Privacy Policy
Pang — Personal Finance for Indonesia (Android, iOS)
Effective date: 15 June 2026
Last updated: 15 June 2026
Operator: BRZK ("Pang", "we", "us", "our")
Contact: halo@planwithpang.com
🇮🇩 Versi Bahasa Indonesia ada di bagian bawah dokumen ini.
A short Indonesian summary of this policy is at the bottom of the page.
1. Who we are
Pang is a personal-finance application developed by BRZK, an independent developer based in Indonesia. We build Pang to help Indonesians track their money in a way that's calm, private, and respectful of their attention.
This policy explains exactly what data Pang collects, where it goes, who sees it, and what control you have. It applies to the Android and iOS applications named "Pang" published by BRZK.
2. The short version
If you read nothing else:
- Most of your financial data stays on your phone. Pang stores your transactions, wallets, budgets, debts, and goals in an encrypted local database (AES-256). They sync to our servers only if you've signed in and explicitly enabled cloud features.
- We never sell your data. We don't run ads. We don't share with marketing companies, data brokers, or social media platforms.
- You can delete everything anytime. Settings → Hapus Akun wipes your local data and triggers a server-side deletion of all data linked to your account.
3. What data we collect
3.1 Account data (cloud-synced)
- Email address (from sign-up or Google OAuth)
- Display name (you choose)
- Optional profile photo URL
- Optional handle (e.g.,
@yourname) for social features
- Account creation date
- Plan tier (free / personal / couple / family) and add-ons
3.2 Financial data (local + optional cloud sync)
- Wallets you create (name, type, opening balance, currency)
- Transactions (amount, category, vendor, date, optional note)
- Budgets per category
- Debts you owe + receivables owed to you
- Recurring expenses you've set up
- Investment/property holdings if you log them
- Couple / family memberships and shared wallet permissions
3.3 Profile / demographic data (cloud-synced)
- Income range and frequency
- Savings level
- Debt situation
- Spending style preference
- Investment experience
- Financial goals
- City of residence
- Gender (optional, for product analytics)
- Locale (Indonesian / English)
3.4 Voice transcription data
- When you tap the microphone in Pang or use voice commands, we transcribe your speech locally using your device's built-in speech recognition (Android: SpeechRecognizer; iOS: Apple Speech Framework)
- The transcribed text is processed locally to extract transaction details
- We do not send your voice recordings or transcripts to our servers
3.5 Receipt OCR data
- When you scan a receipt, the photo is sent to our scan-receipt Edge Function which uses Anthropic's Claude vision model to extract structured data (vendor, amount, date, category)
- The image is processed in memory and not stored by us or Anthropic
- See Section 5 for details on Anthropic as a subprocessor
3.6 Mood tags (LOCAL ONLY, never transmitted)
- If you tag a transaction with how it made you feel ("senang", "terpaksa", "bersalah", "biasa"), this data is stored only on your device
- Mood data never syncs to our servers — it's too sensitive
3.7 Device biometric data (LOCAL ONLY)
- If you enable Face ID, Touch ID, or fingerprint to unlock Pang, the biometric data is handled entirely by your device's secure enclave (iOS Keychain / Android Keystore)
- Pang never sees, stores, or transmits your biometric data — we only receive a boolean "authenticated successfully" from the OS
3.8 Diagnostic data
- App crash reports via Sentry (see Section 5)
- Stripped of PII before transmission: amounts, vendor names, emails, and Indonesian-format currency strings are scrubbed from stack traces and breadcrumbs before they leave your device
3.9 Payment data (when paid plans launch)
Pang is currently free during closed beta; we do not collect any payment data today. When we introduce paid plans, payment processing will be handled by a third-party payment processor. Pang will never store your full credit card number, CVV, or banking details. We will update this Privacy Policy with the processor's name before any paid plan launches.
3.10 Push notification token
- If you enable push notifications, your device's push token is stored on our servers so we can deliver reminders
- The token is rotated by your OS regularly; we keep only the latest active token per device
3.11 Bank notification auto-detection (planned, not yet active)
Future versions of Pang may include an opt-in feature on Android that reads notifications from a fixed allow-list of Indonesian banking apps to auto-fill transactions. When that feature ships, the notification text will be parsed entirely on-device and never transmitted. As of v1.0 (August 2026 launch), this feature is not active. We'll update this policy and notify you in-app before enabling it.
4. How we use this data
| Purpose | Data used |
|---|
| Show you your transactions, wallets, budgets | Section 3.2 (your data shown back to you) |
| Sync across your devices | Section 3.1, 3.2, 3.3 — only when signed in |
| Share with your spouse (Couple mode) | Wallets/transactions you've marked shared, only with the partner you invited |
| Share with family members (Family mode) | Same as above, with role-based access (admin, member, viewer) |
| Auto-categorize transactions from receipts/voice | Sections 3.4, 3.5 — processed locally where possible |
| Suggest spending categories based on your history | Section 3.2 — entirely on-device pattern learning |
| Fix bugs and crashes | Section 3.8 — Sentry, PII scrubbed |
| Process payments (when paid plans launch) | Section 3.9 |
| Deliver push notifications | Section 3.10 — device token only |
| Send you transactional emails (e.g., password reset) | Section 3.1 — email address |
We do not use your data to:
- Sell or share with marketers or data brokers
- Train AI/ML models (except OCR scans which Anthropic processes in-memory)
- Build behavioral advertising profiles
- Match against third-party datasets
5. Who we share data with (subprocessors)
We use the following third-party services to deliver Pang. Each has its own privacy policy that you can review:
| Service | What they process | Where data lives | Privacy policy |
|---|
| Supabase | Account, financial, profile, sharing data | Singapore / US data centers, encrypted at rest | link |
| Anthropic | Receipt photos (only when you scan a receipt) | US, in-memory only, not retained | link |
| Sentry | Anonymized crash reports | US / EU | link |
| Expo Push Service | Push notification token + delivery | US | link |
| Google Sign-In (optional) | OAuth-only — email, name, profile photo | Per Google's policies | link |
We do not integrate with any advertising networks, analytics SDKs (other than Sentry for crashes), social media SDKs, or data brokers.
6. How we secure your data
6.1 On your device
- All financial data in the local database is encrypted with SQLCipher AES-256
- The encryption key is a 256-bit random value generated on first launch and stored in your device's secure storage (iOS Keychain / Android Keystore) — never transmitted off-device
- PIN authentication is required after 30 seconds of background time
- Face ID / Touch ID / fingerprint unlock is optional
- The app screen blurs immediately when sent to background (privacy overlay)
6.2 In transit
- All communication between Pang and our servers uses HTTPS with TLS 1.2+
6.3 On our servers
- Data is encrypted at rest by Supabase (AES-256, AWS KMS)
- Row-level security policies enforce that you can only read/write data belonging to your account
- Database backups are encrypted and access-controlled
- Pang staff access to production data is logged and limited to incident response
6.4 Breach notification
If a breach affecting your data occurs, we will notify you within 72 hours of discovery via the email associated with your account, and report to relevant authorities as required by Indonesian law.
7. Your rights
You can exercise these rights at any time directly inside the app or by emailing halo@planwithpang.com:
| Right | How to exercise |
|---|
| Access — see all data we have about you | Settings → Profil → Lihat data saya, or email request |
| Delete — wipe everything | Settings → Hapus Akun (cascades local + server) |
| Export — get a copy of your data | Settings → Export → CSV |
| Correct — fix wrong information | Edit directly in app; for read-only fields, email us |
| Withdraw consent | Settings → toggle off the relevant feature OR Android/iOS Settings → app permissions |
| Object — to specific processing | Email halo@planwithpang.com describing the concern |
| Lodge a complaint | Indonesia: Kementerian Komunikasi dan Informatika (Kominfo) |
Account deletion is irreversible. We may retain certain data for legal obligations (e.g., financial transaction records for 5 years per Indonesian tax law) — these are minimal and never used for any other purpose.
8. Specific feature disclosures
8.1 Beta program data
During the beta period (May 2026 – Aug 2026), participating testers may have their app usage observed more closely for bug discovery. We log:
- Beta code redemption (which code, when, by which user)
- Crash reports more aggressively (we may temporarily lower Sentry sampling)
We do not read your transactions or financial data during beta. Beta data handling reverts to the normal policy at production launch.
8.2 Couple / Family mode
When you invite a partner or family member:
- They receive an email invitation containing your name and a join link
- After they accept, they can see wallets/transactions you've marked as shared
- Family mode has roles: admin (full access), member (own + shared data), viewer (read-only)
- You can remove a member or revoke their access anytime in Settings
- Their data is not visible to you unless they share it back
8.3 Easter eggs and small unannounced moments
Pang has a small number of intentionally-undocumented UI moments (approximately 30 across the app) that fire on specific gestures or dates. These are not trackers — they're decorative reactions. They process device sensor data entirely on-device. No data is transmitted.
9. Data retention
| Data type | Retention period | Why |
|---|
| Active account data | While account exists | Provides the service |
| After account deletion | Wiped within 30 days | Allow time for accidental-deletion recovery |
| Financial records (tax) | 5 years from transaction | Indonesian tax law |
| Crash reports | 90 days | Bug analysis |
| Beta program logs | Until beta ends + 30 days | Bug analysis during beta |
| Server backups | 30 days rolling | Disaster recovery |
10. Children's data
Pang is intended for users aged 17 and over. We do not knowingly collect data from anyone under 17. If you believe we have collected data from a child under 17, please email halo@planwithpang.com and we will delete it immediately.
11. International data transfers
Because Supabase, Anthropic, and Sentry have infrastructure outside of Indonesia, your data may be transferred to and processed in the United States, European Union, or Singapore. We rely on Standard Contractual Clauses (SCCs) and equivalent safeguards to protect your data during transfer.
12. Changes to this policy
We will notify you of material changes to this policy at least 30 days before they take effect via:
- An in-app notification banner
- An email to the address on your account
- An updated "Last updated" date at the top of this document
13. Contact us
| Topic | Email |
|---|
| Privacy questions, data requests | halo@planwithpang.com |
| Security vulnerabilities (responsible disclosure) | halo@planwithpang.com |
| General support | halo@planwithpang.com |
| Press / partnerships | brzk@brzk.dev |
Postal address:
BRZK
[Registered business address — to be updated when PT formation completes]
🇮🇩 RINGKASAN DALAM BAHASA INDONESIA
Versi ringkas, untuk yang ingin baca cepat. Versi lengkap (bahasa Inggris) ada di atas dan secara hukum mengikat.
Apa itu Pang?
Pang adalah aplikasi catat keuangan yang dibuat oleh BRZK.
Data apa yang Pang ambil?
- Data akun: email, nama, foto profil
- Data keuangan: transaksi, dompet, budget, hutang/piutang, tujuan keuangan
- Data demografi: rentang gaji, kota, gender, tujuan finansial (opsional)
Yang Pang TIDAK lakukan
- Tidak menjual data kamu
- Tidak ada iklan
- Tidak melatih AI dengan data kamu (kecuali OCR foto struk yang diproses sebentar oleh Anthropic dan tidak disimpan)
- Tidak membaca notifikasi WhatsApp / email / chat apapun
Keamanan
- Semua data finansial di HP kamu dienkripsi pakai AES-256 (SQLCipher)
- Kunci enkripsi disimpan di Keychain (iOS) / Keystore (Android), tidak pernah keluar dari HP
- PIN otomatis aktif setelah HP idle 30 detik
- Face ID / sidik jari opsional
- Layar otomatis blur kalau Pang masuk background
Hak kamu
- Hapus akun: Pengaturan → Hapus Akun. Semua data lokal + server kamu dihapus dalam 30 hari.
- Lihat data kamu: Pengaturan → Profil → Lihat data saya
- Ekspor data: Pengaturan → Ekspor (CSV)
- Cabut izin: matikan fitur di Pengaturan, atau matikan izin di Settings HP Android/iOS
Kontak
Pertanyaan privasi: halo@planwithpang.com
Laporan bug keamanan: halo@planwithpang.com
Bantuan umum: halo@planwithpang.com
BRZK · Independent developer based in Indonesia