PocketProjects logo
Pocket Projects

Small apps for everyday problems.

Back to hub

Privacy Policy

How PocketProjects handles your data

This Privacy Policy explains how PocketProjects ("we", "us", "our") collects, uses, and protects information when you use the PocketProjects hub at app.pocketprojects.in and related mini-apps, including Findependence and DayZero IRCTC (collectively, the "Services").

PocketProjects is a personal lab built and operated from India. The focus is on simple, small apps with calm UX and a data-conscious approach. If you have any questions about this policy, you can reach us at support@pocketprojects.in.

1. Scope of this policy

This policy applies to:

  • The PocketProjects hub at app.pocketprojects.in.
  • Linked mini-apps under the PocketProjects umbrella, including: Findependence, DayZero IRCTC, and future utilities that connect back to this hub.
  • Any communication with us via email, including support and early access requests.

2. Who controls your data

PocketProjects is an individual, independent project. For any data questions, access or deletion requests, you can contact:

Email: support@pocketprojects.in

3. Infrastructure and key services

PocketProjects is intentionally simple but runs on modern, managed infrastructure:

  • Supabase powers authentication and database storage for apps that require login (for example, Findependence). Supabase uses managed PostgreSQL and provides secure user and session management.
  • Google Cloud Platform (GCP) is used as core infrastructure for the project and for the Google OAuth application that powers "Sign in with Google" via Supabase. The OAuth consent screen for this app has been verified by Google.
  • Vercel hosts the static hub and some apps. As part of normal hosting operations, Vercel may log IP addresses and request metadata.
  • Plausible Analytics provides lightweight, privacy-friendly web analytics for the hub. It focuses on aggregate usage patterns rather than individual tracking.
  • Third-party APIs, such as train data providers used by DayZero IRCTC, are called from the app to fetch schedule and live status data. Only the query inputs you provide (for example, train number, date, and stations) are sent; no bank or government IDs are sent to those APIs.

These providers act as infrastructure or data processors and have their own security and privacy practices. PocketProjects is designed to keep the amount of data shared with them limited to what is operationally necessary.

4. Information we collect

4.1 Account and login data

Some apps, such as Findependence, use Supabase authentication with Google sign-in. When you sign in:

  • We receive basic profile information from Google (for example, your name, email address, and profile image).
  • Your email address is used as your unique identifier in the app and is stored in Supabase.
  • Authentication tokens and session data are managed by Supabase and may include IP address and device or browser metadata for security and fraud prevention.

4.2 App-specific content you provide

Different apps collect different inputs depending on what they do. Examples include:

  • Findependence. Financial inputs such as salary, monthly expenses, EMIs, SIPs, investment corpus, insurance cover, and related assumptions used to calculate your Portfolio FinHealth Index (PFI), savings rate, and FIRE number.
  • DayZero IRCTC. Train numbers, journey dates, and chosen stations so the app can compute booking windows and live running status.
  • Future utilities may collect small, focused inputs related to budgets, subscriptions, or workflows. Each app will explain what it needs on its own interface.

PocketProjects is designed to avoid collecting unnecessary data. For example, Findependence does not ask for bank logins, card numbers, or OTPs; it only uses the numbers you enter manually.

4.3 Usage and analytics data

To understand how the hub and apps are used and to keep the experience reliable, we may collect:

  • Aggregated page views, referrers, and general device types.
  • Basic event data such as which pages are visited and rough geographic region (country level).
  • Server logs from Vercel, Supabase, or GCP that may capture IP addresses and timestamps as part of normal hosting and security operations.

4.4 Communication data

If you email support@pocketprojects.in or request early access to future tools, we will receive the content of your message and your email address. This information is used to respond to you and to understand interest in new features or apps.

5. How we use your information

We use the information described above to:

  • Authenticate you and maintain secure sessions.
  • Provide core app features, including calculators, simulations, and personalized views.
  • Store your inputs and settings so you can return to them later (for example, your finance profile in Findependence).
  • Monitor reliability, performance, and security of the Services.
  • Analyse aggregate usage to prioritize features, fix UX issues, and decide what to build next.
  • Communicate with you about support, updates, and experiments, when you reach out or explicitly opt in.

We do not sell your personal data and do not use your financial inputs for targeted advertising.

6. Legal bases (for users in the EU/UK)

Where applicable privacy laws require a legal basis for processing, PocketProjects typically relies on:

  • Contract. To provide the Services you actively use, including authentication and app functionality.
  • Legitimate interests. For security, debugging, aggregated analytics, and improving the Services in ways that respect your privacy.
  • Consent. Where you explicitly agree to optional features or experiments, or when local law treats certain analytics as consent-based.

7. Data sharing and third parties

Your information is shared only with:

  • Infrastructure providers listed above (Supabase, GCP, Vercel, Plausible, and relevant APIs) to operate the Services.
  • Service providers or tools used for email, issue tracking, or similar operational needs, where your email or support messages may be processed.

We may also share information if required by law, regulation, or a valid legal request, or to protect our rights, users, or the security of the Services.

PocketProjects does not sell personal data and does not share your financial details with advertisers or data brokers.

8. Data retention

Data is retained for as long as it is reasonably needed to provide the Services, maintain reliable operations, and meet legal or accounting obligations. In practice, this means:

  • App content (such as your Findependence profile) is kept while your account remains active, unless you request deletion.
  • Server and security logs may be kept for a limited period to monitor abuse, debug issues, and maintain performance.
  • Aggregated analytics may be kept for longer, but they do not identify you as an individual.

If you request deletion of your data, reasonable efforts will be made to remove or anonymize your personal information from active systems, subject to any legal obligations to retain certain records.

9. Security measures

Security and trust are core to how PocketProjects is built. Measures include:

  • Using reputable managed platforms (Supabase, GCP, Vercel) with modern security practices.
  • Encrypted connections (HTTPS) for data in transit between your browser and the Services.
  • Authentication and authorization handled by Supabase with secure tokens and session management.
  • Limited access to production data and a preference for simple, well-scoped features to reduce attack surface.

No system is perfectly secure, but PocketProjects is designed to keep complexity low and focus on clear, minimal data flows.

10. Your rights and choices

Depending on your location, you may have rights to:

  • Access a copy of the personal data held about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your data, where legally permitted.
  • Object to or request restriction of certain types of processing.
  • Withdraw consent where processing is based on consent (for example, certain analytics or experiments).

To exercise these rights, email support@pocketprojects.in with the email address you use in the app and a clear description of your request. Some requests may require identity verification before they can be fulfilled.

11. International data transfers

PocketProjects is operated from India, but infrastructure providers such as Supabase, Vercel, GCP, and Plausible may process data in data centers located in other countries. These providers generally implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent mechanisms, as part of their own compliance programs.

12. Children's privacy

The Services are not designed for children under 16 and are intended for adults managing their own finances, travel, or workflows. PocketProjects does not knowingly collect personal data from children under 16. If you believe a child has provided personal information, please contact us so it can be reviewed and, where appropriate, deleted.

13. Changes to this policy

This Privacy Policy may be updated from time to time as the Services evolve, infrastructure providers change, or legal requirements are updated. The "Last updated" date below indicates the latest revision.

Where changes are significant, reasonable efforts will be made to highlight them on the hub or within relevant apps. Your continued use of the Services after an update means you accept the revised policy.

14. Contact

For any questions, feedback, or requests about this Privacy Policy or how your data is handled, please contact:

Email: support@pocketprojects.in

Last updated: 2025-12-16