Privacy Policy

Quick Summary: This Privacy Policy applies to mobile applications developed and published by Guinto Tech, a division of Guinto Limited. We are committed to protecting your privacy and being transparent about how we handle your information. Please note that Streak Fast is a fully serverless iOS app — we do not collect, receive, or store any of your personal data. See the Streak Fast notice below for details. Pūteaflow stores your bank data only on your device and in your own private iCloud — Guinto Tech has no servers that hold your transactions, balances, or account information. See the Pūteaflow notice below for the full detail.

1. Introduction

Guinto Tech ("we," "us," or "our") operates various mobile applications including but not limited to Streak Fast, Pūteaflow, NextMinute, and PixelTracker (collectively, the "Apps"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Apps.

By using our Apps, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Apps.

Streak Fast — Serverless and Private by Design

Streak Fast is a native iOS app built with SwiftUI and Apple's CloudKit. It is 100% serverless and operates entirely on your device and within your personal iCloud account. Because of this architecture:

No accounts or logins. Streak Fast does not have user accounts, registration, or authentication of any kind.
No personal data collected by us. Guinto Tech does not collect, receive, transmit, or store any of your information from Streak Fast — we have no servers or databases for this app.
Your data stays in your iCloud. All fasting entries and app data are stored locally on your device and synced through your own private iCloud account using Apple's CloudKit. Only you can access this data.
No analytics or tracking SDKs. Streak Fast does not embed third-party analytics, advertising, or behavioural tracking services.
Purchases via Apple. Optional Pro subscriptions are processed entirely by Apple through the App Store. We do not see or receive your payment details.

Your use of iCloud and the App Store is governed by Apple's own terms and privacy policies. The remaining sections of this Privacy Policy describe practices that apply to our other Apps (such as NextMinute and PixelTracker) and do not apply to Streak Fast. See the Pūteaflow notice below for how Pūteaflow specifically handles bank data via Akahu.

Pūteaflow — Bank Data Stays on Your Device

Pūteaflow is a privacy-first New Zealand personal-finance iOS app (bundle id com.guinto.puteaflow) that connects to your bank through Akahu, New Zealand's open-finance platform. By design, Guinto Tech does not see your transactions, balances, or account data on an ongoing basis.

Bank data via Akahu. The data Pūteaflow fetches — your account list, balances, and transaction history — is collected under Akahu's ENDURING_CONSENT scope. The consent is read-only, lasts about 90 days, and is renewed only by you re-authorising in-app. There is no silent token refresh.
Token storage on your device only. Your Akahu user_token lives only in the iOS Keychain with the kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly attribute. It is never synced via iCloud Keychain and is never sent to any Guinto Tech server.
One-shot Cloudflare Worker. A small worker at savvy-auth.savvynz.workers.dev is used once per consent, solely to exchange the OAuth code for a user_token using Akahu's APP_SECRET. Request logging on that worker is disabled. The worker never sees your transactions, balances, or account data — not at sign-in, and not afterwards.
Direct device-to-Akahu requests. Every /me, /accounts, and /transactions call goes from your device straight to Akahu. Guinto Tech does not run a proxy or middle-tier server.
On-device storage with private iCloud sync. Your data lives in Core Data on your device and is mirrored only to your own private iCloud database (CloudKit container iCloud.com.guinto.puteaflow, private database only). Guinto Tech cannot see this data.
On-device AI. Forecasting and insights run locally using Apple Foundation Models and Core ML. No prompts and no financial data leave your device.
Pseudonymous analytics. Pūteaflow uses PostHog with a random pseudonymous identifier. Events never include dollar amounts, merchant names, or account identifiers, and Pūteaflow does not embed advertising trackers or share advertising IDs.
App-level lock. Access to your bank-connected screens in Pūteaflow is gated behind your device's biometric (Face ID / Touch ID) or passcode. This is required and runs every time you launch the app or return to it after a short period of inactivity.
Revocation and deletion. You can disconnect a bank in-app from Me → tap your bank → Disconnect, or revoke our access at any time via Akahu's hosted dashboard at my.akahu.nz — revocation is immediate. If you revoke via my.akahu.nz, the next Pūteaflow request to Akahu detects the revocation and Pūteaflow immediately deletes the locally cached account, balance, and transaction data for that connection (this cascades to your private iCloud copy). No silent re-authorisation occurs. The in-app Delete my account action wipes Core Data, the Keychain, and UserDefaults; deletion likewise cascades to your private iCloud copy.

The third parties Pūteaflow relies on are Akahu (bank data), Apple (iCloud sync via CloudKit, and StoreKit subscriptions), and PostHog (pseudonymous analytics). Each is governed by its own terms and privacy policy.

2. Information We Collect

2.1 Personal Information

Depending on the specific App you use, we may collect the following types of personal information:

Account Information: Name, email address, phone number, and profile information
Authentication Data: Login credentials and authentication tokens when you use social login features
Payment Information: Billing information processed through third-party payment processors for in-app purchases
User-Generated Content: Data you create or upload within the Apps

2.2 Location Data

Some of our Apps may request access to your device's location information to provide location-based features. You can control location permissions through your device settings.

2.3 Device Information

We automatically collect certain information about your device, including:

Device type, model, and operating system
Unique device identifiers
Mobile network information
App version and usage statistics
Crash reports and performance data

2.4 Usage Data

We collect information about how you interact with our Apps, including features used, actions taken, and time spent in the application.

3. How We Use Your Information

We use the collected information for various purposes:

To Provide Services: Operating and maintaining the Apps, processing transactions, and delivering requested features
To Improve Our Apps: Understanding usage patterns, fixing bugs, and developing new features
To Communicate: Sending updates, security alerts, and support messages
To Personalize Experience: Customizing content and features based on your preferences
To Ensure Security: Detecting and preventing fraud, abuse, and security incidents
To Comply with Legal Obligations: Meeting legal requirements and responding to lawful requests

4. Third-Party Services

Our Apps may integrate with third-party services that have their own privacy policies. These may include:

4.1 Analytics Services

Some of our Apps use analytics services (such as Google Analytics, Firebase Analytics) to understand usage patterns and improve user experience.

4.2 Authentication Providers

Some Apps offer social login options through third-party providers (such as Google, Apple, Facebook). When you use these services, you're subject to their privacy policies.

4.3 Payment Processors

For Apps with in-app purchases, we use third-party payment processors (such as Apple's App Store, Google Play Store) that handle payment information securely. We do not directly collect or store your payment card details.

4.4 Cloud Storage Providers

We use cloud storage services to securely store and backup your data. These providers maintain their own security and privacy practices.

4.5 Advertising Partners

Some of our Apps may display advertisements from third-party advertising networks. These networks may collect information about your device and usage to show relevant ads. You can control ad tracking through your device settings.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers: With trusted third-party service providers who assist us in operating our Apps
Legal Requirements: When required by law or to respond to legal processes
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share your information
Safety and Security: To protect the rights, property, or safety of Guinto Tech, our users, or others

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Secure cloud storage infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention and Deletion

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Your Right to Delete: You have the right to request deletion of your personal data at any time. To request data deletion, please contact us at hello@guinto.co.nz with the subject line "Data Deletion Request" and include:

Your name and email address associated with the account
The specific App(s) you're using
Any additional details that help us identify your account

We will process your deletion request within 30 days. Note that some information may be retained for legal or legitimate business purposes as permitted by applicable law.

8. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights:

Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal information
Portability: Request a copy of your data in a structured, machine-readable format
Objection: Object to our processing of your personal information
Restriction: Request restriction of processing of your personal information
Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data

9. Children's Privacy

Our Apps are not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Guinto Tech is based in New Zealand. Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer your personal information internationally, we take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated Privacy Policy in our Apps
Updating the "Effective Date" at the top of this policy
Sending you a notification through the App or via email

Your continued use of our Apps after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Guinto Tech

A division of Guinto Limited

New Zealand

Email: hello@guinto.co.nz

We aim to respond to all inquiries within 5-7 business days.

13. Consent

By using our Apps, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Apps.