Privacy Policy
PocketDiary — Private Encrypted Ledger App
Developed by Open Mind Services Limited | Last updated: April 2026
| PLAIN ENGLISH SUMMARY |
| We collect nothing. |
| Your financial data never touches our servers. |
| Everything stays on your device and your own Google Drive account. |
| Your data is encrypted with a key only you know. |
| If you forget your PIN, your data cannot be recovered — by design. |
1. Overview
PocketDiary is a private encrypted financial ledger application developed by Open Mind Services Limited. This Privacy Policy explains how the application handles your data when you use it on iOS or Android.
We have written this policy in plain language because we believe you should be able to read and understand it without legal training.
2. Information We Do Not Collect
Open Mind Services Limited does NOT collect, store, transmit, or have access to any of the following:
- Your financial records, transactions, or ledger data
- Your party names, vendor names, or contact details
- Your receipt photos or file attachments
- Your PIN, passphrase, or biometric data
- Your name, email address, or personal information
- Your device identifiers or hardware specifications
- Your location or GPS data
- Your usage patterns or in-app behaviour
- Any analytics or crash reporting data
3. Data Stored on Your Device
PocketDiary stores the following data locally on your device only:
- An encrypted database containing your ledger, account, and transaction data
- Encrypted receipt photo attachments
- A derived encryption key stored in your device’s secure keychain (iOS Keychain / Android Keystore)
- Google Drive OAuth access tokens stored in your device’s secure storage
All locally stored data is encrypted using XChaCha20-Poly1305 encryption with Argon2id key derivation. Your PIN is the only means of decrypting this data.
IMPORTANT: If you forget your PIN or passphrase, your data cannot be recovered. We have no ability to reset or recover your encryption key.
4. Data Stored on Google Drive
When you enable Google Drive backup, PocketDiary stores one encrypted backup file in your personal Google Drive account at the following path:
| /PocketDiary/pocketdiary-backup.encjson |
This file is encrypted on your device before it is uploaded. It is completely unreadable without your PIN. Open Mind Services Limited has no access to your Google Drive account and cannot read, view, or recover this file.
Google’s own Privacy Policy governs how Google Drive stores and handles your files. You can review Google’s Privacy Policy at: https://policies.google.com/privacy
5. Google Drive Permissions
PocketDiary requests limited access to Google Drive for the sole purpose of reading and writing its own encrypted backup file.
- DOES access: /PocketDiary/pocketdiary-backup.encjson
- DOES NOT access any other files or folders in your Google Drive
- DOES NOT read, modify, or share any other content from your Google Drive account
6. Encryption and Security
PocketDiary uses the following security measures to protect your data:
| Encryption algorithm: XChaCha20-Poly1305 |
| Key derivation: Argon2id (memory-hard, brute-force resistant) |
| PIN hashing: BLAKE2b |
| Secure storage: iOS Keychain / Android Keystore |
| Auto-lock: Application locks after 60 seconds of inactivity |
| Screenshot prevention: Active on the lock screen |
Your encryption key is derived from your PIN at the time of login and is held only in device memory during your session. It is never written to disk, never transmitted, and never stored on any server.
7. Third-Party Services
PocketDiary integrates with one third-party service:
Google Drive API
- Purpose: Encrypted backup storage only
- Privacy Policy: https://policies.google.com/privacy
- Data shared: One encrypted, unreadable backup file stored in your own account
PocketDiary does NOT include or use:
- Advertising networks or SDKs
- Analytics services (Google Analytics, Firebase, Mixpanel, Amplitude, or similar)
- Crash reporting services (Sentry, Bugsnag, Crashlytics, or similar)
- Social media integrations
- Location services
- Any tracking or profiling tools
8. Data Sharing
We do not sell, trade, rent, or share your personal data with any third party for any purpose.
The only data that leaves your device is your encrypted backup file uploaded to your own Google Drive account. This file is encrypted and completely unreadable without your PIN.
9. Data Retention and Deletion
All your data is stored on your own device and your own Google Drive account. You are in full control of your data at all times.
To delete your data:
- Use the Data Wipe feature within the app (Settings > Security > Wipe All Data) to remove all data from your device and your Google Drive
- Or manually delete the /PocketDiary/ folder from your Google Drive account
- Or uninstall the application from your device
We do not retain any copies of your data as we never receive it in the first place.
10. Children’s Privacy
PocketDiary is not intended for use by children under the age of 13. We do not knowingly collect any information from children. If you are under 13, please do not use this application.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the application or applicable law. When we do, we will update the “Last updated” date at the top of this page.
We encourage you to review this Privacy Policy periodically. Continued use of PocketDiary after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how PocketDiary handles your data, please contact us:
| Open Mind Services Limited |
| Email: naveen@openmind.in |
| Website: www.openmind.in |
| Address: Gurgaon, Haryana, India |