Legal

Privacy Policy

Last updated: June 2026

Version 2.0

MyPelican is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use the MyPelican app.

1. About MyPelican

MyPelican is run by Apoorv Kumar trading as MyPelican (ABN 65 983 953 179), based in Perth, Western Australia.

2. Information We Collect

We collect only what we need to run the service:

  • Your name and email when you sign up
  • Your bank account data — only with your explicit consent via Australia's open banking (CDR) framework
  • Basic device info to fix bugs and improve the app

3. How We Use Your Information

We use your data to:

  • Show your accounts, balances and transactions
  • Generate AI savings insights — anonymised spending summaries are processed by Claude Haiku 4.5 via AWS Bedrock within Australian infrastructure (AWS ap-southeast-2, Sydney). No consumer data leaves Australia during AI processing.
  • Send you account and security updates
  • Meet our legal obligations under Australian law

We do not use your data for advertising. Ever.

4. Open Banking (CDR)

We access your bank data through Australia's Consumer Data Right framework via Fiskil (ADRBNK000246), an Accredited Data Recipient regulated by the ACCC.

You control everything:

  • You choose what data to share and for how long
  • You can disconnect at any time from Settings
  • We never sell your banking data
  • Disconnecting deletes all your data immediately

5. Data Storage and Security

Your data is stored in Australia on Supabase infrastructure with:

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Row-level security — only you can see your data

We never store your banking password.

6. Third Party Services

We use three trusted services:

  • Fiskil (fiskil.com) — retrieves your bank data via CDR
  • Supabase — stores your data securely in Australia
  • AWS Bedrock (Claude Haiku 4.5) — generates AI insights from anonymised spending summaries. All AI processing occurs within Australian AWS infrastructure (ap-southeast-2, Sydney and ap-southeast-4, Melbourne). AWS Bedrock does not retain input prompts or model outputs after inference completes — zero data retention by default. AWS Bedrock does not use customer data to train AI models. AI operates within MyPelican's own AWS account. Anthropic provides the underlying AI model but does not receive or store any consumer data.

None of these services receive your raw personal data for advertising purposes.

7. Your Rights

Under Australian privacy law you can:

  • See what data we hold about you
  • Correct any wrong information
  • Delete your account and all data
  • Withdraw bank consent at any time
  • Complain to the OAIC at oaic.gov.au

8. Contact Us

Questions or concerns? We respond within 3-4 business days.