Piggy ("the application") is a personal, non-commercial application operated by Kent-Andre Nøklebye ("the operator") at https://piggy.sklz.dev. Its sole purpose is to fetch the balance of the operator's own savings accounts at a Norwegian bank and display that balance on dedicated home devices for the operator's children.
The application is used by a single household. It is not offered as a service to anyone outside that household.
Kent-Andre Nøklebye, contactable at k@nklb.no. As the application processes only the operator's own personal data, the operator is simultaneously the data controller and the primary data subject.
The application does not process: transaction history, counterparty information, names of children beyond a label shown on the local display device (e.g. "Leon"), nor any personal data belonging to anyone other than the operator.
Data is obtained from the operator's bank via Enable Banking AB (Finland), under PSD2/Berlin Group account-information services, with the operator's explicit consent renewed at most every 180 days.
The data is processed solely to render a balance figure on home display devices, for the educational purpose of helping the operator's children visualise their savings. The legal basis is GDPR Article 6(1)(a) — the operator's consent — given by completing the Enable Banking consent flow at the bank.
All processing and storage takes place on a home server on the operator's local network (Norway). Data is not shared with any third party. No analytics, telemetry, advertising, or tracking technologies are used. The application uses no cookies.
None outside the EEA. The bank is in Norway. Enable Banking AB is in Finland (EEA). The operator's home server is in Norway.
Balance snapshots are retained indefinitely on the operator's home server, as a personal historical record. The Enable Banking session token expires automatically after at most 180 days at which point new consent is required. The operator can erase all data at any time by deleting the local SQLite database on the home server.
As the only data subject is the operator, the operator may exercise all GDPR rights — access, rectification, erasure, restriction, portability, objection, and withdrawal of consent — directly on the home server, and additionally by revoking the bank consent through the bank's own application.
The home server holds the Enable Banking application's RSA private key (file permission 0600), the active session token, and the balance database. The database is reachable only over the operator's local network. The OAuth callback URL is the only externally reachable endpoint and is restricted to the consent flow.
Questions about this policy: k@nklb.no.