CoSeed Privacy Policy
Pharos Ventures, Inc. ·
Effective: June 18, 2026 ·
Last updated: June 18, 2026
This policy describes how CoSeed (operated by Pharos Ventures, Inc.,
“we,” “us”) collects, uses, shares, and protects
information when you use the CoSeed mobile app and the
coseed.pharosventures.io service. By creating a CoSeed
account, you agree to this policy.
1. What CoSeed is — and what it isn’t
CoSeed is a recordkeeping app for rotating savings circles
among friends. We help you organize pods, track who has paid
whom, and remind everyone when a round is due. We are not
a bank, money transmitter, or payment processor. CoSeed never
holds, transfers, or routes your money. Settlement between pod
members happens directly on the payment apps you already use (Venmo,
Cash App, PayPal, Zelle, cash) and is verified by the receiver in our
app.
2. What we collect
Information you provide
- Account details: full name, email address, and a
password (hashed by Firebase Authentication; we never see or store the
plaintext).
- Profile information: username, optional display
name, optional phone number, optional photo.
- Wallet handles (optional): your Venmo, Cash App,
PayPal, and/or Zelle handles so pod members know where to send your
share. We store these as plain strings — we never see your
Venmo/Cash App password or balance, and we never connect to those
services on your behalf.
- Pod activity you create: the pods you make or
join, members you invite, payment confirmations you record.
Information collected automatically
- Device and usage: app version, device model and OS
version, crash reports, performance metrics. Used to fix bugs and
improve reliability.
- Audit log: a hash-chained record of significant
actions (sign-in, pod creation, payment confirmation, etc.) used for
abuse prevention.
Contacts (optional)
- If you tap “Sync my contacts,” the app sends the phone
numbers from your address book to CoSeed’s server only to
check which of them are existing CoSeed users. We do not
store the submitted phone numbers, and we do not retain
your contact list. You can decline the permission and still use
every other feature.
Information we do NOT collect
- Bank account or routing numbers.
- Government-issued ID, Social Security Number, or other KYC data.
- Household income or other financial-suitability information.
- Credit reports or credit-bureau data.
- Your transactions on Venmo, Cash App, PayPal, or Zelle.
3. How we use information
- Operate and secure your account, including login and password
recovery.
- Run the rotating-savings features you choose to use: pod creation,
invitations, round scheduling, payment-confirmation ledger.
- Send push notifications and reminders about pod activity (you can
disable push at the OS level any time).
- Detect and prevent abuse (e.g., bulk-creation of fake pods).
- Communicate with you about your account and material policy
changes.
- Improve the product through aggregated, de-identified analytics.
We do not sell or rent your personal information.
4. Who we share information with
We share specific data with vetted service providers strictly to
deliver the service you requested:
- Google LLC (Firebase & Google Cloud Platform)
— user authentication, application hosting, and database
infrastructure.
- Expo / EAS — push notification delivery to
your device.
- Sentry — aggregated crash reports and error
telemetry. We disable PII-bearing fields in Sentry transmission.
- Your pod members — only the information you
explicitly post (username, full name, photo, wallet handles, payment
confirmations).
- Law-enforcement and regulators — only when
legally compelled (e.g., a valid subpoena), and only the data
actually responsive to the request.
5. How we protect information
- All client↔server traffic is encrypted in transit with TLS
1.2+.
- Sensitive PII fields (e.g., phone number) are encrypted at rest
with Fernet (AES-128-CBC + HMAC-SHA-256).
- An immutable, hash-chained audit log records every privileged
action; tampering breaks the chain and is detectable.
- Database access is gated to a least-privilege service account
inside a private VPC; production secrets live in Google Secret
Manager and are never checked into source.
6. How long we keep information
Account and pod activity are retained for the lifetime of your
account so the ledger remains coherent for everyone you’ve podded
with. Operational logs and crash reports are retained for thirty (30)
days. If you delete your account, your personal profile is erased
within thirty (30) days; pod ledger entries you participated in are
anonymized in place (replaced with “deleted user”) so other
members’ records stay intact.
7. Your rights
Subject to applicable law, you may:
- Access the information we hold about you.
- Correct or update inaccurate information directly in the Profile
screen.
- Request deletion of your account (see retention above).
- Opt out of optional features (contacts sync, push notifications)
at any time in your Profile or device settings.
- If you are a California resident, exercise your rights under the
California Consumer Privacy Act and California Privacy Rights Act,
including the right to know, delete, correct, and not be
discriminated against for exercising your rights.
To exercise any right, email privacy@pharosventures.io.
8. Children’s privacy
CoSeed is not directed to children under 18. We do not knowingly
collect information from anyone under 18. If you believe a minor has
created an account, contact
privacy@pharosventures.io
and we will delete it.
9. International users
CoSeed is currently available only in the United States. If you
access CoSeed from outside the U.S., your information will be
transferred to and processed in the United States.
10. Changes to this policy
If we make a material change, we will notify you by email and via an
in-app notice at least 14 days before the change takes effect.
Non-material changes (e.g., clarification, typo) are effective on
posting; the “Last updated” date at the top will reflect any
revision.
11. Contact
Pharos Ventures, Inc.
Privacy questions: privacy@pharosventures.io
Support: support@pharosventures.io