Privacy Policy
Last updated: 4 May 2026.
Pyvine ("we", "us") is a behavioural finance application operated by Pyvine Ltd, registered in England & Wales. This policy explains what personal data we collect, why we collect it, who we share it with, and your rights under UK GDPR.
1. Data we collect
Information you give us
- Email address — for sign-in via one-time code.
- Name — so we can address you in-app.
- Phone number (optional) — for sign-in via SMS, or important account alerts. You may leave this blank.
Information from your linked accounts (via Stripe Financial Connections)
- Account balances and currency
- Account holder name (where provided by your bank)
- Transaction history (merchant, amount, date, currency, category)
We receive this data read-only. We cannot move money, initiate transfers, or take any action on your bank account. You may disconnect any linked account at any time from inside the app.
Information we generate
- Your Financial Discipline Index (FDI) and its component scores
- Behavioural insights (e.g. spend trends, streak milestones)
- Engagement events (when you open the app, view your score, complete a goal) — used to improve the product and to fire timely nudges
- Your "vine state" — leaves, branches, blooms, vitality (a visual representation of your behaviour)
2. How we use your data
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Provide the Pyvine service (compute FDI, generate insights, render your vine) | Contract |
| Send you transactional emails / SMS (sign-in codes, account alerts) | Contract |
| Send you behavioural nudges and notifications | Legitimate interest (you may opt out) |
| Improve the product (anonymous, aggregated analytics) | Legitimate interest |
| Legal compliance, fraud prevention | Legal obligation / legitimate interest |
3. Who we share data with
We only share data with the third parties needed to run the service:
| Provider | Purpose | Where |
|---|---|---|
| Supabase | Database + authentication | EU (Frankfurt) |
| Stripe | Open banking (Financial Connections) | UK / EU |
| Resend | Transactional email delivery | EU |
| Twilio (if you use phone sign-in) | SMS delivery | UK |
| Cloudflare | Hosting, CDN, security | UK / EU |
| Expo / Apple / Google | Push notification delivery | US / EU |
We do not sell your data. We do not share it for advertising.
4. How long we keep data
- While your account is active, we keep what we need to provide the service.
- If you delete your account, we delete your personal data within 30 days. Aggregated, anonymised statistics may be retained.
- Engagement events older than 24 months are auto-deleted.
5. Your rights
Under UK GDPR you have the right to:
- Access a copy of your personal data — use Profile → Privacy → Export my data in the app.
- Correct any inaccurate data — edit your profile in the app, or email us.
- Delete your data — use Profile → Privacy → Delete account in the app. This deletes your vine, score history, transactions, and account.
- Restrict or object to processing.
- Port your data to another service.
- Withdraw consent at any time (where we rely on consent).
- Complain to the UK ICO at ico.org.uk.
6. Security
Your data is encrypted in transit (TLS) and at rest. We never see your bank credentials — Stripe Financial Connections handles authentication with your bank directly. Access to our database is restricted via row-level security: each user can only read their own rows.
7. Children
Pyvine is not intended for users under 18. We do not knowingly collect data from minors.
8. Changes
If we make material changes to this policy we will notify you in-app. The "Last updated" date at the top reflects the most recent change.
9. Contact
Data protection enquiries: privacy@pyvine.com
General contact: hello@pyvine.com
Postal: Pyvine Ltd, London, United Kingdom