Skip to content
Privacy & security

Your code.
Your account. Your phone.

Pocket Code is not an AI provider, doesn't process your code on our servers and doesn't train models with your work. You connect your own accounts and everything sensitive stays on the device, encrypted.

BYOK — your account, your model

Any AI, hosting, BaaS or observability provider (4 AI providers + 13 external platforms) runs against your own token. Pocket Code never acts as a middleman.

Encrypted on-device

API keys, SSH keys, database passwords and OAuth tokens are encrypted using Android Keystore. Keys never appear in logs or in the app's state.

No proxy in the middle

Every call (AI, deploy, remote database, third-party marketplace) goes directly from the phone to the service. We do not run servers that process your code.

Biometric authentication

Sensitive actions — viewing tokens in clear, opening production connections, running DELETE/DROP/TRUNCATE, unlocking masked columns — require device fingerprint, face or PIN.

Your code does not train models

Pocket Code does not use your code, prompts, files, queries or project metadata to train our own or third-party models. Every AI interaction goes to your provider under their policy — and never passes through us.

Data local by default

Projects, snippets, queries, connections and schemas live in the app's local storage. Cloud sync (Firebase) is opt-in, Pro, and you always control what's synced.

Where each thing lives

Full transparency: for each data type you know exactly where it's stored, whether it leaves the phone and where it goes.

What always stays on the phone

  • Your project source code
  • AI assistant prompts, files and queries
  • Tokens, API keys, SSH keys and DB passwords (encrypted)
  • Query history and workflow run history
  • Editor settings, snippets, keybindings
  • Local databases (SQLite + embedded PostgreSQL)

What leaves the phone — and where it goes

  • AI: directly to the provider (Gemini, OpenAI, Claude, Copilot…) with your token. No proxy from us.
  • Deploy / BaaS / monitoring: directly to the provider (Vercel, Render, Sentry…). No proxy from us.
  • SSH and remote databases: direct device → server connection.
  • Firebase (with your consent): authentication, anonymous analytics, crash reports, push notifications.
  • RevenueCat: Pro subscription status (no payment data).
  • Cloud sync (Pro and opt-in): projects, settings, snippets, themes.

What we never send anywhere

  • Your source code to our servers — because we don't run servers that process it
  • Your AI prompts or responses — they go directly to whichever provider you pick
  • Your credentials in clear — we use them encrypted and only during the call
  • Your code to train models — neither ours, nor third-parties', nor anonymised

Defense in depth

Protections stack: even if someone has physical access to the unlocked phone, the most sensitive actions still require another confirmation.

Credential encryption

All tokens, API keys, SSH keys and DB passwords are encrypted with Android Keystore. Encryption is tied to the device lock screen — without unlocking the phone, there's no key.

Biometric gate on sensitive actions

Opening the Integrations panel (where every token sits in clear), running DELETE/DROP/TRUNCATE on a database, opening connections marked as production, or viewing masked columns in clear all require fingerprint, face or PIN.

Safe mode on destructive operations

Dangerous SQL ops (DELETE without WHERE, DROP TABLE, TRUNCATE, ALTER DROP COLUMN, UPDATE without WHERE) are intercepted and a dialog shows the full SQL and affected rows before they execute. Disable-able, but on by default.

Automatic data masking

The data viewer detects `email`, `password`, `token`, `secret`, `api_key` columns and shows them masked by default. Viewing in clear requires biometric authentication.

Per-tool permissions for the AI agent

The chat agent can only invoke tools you explicitly enable (file reads, terminal execution, DB writes, etc.). Defaults to read-only.

Validation against command injection

When the AI runs commands in the terminal, each command is sanitised against injection, sandboxed to the project directory and has a timeout to avoid zombie processes.

Found something?

If you find a security vulnerability, email support. We respond within 48 business hours and ship patches in severity order. We don't have a formal bug bounty yet, but we publicly credit every responsible report (with your consent).

You can also see security.txt at /.well-known/security.txt.

Privacy policy

Data we collect, how, and for how long

Read

Terms of service

Rules of the road when using Pocket Code

Read

Delete account

How to delete your account and all its data

Read