Privacy Policy

Last updated: February 18, 2026

BooCoo ("we," "our," or "the app") is a personal finance application developed by Make Greater LLC. This privacy policy explains what data BooCoo collects, how it is used, and the choices you have.

We designed BooCoo with privacy in mind. Your financial data is stored on your device and in your personal iCloud account. We do not sell, share, or monetize your financial data.

1. Data We Collect

1.1 Financial Account Data (via Plaid)

When you connect a financial institution through Plaid, the following data is retrieved:

  • Account names, types, and balances
  • Transaction history (descriptions, amounts, dates, merchants, categories)
  • Liability details (credit card APR, loan terms, payment schedules)
  • Investment holdings and securities

To retrieve this data, your device communicates with our server, which acts as a secure intermediary between your device and Plaid's API. Financial data (transactions, balances, etc.) passes through our server during sync but is not stored on our server — it is delivered directly to your device and stored locally.

Plaid access tokens — unique keys that authorize BooCoo to retrieve your financial data — are stored on our server (AWS DynamoDB) to enable automatic sync. These are not your bank login credentials; Plaid never shares those with BooCoo.

Plaid's handling of your data is governed by Plaid's End User Privacy Policy.

1.2 Apple Financial Data (via FinanceKit)

If you choose to connect Apple Card, Apple Cash, or Apple Savings, BooCoo accesses this data through Apple's FinanceKit framework. This data:

  • Is read directly from your device
  • Never leaves your device or is transmitted to any server
  • Includes account balances and transaction history
  • Can be revoked at any time in Settings > Privacy & Security > Finance

1.3 Manually Entered Data

You may manually add personal assets (real estate, vehicles, etc.), institutions, accounts, and transactions. This data is stored locally on your device and in your iCloud account.

1.4 Device Information

When you register with BooCoo, we store:

  • A unique device identifier (generated by the app, not your hardware ID)
  • A device name (e.g., "Alice's iPhone")
  • An authentication token (stored in encrypted form)

This is used to authenticate API requests and manage multi-device access.

1.5 Biometric Data

BooCoo uses Face ID or Touch ID to authenticate access to your financial data. Biometric data is handled entirely by Apple's Secure Enclave on your device. BooCoo never receives, stores, or transmits your biometric data.

2. How Your Data Is Stored

Data Where Stored Encryption
Financial data (accounts, transactions, balances) On-device (SwiftData) + your personal iCloud (CloudKit) iOS Data Protection + CloudKit encryption
Apple FinanceKit data On-device only iOS Data Protection
Plaid access tokens On-device (iOS Keychain) + our server (AWS DynamoDB) Keychain encryption (device) + encrypted at rest (server)
Plaid sync metadata Our server (AWS DynamoDB) Encrypted at rest
Device registration Our server (AWS) Encrypted at rest (AWS DynamoDB)
Authentication tokens Our server (hashed) + device Keychain bcrypt hashed (server) + Keychain (device)

3. How Your Data Is Used

BooCoo uses your data solely to provide the app's financial management features:

  • Displaying account balances and net worth
  • Categorizing and analyzing transactions
  • Generating spending trends and financial projections
  • Syncing your data across your personal devices via iCloud
  • Authenticating your identity for secure API access
  • Securely relaying financial data between Plaid and your device during sync (data passes through our server but is not stored)

4. Data We Do NOT Collect or Sell

  • We do not collect analytics, usage tracking, or telemetry data
  • We do not use advertising identifiers or track you across apps
  • We do not store your bank login credentials (Plaid never shares these with us)
  • We do not store your transactions, balances, or spending data on our servers — this data passes through during sync and is delivered to your device
  • We do not sell, rent, or share your financial data with third parties
  • We do not use your data for marketing purposes

Standard server logs are generated during sync operations for error monitoring and are automatically purged per AWS default retention policies.

5. Third-Party Services

5.1 Plaid

BooCoo uses Plaid to connect to your financial institutions. When you link an account, Plaid securely accesses your financial data on our behalf. For details on how Plaid handles your data, see Plaid's Privacy Policy.

5.2 Apple (iCloud and FinanceKit)

BooCoo uses Apple's CloudKit to sync your data across your devices via your personal iCloud account. FinanceKit data remains entirely on-device. Apple's handling of iCloud data is governed by Apple's Privacy Policy.

5.3 Amazon Web Services (AWS)

Our backend services run on AWS Lambda. Our server acts as a secure intermediary for Plaid API communication:

  • Plaid access tokens are stored on our server (DynamoDB) to enable automatic transaction sync
  • Transaction and balance data passes through our server during sync but is not stored
  • Device registration and Plaid connection metadata are stored server-side
  • Server logs (AWS CloudWatch) may temporarily contain sync request metadata and are automatically purged per AWS default retention policies

6. Server-Side Data

For full transparency, here is exactly what is stored on our server:

  • Device registration: Device ID (app-generated), device name, authentication token hash
  • User account: User ID, device count, last active timestamp
  • Plaid connection metadata: Institution name, Plaid access token, sync cursor, sync timestamps, connection status, error states

The following data is not stored on our server:

  • Individual transactions or transaction history
  • Account balances or account numbers
  • Merchant names or spending categories
  • Your bank login credentials
  • Any Apple FinanceKit data

7. Data Retention and Deletion

  • On-device data: Deleted when you delete the app or remove a financial document within the app.
  • iCloud data: Deleted when you delete documents in the app or remove BooCoo data from iCloud in iOS Settings.
  • Server data: Device registrations are marked inactive when you remove a device. Plaid access tokens are deleted from our server when you disconnect an institution. Server logs containing sync metadata are automatically purged per AWS default retention policies. You may request full deletion of all server-side data by contacting us.
  • Plaid connections: You can disconnect institutions within the app, which revokes and deletes the access token from both your device and our server. You can also revoke access directly through Plaid's portal.
  • FinanceKit data: Access can be revoked at any time in iOS Settings > Privacy & Security > Finance. No data is retained after access is revoked.

8. Your Rights and Choices

  • Disconnect institutions at any time within the app
  • Revoke FinanceKit access in iOS Settings
  • Export your data using the app's backup feature
  • Delete your data by removing documents or deleting the app
  • Request account deletion by contacting us

9. Children's Privacy

BooCoo is not intended for use by children under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or want to request data deletion, contact us at:

Make Greater LLC
Email: support@makegreaterllc.com