PocketVM Privacy Policy

Effective: April 18, 2026

WeaveHub Technologies LLC (“we,” “us,” or “our”) built PocketVM as a privacy-first vulnerability management app. This policy explains what data PocketVM collects, how it is used, and your choices.

1. Information We Collect

1.1 Information You Provide

PocketVM stores your Tenable API keys and Qualys credentials locally in the iOS Keychain on your device. These credentials are used exclusively to communicate directly with your vulnerability platform’s API. They are never transmitted to WeaveHub servers.

1.2 Subscription Information

If you subscribe to PocketVM Pro, Apple processes and manages your subscription. We receive a transaction verification token but no payment details.

1.3 Analytics Data

If you opt in, we collect anonymous usage analytics via Firebase Analytics (screen views, feature usage counts). No vulnerability data, credentials, IP addresses, or personally identifying information is included. You can disable analytics at any time in Settings.

1.4 Crash Reports

If you opt in, Firebase Crashlytics collects crash reports to help us fix bugs. Crash reports contain device model, OS version, and stack traces. No vulnerability data or credentials are included.

2. How We Use Your Information

We use analytics data solely to improve PocketVM. We do not sell, share, or monetize any user data. Your vulnerability platform credentials and scan data never leave your device except to communicate directly with your platform’s API.

3. Data Storage and Security

All credentials are stored in the iOS Keychain with hardware-backed encryption. Vulnerability data is cached locally on your device using encrypted storage. No vulnerability data is stored on WeaveHub servers. Optional biometric lock (Face ID / Touch ID) provides an additional layer of device-level security.

4. Third-Party Services

PocketVM communicates directly with Tenable.io and Qualys VMDR APIs using your credentials. We also use Firebase Analytics and Crashlytics (both opt-in). No other third-party services receive your data.

5. Your Choices

You can disable analytics and crash reporting at any time in Settings. You can delete all cached data from Settings > Data > Clear Cache. Uninstalling the app removes all locally stored data including Keychain entries.

6. Children’s Privacy

PocketVM is not directed at children under 13. We do not knowingly collect information from children.

7. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

8. Contact Us

If you have questions about this privacy policy, contact us at support@weavehub.app.