Privacy Policy - Grand Coin
Grand Coin Privacy Policy
Effective date: June 13, 2026 Last updated: June 22, 2026
Grand Coin ("Grand Coin," "we," "us," or "our") provides an iOS mobile application that helps users save money through linked U.S. bank transfers. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Grand Coin app, website, and related services (collectively, the "Services").
Grand Coin is intended for users 18 years of age or older who are residents of the United States.
-
Who We Are
Company/Owner: Puzzling Apps and Games Contact email: contact@developedbycooke.com Support page: https://www.puzzlingapps.com/contact-support-really-puzzling-app Website: https://www.puzzlingapps.com
2. Information We Collect
a) Information you provide directly
-
Account registration information (name, email, password)
-
Customer support communications
-
Optional profile information you choose to provide
b) Financial and payment information When you link a bank account and use deposit or withdrawal features, we and our payment partners may process:
-
Bank account metadata (e.g., institution name, account last4)
-
Tokenized account and routing information
-
Account ownership details
-
Deposit and withdrawal transaction records (amount, status, timestamps)
Important: We do not store full bank login credentials. Bank linking and payment processing are handled by trusted third-party providers, including Stripe, Inc. and its Financial Connections service. Stripe's privacy notice is available at https://stripe.com/privacy.
c) Device and usage information
-
Device identifiers and app diagnostics
-
Push notification token (for reminders and transaction updates), if enabled
-
App activity and interaction events
-
Crash and error logs and performance metrics
d) Information from third parties
-
Authentication providers (e.g., Sign in with Apple, Sign in with Google). When you choose to sign in using a third-party provider, we receive the basic profile information you authorize that provider to share with us, typically your name, email address, and a provider-issued user identifier. We do not receive your password.
-
Backend and infrastructure providers (e.g., Firebase services from Google)
-
Payment processor data needed to complete transfers (Stripe)
e) Optional in-app purchase information If you choose the optional "Support Grand Coin" in-app purchase, Apple processes the payment through the App Store. We do not receive or store your full payment card number. We may receive and store:
-
Product identifier (e.g., support tier purchased)
-
Transaction identifiers issued by Apple (such as transaction ID and original transaction ID)
-
Purchase verification data needed to confirm the transaction with Apple
-
A supporter entitlement flag linked to your Grand Coin account (e.g., entitlements.supporter)
We use this information to acknowledge your optional support, prevent duplicate entitlement grants, and allow you to restore a prior Support purchase on a new device when you use "Restore Purchases," subject to Apple's policies.
What we do NOT collect:
-
Full online banking login credentials (username/password)
-
Credit or debit card numbers
-
Social Security numbers
-
Biometric data
-
Precise device location
-
How We Use Information
We use information to:
-
Create and manage your account
-
Link your bank account and verify ownership
-
Process deposits and withdrawals you authorize
-
Maintain transaction history and account balances
-
Send transactional and reminder notifications
-
Detect fraud, abuse, and unauthorized activity
-
Comply with legal, tax, and regulatory obligations
-
Improve and operate the Services
-
Record and restore optional Support in-app purchases you authorize
We do not use your data for credit underwriting or lending decisions.
3. Withdrawals and Manual Review
Withdrawal requests submitted in the app may be subject to manual review for safety, fraud prevention, and regulatory compliance. Once approved, funds are returned to your linked U.S. bank account using the ACH network. ACH transfers typically settle in 1–4 business days, and timing depends on your bank and standard banking-network processing. We will reflect the status of each withdrawal request in the app.
4. Legal Bases for Processing (where applicable)
Depending on your location, we process information based on:
-
Performance of a contract (providing the Services)
-
Legitimate interests (security, fraud prevention, service improvement)
-
Legal obligations (compliance and recordkeeping)
-
Consent (where required, e.g., certain notifications)
5. How We Share Information
We may share information with:
-
Service providers and processors that help operate the Services (e.g., payment processing, cloud hosting, analytics, notifications)
-
Financial partners needed to complete authorized transfers
-
Legal or regulatory authorities when required by law or legal process
-
Corporate transaction counterparties in a merger, financing, or acquisition
We do not sell or share personal information for cross-context behavioral advertising or for monetary consideration. We do not share bank-linked data with unaffiliated third parties for their own marketing.
6. Data Retention
We retain information for as long as needed to:
-
Provide the Services
-
Maintain required financial and compliance records
-
Resolve disputes and enforce agreements
Retention periods vary by data type and applicable legal requirements.
7. Security
We take the security of your information seriously and use a combination of technical, administrative, and organizational safeguards designed to protect it.
Technical safeguards include:
-
Encryption in transit: Communication between the Grand Coin app and our servers, and between our servers and our service providers, uses industry-standard Transport Layer Security (TLS / HTTPS).
-
Encryption at rest: Account and transaction data is stored on managed cloud infrastructure (Google Firebase / Firestore) that encrypts data at rest by default.
-
Tokenization of financial data: Bank account and routing information is handled and tokenized by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store full bank login credentials, and we do not store payment card numbers.
-
Authenticated access: User accounts are protected by Firebase Authentication and supported sign-in methods including email, Sign in with Apple, and Sign in with Google. Sensitive operations are restricted to the authenticated, authorized account holder.
-
Server-side enforcement of money movement: Deposits, withdrawals, and balance updates are validated and executed by server-side Cloud Functions. The client app cannot independently modify balances, transaction records, or bank linkage data.
-
Webhook integrity: Payment status updates from Stripe are accepted only after cryptographic signature verification, with replay and out-of-order protections.
Operational safeguards include:
-
Principle of least privilege for internal access to production systems.
-
Logging and monitoring of authentication, payment, and webhook events to support anomaly detection and incident response.
-
Use of vetted third-party providers (Stripe, Google Firebase, Apple) that maintain their own industry-recognized security and compliance programs.
Despite these measures, no method of Internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a security incident materially affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.
8. International / Data Location
Grand Coin is currently intended for users in the United States. Data may be stored and processed in the United States and other jurisdictions where our service providers operate, subject to applicable safeguards.
9. Your Choices and Rights
Depending on where you live, you may have rights to:
-
Access, correct, or delete your information
-
Request portability of your data
-
Object to or restrict certain processing
-
Withdraw consent where processing is based on consent
-
Appeal a denied rights request
To exercise rights, contact contact@developedbycooke.com or use our support page at https://www.puzzlingapps.com/contact-support-really-puzzling-app.
10. Account Deletion
You can request deletion of your Grand Coin account directly from within the app under Account → Account Management → Request Account Closure. After you submit a closure request, our team will process it and confirm completion. We will retain only the records required by law and our financial recordkeeping obligations after closure. You may also email contact@developedbycooke.com to request deletion.
11. Push Notifications
If enabled, we may send push notifications for reminders and transaction updates. You can disable notifications at any time in iOS Settings.
12. Children's Privacy
Grand Coin is not directed to, intended for, or available to anyone under 18. We do not knowingly collect personal information from children or minors. If you believe a minor has provided us information, please contact us so we can take appropriate action.
13. Third-Party Services and Links
Our Services integrate with third-party services, including Stripe (payment processing and Financial Connections), Apple (Sign in with Apple and App Store in-app purchase processing), Firebase (Google) (authentication, database, cloud functions, and notifications), and Google Sign-In (optional sign-in method). Their privacy practices are governed by their own policies, including:
-
Stripe: https://stripe.com/privacy
-
Google / Firebase / Google Sign-In: https://policies.google.com/privacy
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. Material changes may be communicated through the app, website, or email.
15. Contact Us
For privacy questions or requests: Email: contact@developedbycooke.com Support: https://www.puzzlingapps.com/contact-support-really-puzzling-app
