy.

1.5 Usage Data

We automatically collect information about how you use the App:

• Pages/screens visited within the App
• Time spent on each screen
• Missions completed
• Financial health score history
• Device information (type, operating system version)
• App version and crash reports (for debugging)

1.6 Harassment Evidence (Optional)

If you use our Debt Harassment Reporter tool, you may voluntarily provide:

• Screenshots of harassment messages
• Call logs or recordings (if you choose to upload them)
• Descriptions of harassment incidents
• Lender contact information

2. How We Use Your Data

2.1 Core App Functionality

• Financial Health Analysis: Calculate your financial health score based on cash flow, debt, savings, and protection
• Personalized Missions: Generate step-by-step action plans (e.g., "Build Emergency Fund," "Pay Off Debt")
• Debt Strategy Recommendations: Analyze your debts and recommend avalanche vs. snowball payoff methods
• Legal Guidance: Provide educational information about your legal options when facing debt problems
• Harassment Complaint Generation: Auto-generate complaint letters to Philippine government agencies (SEC, NBI, NPC, etc.)
• Push Notifications: Send locally scheduled reminders for bills, missions, and daily financial insights — based on data you have entered into the App
• Premium Feature Unlocking: Verify your purchase status with Google Play to unlock Premium features (Investment Tracker, Budget Calendar, Resume Builder, Gameplan Dashboards)

2.2 Service Improvement

• Identify which features are most useful to users
• Fix bugs and improve app performance
• Develop new features based on user needs
• Analyze aggregated, anonymized data to improve financial guidance algorithms

2.3 Communication (Optional)

• Send app updates and new feature announcements (if you opt-in)
• Respond to your support requests or questions
• Send security alerts if we detect unusual account activity

3. How We Store and Protect Your Data

3.1 Data Storage Location

• Primary Storage: All your data is stored locally on your device using encrypted storage
• Cloud Backup (Future Feature): If you enable cloud backup, data will be encrypted and stored on secure servers in the Philippines or Singapore (compliant with Philippine Data Privacy Act)

3.2 Data Encryption

• At Rest: All financial data stored on your device is encrypted using AES-256 encryption
• In Transit: Any data transmitted over the internet (e.g., for cloud backup or harassment complaint emails) is encrypted using TLS/SSL protocols

3.3 Data Access Controls

• Only YOU have access to your financial data
• Pinpin developers do NOT have access to individual user data
• We may access anonymized, aggregated data for statistical analysis only

3.4 Data Retention

• Active Users: We retain your data as long as you have the App installed and are actively using it
• Inactive Users: If you uninstall the App, all locally stored data is deleted from your device
• Account Deletion: You can delete all your data at any time using the "Fresh Start Mode" in the Profile tab
• Legal Requirements: We may retain certain data if required by law (e.g., harassment complaint records for legal proceedings)

4. Data Sharing and Disclosure

4.1 We DO NOT Sell Your Data

Pinpin will NEVER sell, rent, or trade your personal or financial information to third parties for marketing purposes.

4.2 When We May Share Your Data

We may share your information only in the following limited circumstances:

a) With Your Explicit Consent

• Harassment Complaints: When you use the Harassment Reporter, you explicitly authorize us to send your complaint (including your name and harassment details) to Philippine government agencies (SEC, NBI, NPC, PNP, DOJ, etc.)
• Export/Sharing Features: If you choose to export your financial data or share it with a financial advisor, we will only do so with your explicit permission

b) With Service Providers (If Applicable)

We may share data with trusted third-party service providers who help us operate the App:

• Cloud Storage Providers: (e.g., Firebase, AWS) - only if you enable cloud backup
• Analytics Services: (e.g., Google Analytics, Expo Analytics) - only anonymized usage data, NOT your financial information
• Error Tracking: (e.g., Sentry) - crash reports and error logs (no financial data)

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

c) For Legal Compliance

We may disclose your information if required by law or in response to:

• Valid legal requests from Philippine courts or government agencies
• National Privacy Commission (NPC) investigations
• Law enforcement investigations of illegal lending or harassment
• Subpoenas or court orders

d) To Protect Rights and Safety

We may share data to:

• Enforce our Terms of Service
• Protect against fraud or illegal activities
• Protect the safety of Pinpin users or the public

e) Business Transfers

If Pinpin is acquired by another company or undergoes a merger, your data may be transferred to the new entity. We will notify you via email and the App before any transfer occurs, and the new entity will be bound by this Privacy Policy.

5. Your Rights Under Philippine Law

(Republic Act No. 10173 - Data Privacy Act of 2012)

5.1 Right to Be Informed

You have the right to know what data we collect, how we use it, and who we share it with (this Privacy Policy fulfills that obligation).

5.2 Right to Access

You can request a copy of all personal and financial data we have about you. Contact us at pinpinmanila@gmail.com to request your data.

5.3 Right to Rectification

If any of your data is inaccurate or incomplete, you can update it directly in the App (Profile tab) or contact us to correct it.

5.4 Right to Erasure/Blocking

You can delete all your data at any time by:

• Using the "Fresh Start Mode" feature in the Profile tab
• Uninstalling the App (deletes all locally stored data)
• Contacting us at pinpinmanila@gmail.com to request data deletion

We will delete your data within 30 days of your request, except where we are legally required to retain it.

5.5 Right to Object

You can object to the processing of your data for certain purposes (e.g., marketing communications). You can opt out of non-essential data processing in the App settings.

5.6 Right to Data Portability

You can request an export of your data in a machine-readable format (CSV or JSON). Contact us at pinpinmanila@gmail.com to request a data export.

5.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with the National Privacy Commission (NPC):

• Website: privacy.gov.ph
• Email: info@privacy.gov.ph
• Hotline: (02) 8234-2228

6. Third-Party Services

6.1 Analytics (Usage Data Only - NO Financial Data)

• Expo Analytics: Tracks which screens are viewed and app crashes (no personal or financial data)
• Google Analytics (if enabled): Anonymized usage statistics

6.2 Google Play Billing & RevenueCat

In-app purchases are processed by Google Play. When you purchase Pinpin Premium, your payment information is handled solely by Google. We receive only a confirmation of your entitlement status. Google's privacy practices are governed by the Google Privacy Policy.

We use RevenueCat as our purchase verification layer. RevenueCat receives your anonymous app user ID and your entitlement status from Google Play. It does NOT receive your name, financial data, or payment details. RevenueCat's privacy practices are governed by the RevenueCat Privacy Policy.

6.3 Push Notification Service

We use Expo Notifications (expo-notifications) to schedule and deliver local notifications on your device. Notifications are generated and scheduled entirely on-device — no data is sent to a remote server to generate them. Expo's privacy practices are governed by the Expo Privacy Policy.

6.4 Government Agency Links

The App includes links to Philippine government websites for:

• SEC (Securities and Exchange Commission)
• NBI (National Bureau of Investigation)
• NPC (National Privacy Commission)
• PhilHealth, SSS, Pag-IBIG

We are not responsible for the privacy practices of these external websites.

6.5 Email Services

When you file harassment complaints, the App uses your device's email client (Gmail, Outlook, etc.) to send emails. We do not store these emails on our servers.

7. Children's Privacy

Pinpin is not intended for users under 18 years old. We do not knowingly collect data from minors.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at pinpinmanila@gmail.com and we will delete it immediately.

8. Data Security Measures

8.1 Technical Safeguards

• Encryption: AES-256 for data at rest, TLS/SSL for data in transit
• Secure Storage: Data stored in encrypted local storage on your device
• Access Controls: No remote access to individual user data

8.2 Organizational Safeguards

• Employees and contractors sign non-disclosure agreements (NDAs)
• Access to aggregated data is limited to authorized personnel only
• Regular security audits and vulnerability assessments

8.3 Your Responsibilities

• Keep your device secure with a passcode/biometric lock
• Do not share your device with untrusted individuals
• Report any security concerns to pinpinmanila@gmail.com

9. International Data Transfers

Your data is primarily stored on your device in the Philippines. If we use cloud storage in the future, data may be transferred to servers located in:

• Philippines (preferred)
• Singapore (ASEAN region, adequate data protection laws)

We will NOT transfer data to countries without adequate data protection laws unless required by law or with your explicit consent.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• New features or services
• Changes in Philippine data protection laws
• Improvements to our security practices

How We'll Notify You:

• Email notification to registered users
• In-app notification when you open the App
• Updated "Last Updated" date at the top of this policy

Continued use of the App after changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

12. Governing Law

This Privacy Policy is governed by the laws of the Republic of the Philippines, including:

• Republic Act No. 10173 (Data Privacy Act of 2012)
• Republic Act No. 10175 (Cybercrime Prevention Act of 2012)
• Implementing Rules and Regulations (IRR) issued by the National Privacy Commission

Any disputes arising from this Privacy Policy shall be resolved in accordance with Philippine law and the jurisdiction of Philippine courts.

13. Acknowledgment