Plain-English summary. We collect the data we need to run Trickle (your email, the stuff you type into the app, and basic usage signals) and nothing we don't. We don't sell your data or use it for advertising. Your Trickle chatbot messages go to Google and Anthropic for processing, but we never send them your financial details or your stored goals and moves alongside those messages. You can delete your account and all data from within the app at any time.
Contents
1. Who we are
Trickle is a financial literacy app published by LANGLIGELANG LIMITED, a company registered in New Zealand (the "Company", "we", "us"). LANGLIGELANG LIMITED is the data controller for information processed through Trickle.
You can contact our privacy team at [email protected], or by email at [email protected]. For our registered office address, please email us and we'll provide it.
2. What we collect
2.1 Information you provide
- Account details — email address, display name, and a password (or equivalent credential if you sign in with Apple or Google).
- Onboarding answers — your self-assessed money stage (Foundation, Momentum, Accelerating, or Scaling) and the goal you pick during setup.
- Content you enter in the app — savings goals, money moves you log, nudge completions, notes, and any text you type into the Trickle chatbot.
- Support enquiries — anything you email us or send through support channels.
2.2 Information collected automatically
- Usage data — lesson progress, streaks, badges, which features you use, and event logs we need to make the app work (for example, to generate your weekly nudges).
- Device data — device type, operating system version, app version, language, and a push notification token if you enable notifications.
- Error and diagnostic logs — crash reports and error traces, used to fix bugs.
2.3 Information from third parties
- Sign-In providers — if you use Sign in with Apple or Google, we receive your email address (and, if you consent, your name) from that provider. We do not receive your password.
- RevenueCat (subscriptions) — if you purchase Trickle Premium, Apple or Google handles the payment and shares a purchase receipt with RevenueCat, who tells us whether your subscription is active. We never see your full payment card details.
We do not collect your bank account numbers, credit card numbers, national ID, passport, date of birth, location, or contacts. Trickle does not connect to your bank.
3. How we use your information
We use your information to:
- Create and maintain your account and authenticate you.
- Operate Trickle's core features: lessons, spaced repetition, goals, nudges, simulators, streaks, Grove, and the Trickle chatbot.
- Personalise your experience (for example, suggesting goals that match your money stage).
- Process subscriptions and manage access to Premium features.
- Send you product emails (e.g. password reset, account verification) and — if you enable them — push notifications.
- Respond to support enquiries.
- Improve Trickle by looking at aggregated, de-identified usage patterns.
- Meet legal obligations, and protect Trickle, you, and other users.
We do not:
- Sell your personal information to anyone.
- Share your personal information with advertisers.
- Use your information for cross-app or cross-site tracking.
- Use your Trickle chatbot messages or your app content to train AI models.
4. Who we share it with
We only share data with service providers ("sub-processors") that help us run Trickle. Each one is contractually bound to protect your data and use it only to provide their service to us.
| Provider | What it does | Data it receives |
|---|---|---|
| Supabase | Database, authentication, and serverless functions | Account details, app content, usage data. Hosted in a US AWS region. |
| Google (Gemini API) | AI chat responses and lesson embeddings | Your Trickle chatbot messages and matched lesson context only — see §5 below. No stored profile or financial data. |
| Anthropic (Claude API) | Fallback AI chat responses when Gemini is unavailable | Same as Gemini — chat messages and matched lesson context only. |
| RevenueCat | Subscription management across Apple and Google | Your Supabase user ID and purchase receipts. |
| Apple / Google (IAP) | Payment processing and in-app purchases | Payment details are held by Apple or Google — we do not receive them. |
| Apple / Google (Sign-In) | Optional third-party login | Email address and (if you consent) your name. |
| Expo | Push notification delivery | Your device push token and the notification content. |
| Cloudflare | Domain, DNS, and website hosting for gettrickle.app | Standard website request logs (IP, user-agent, page URL) when you visit this site. |
We may also disclose information if we are required to by law, a court order, or a binding request from a government authority, or to protect the rights, property, or safety of Trickle, our users, or the public.
5. Trickle chatbot and AI processing
This section is important and we want to be explicit. Please read it.
When you send a message to Trickle chatbot (also called "Ask Trickle") the following happens:
- Your message is sent to our servers.
- We turn your message into a search vector using Google's embedding model, and use it to look up the most relevant lessons from Trickle's own curriculum (a technique called Retrieval-Augmented Generation, or "RAG").
- Your message, the current conversation (up to 10 recent messages), and the matched lesson excerpts are sent to Google Gemini, or to Anthropic's Claude as a fallback, to generate a response.
- The response is streamed back to you and the finished conversation is saved to your account so you can see your history.
What we do NOT send to the AI models: your saved goals, logged money moves, lesson progress, streaks, badges, community/Grove data, subscription status, or any other stored personal data. The chatbot does not have tools to read your profile. It answers based only on the current conversation and Trickle's lesson content.
Training. Google and Anthropic's enterprise API terms state that prompts and completions sent through their paid APIs are not used to train their models. We rely on those terms. We also do not use your chat messages to train any AI model ourselves.
Design intent. Trickle chatbot is an educational tool, not a financial adviser. Its system prompt restricts it from giving personalised financial advice, recommending specific investments, or telling you what to do with your money. It explains concepts drawn from Trickle's lessons and helps you think through decisions in general terms. See our Terms of Service for the full disclaimer.
For more on how Google and Anthropic process API data, see their respective privacy policies:
- Google (Gemini API) — ai.google.dev/gemini-api/terms
- Anthropic (Claude API) — anthropic.com/legal/privacy
6. Legal bases (for users in the UK, EU, and EEA)
If GDPR or UK GDPR applies to you, we process your personal data on the following legal bases:
- Performance of a contract — to provide the Trickle service you signed up for.
- Legitimate interests — to keep the service secure, prevent abuse, fix bugs, and improve Trickle based on aggregated usage patterns. You can object to this processing at any time (see §8).
- Consent — where we ask for it, for example to send push notifications or to process any data you voluntarily include in chatbot messages.
- Legal obligation — where we must comply with applicable laws.
7. How long we keep your data
- Account data, app content, chat history — for as long as your account is active.
- Account deletion — when you delete your account (Settings → Account → Delete Account), we permanently erase your data from our systems within 7 days. Certain limited records (e.g. transaction records required for tax purposes) may be retained longer where the law requires, and backups may persist for up to 30 days before being overwritten.
- Support emails — retained for up to 2 years so we can help you with follow-up questions.
- Diagnostic logs — retained for up to 90 days, then deleted.
8. Your rights
Depending on where you live, you have some or all of the following rights over your personal information:
- Access — request a copy of the data we hold about you.
- Rectification — correct data that is wrong or out of date. Most of this you can do yourself in Settings.
- Deletion — delete your account and data. You can do this in-app at Settings → Account → Delete Account, or by emailing us.
- Portability — receive your data in a machine-readable format.
- Objection and restriction — ask us to stop or limit certain processing.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time.
- Complain — lodge a complaint with your local data protection authority. In New Zealand, that is the Office of the Privacy Commissioner.
To exercise any of these, email [email protected]. We will respond within 30 days.
For California residents: under the CCPA you also have the right to know what personal information we have collected, to delete it, and not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA.
9. Children
Trickle is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17, you may only use Trickle with the involvement and consent of a parent or legal guardian.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact [email protected] and we will delete it promptly.
10. International transfers
Trickle is operated from New Zealand, and some of our sub-processors (notably Supabase, Google, Anthropic, RevenueCat, Cloudflare) store or process data in the United States and other countries. If you are located in the UK, EU, or EEA, this means your personal information will be transferred outside your country.
Where required, we rely on the European Commission's Standard Contractual Clauses and on sub-processors' own adequacy mechanisms (for example, the EU–US Data Privacy Framework where applicable) to protect your data during these transfers.
11. Security
We protect your data with measures appropriate to the nature of the data and the risks involved. Passwords are stored hashed; connections use TLS 1.2 or higher; our database is protected by row-level security so users can only access their own data; and access to production systems is restricted to authorised personnel.
No system is perfectly secure. If we become aware of a security breach that affects your personal information, we will notify you and the relevant authorities as required by law.
12. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by email before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent version.
13. Contact us
Questions about your data?
Privacy enquiries — [email protected]
General support — [email protected]
Published by LANGLIGELANG LIMITED, New Zealand