Privacy Policy

Coffer is built on a simple principle: your financial data belongs to you, lives on your device, and never touches our servers — because we don't have any.

Last updated: June 19, 2026

1. What Coffer Is — and Isn't

Coffer is a manual-entry money and investment tracker. You type in what you own; Coffer organises and displays it. There is no bank linking, no screen-scraping, no integration with Plaid, Yodlee, or any other aggregator. Coffer never asks for your bank password or account credentials, and it never will.

2. Data Stored on Your Device

Everything you add in Coffer — accounts, holdings, lots, transactions, custom categories — is stored locally on your device using Apple's SwiftData framework. This on-device store is the source of truth. The app is fully usable offline; no network connection is required to view or edit your data.

3. iCloud Sync (Optional)

If you are signed in to iCloud on your device, Coffer can sync your data across your iPhone and iPad using Apple's CloudKit. This sync is:

• End-to-end private. Your data travels through Apple's encrypted iCloud infrastructure and is associated with your personal Apple ID — not with Coffer.
• Invisible to us. Coffer operates no backend server. We have no technical ability to access, read, or copy data in your iCloud container.
• Optional. If you prefer to keep data on one device only, sign out of iCloud or disable iCloud for Coffer in iOS Settings → [Your Name] → iCloud.

Your iCloud data is governed by Apple's Privacy Policy. Coffer's privacy policy applies to the app itself.

4. What Coffer Does NOT Collect

• No personal or financial data is sent to Coffer servers (there are none).
• No advertising identifiers, no third-party analytics SDKs, no tracking pixels.
• No behavioural profiling, no data sales, no data brokering — ever.
• No account registration is required. Coffer does not know who you are.

5. CSV Import & Export

Importing a CSV file into Coffer processes the file entirely on your device. The file is never uploaded anywhere. Exporting produces a CSV that stays in your device's Files app or share sheet until you choose what to do with it — that choice is yours, not ours.

6. Crash Diagnostics

Coffer relies solely on Apple's standard crash-reporting infrastructure (built into iOS). Crash logs may be shared with Apple and, optionally, with the developer, but only if you have enabled “Share with App Developers” under iOS Settings → Privacy & Security → Analytics & Improvements. This setting is controlled entirely by you. Crash reports contain device model, OS version, and a stack trace — they do not contain your financial data.

7. Subscriptions & Payments

Coffer Pro, Household, and Lifetime purchases are handled entirely by Apple via the App Store. Your payment details (credit card, Apple Pay, etc.) are processed by Apple and are never seen or stored by Coffer. The only information Coffer receives from Apple is a cryptographic receipt confirming your subscription status.

To manage, cancel, or restore your subscription, go to iOS Settings → [Your Name] → Subscriptions, or visit the App Store.

8. Data Retention & Deletion

Your data lives on your device and in your iCloud account. To delete it:

• Erase all data: Open Coffer → Settings → Erase all data. This wipes the on-device SwiftData store immediately and irreversibly.
• Remove from iCloud: After erasing, the iCloud copy will be removed automatically. You can also manage Coffer storage in iOS Settings → [Your Name] → iCloud → Manage Storage.
• Delete the app: Deleting Coffer from your device removes all local data. The iCloud copy can be managed as above.

Because Coffer holds no server-side copy of your data, there is nothing for us to delete on our end.

9. Children's Privacy

Coffer is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has entered personal data, you can erase it using the steps above.

10. Changes to This Policy

If we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through the app. Continued use of Coffer after a policy update constitutes your acceptance of the revised terms.

11. Contact

Questions about this policy? We're happy to explain anything in plain English.