Privacy Policy

Information We Collect

BonusLedger collects anonymous usage analytics to improve the app. We use TelemetryDeck, a privacy-focused European analytics service.

What we collect:

• Which features you use (e.g., "account created", "event logged")
• Anonymous session IDs for calculating daily/weekly/monthly active users
• Error types and codes for debugging (no user data in errors)
• Device type (iPhone/iPad, iOS version)
• App version and build number
• Performance metrics (e.g., import time, export time)
• Aggregate statistics (e.g., "users created 1,000 accounts this week")
• File size categories for document uploads (small/medium/large)
• One-way hashed bank names (lets us see "Bank A is popular" without knowing which bank)

All analytics data is completely anonymous and cannot be linked to you.

Information We Do NOT Collect

We never collect your financial or personal information:

• No account numbers (full or partial)
• No bank account balances or transaction amounts
• No bonus amounts or expected bonus dates
• No dates related to accounts (opening dates, bonus dates, etc.)
• No document contents or filenames
• No personal notes, memos, or text you enter
• No original bank names (only one-way hashes)
• No location data or GPS coordinates
• No device identifiers (IDFA, IDFV, serial numbers)
• No IP addresses
• No personal information (names, emails, phone numbers)

How We Use Information

We use anonymous analytics to understand which features are most used, identify bugs and errors, measure app performance, and improve the user experience. This helps us make BonusLedger better while respecting your privacy.

Data Storage and Security

Your financial data stays on your device:

• All account numbers, balances, and bonus information is stored locally on your iPhone using SwiftData
• Documents are encrypted using AES-256-GCM encryption
• Encryption keys are stored in the iOS Keychain
• Files are protected when your device is locked
• High-risk documents require Face ID/Touch ID to view

Analytics transmission: Anonymous analytics are sent to TelemetryDeck over HTTPS. TelemetryDeck does not store IP addresses and is GDPR-compliant.

Third-Party Services

BonusLedger uses TelemetryDeck for anonymous usage analytics. TelemetryDeck is a privacy-focused analytics service based in Europe that complies with GDPR.

View TelemetryDeck's Privacy Policy →

We do not use advertising networks, tracking pixels, or other third-party services.

Your Rights and Choices

You have control over your data:

• Analytics opt-out: You can disable analytics in the app's Settings (if implemented)
• Data export: Export all your data as CSV files at any time
• Data deletion: Delete the app to remove all locally stored data
• GDPR/CCPA rights: Contact us to exercise your privacy rights

Data Backup

Backups are user-initiated only. You can export your data as encrypted CSV files. In v1.1, we will offer optional iCloud sync, which will be encrypted end-to-end and entirely under your control.

Data Recovery

We cannot recover your data (because we never have it).

Since your financial data is stored locally on your device and we have no backend servers, we cannot recover your data if you lose your device or delete the app. Please export regular CSV backups for safekeeping.

Children's Privacy

BonusLedger is not intended for use by children under 13. We do not knowingly collect information from children under 13.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting a notice in the app or updating the "Last Updated" date at the top of this page.

Contact Information

For privacy questions or to exercise your privacy rights, contact us at:

Email: privacy@bonusledger.com