Last updated: March 2026
AllowanceKit has no servers, no APIs, and no network endpoints. There is nothing to breach because your data never leaves your devices.
AllowanceKit uses a zero-server architecture. All data is stored locally on your device using Apple's SwiftData framework and optionally synced to your personal iCloud account via Apple's CloudKit. We do not operate any servers, databases, or APIs. There is no backend to compromise.
All allowance data is stored in your device's encrypted storage via SwiftData. Protected by your device passcode, Face ID, or Touch ID.
Data syncs through Apple's CloudKit infrastructure using end-to-end encryption. We have no access to your iCloud account or its contents.
Parent PINs and child passcodes are stored in the iOS Keychain, which is hardware-encrypted and isolated from other apps.
AllowanceKit makes zero network requests to our servers (we don't have any). The only network activity is iCloud sync, handled entirely by Apple.
It's worth being explicit about what AllowanceKit does not have, because each of these is a common attack surface in other apps:
No user accounts. There are no email addresses, passwords, or credentials stored anywhere. Nothing to leak in a breach.
No server or database. There is no backend system that could be compromised. We don't operate infrastructure.
No API endpoints. There are no web-facing services to exploit. The app communicates only with Apple's iCloud.
No third-party SDKs. No analytics (Firebase, Mixpanel), no crash reporting (Sentry, Crashlytics), no advertising SDKs. Zero third-party code that could introduce vulnerabilities or exfiltrate data.
No payment processing. AllowanceKit tracks virtual allowance balances. No bank accounts, credit cards, or real money flows through the app. Payment for the app itself is handled entirely by Apple's App Store.
When setting up a child's device, the parent generates an invite code within the app. This system provides several security benefits:
Device lock. Once a child enters an invite code, their device is permanently locked to their read-only view. They cannot access parent mode or other children's data.
Read-only access. The child's device displays balances and transaction history but cannot modify balances, create transactions, or change settings.
Invite codes. Codes are single-use and stored securely. Once redeemed, the code cannot be used again.
Parent override. If a parent needs to reclaim a child's device, they can generate a time-limited override code (expires in 5 minutes) to unlock it.
AllowanceKit offers two types of passcodes, both stored in the iOS Keychain:
Parent PIN (4 digits). Required to exit kid mode, access settings, and manage allowances. Optionally bypassed with Face ID or Touch ID. Stored in the Keychain keyed to the app, never in SwiftData or synced to iCloud.
Child passcodes (4 digits, optional). Set per child to prevent sibling snooping on shared devices. Stored in the Keychain keyed by child identifier. Not synced to iCloud, so they are device-specific.
These passcodes are not security credentials in the traditional sense. They are family-level access controls designed to keep siblings honest, not to protect against sophisticated attackers. A determined user with physical access to an unlocked device could bypass them. Device-level security (device passcode, Face ID, Touch ID) is the real security boundary.
AllowanceKit uses only first-party Apple frameworks: SwiftUI, SwiftData, CloudKit, and Security (Keychain). There are no third-party dependencies, no CocoaPods, no Swift packages from external sources. This eliminates supply-chain attack vectors entirely.
This website is a static site with no backend, no database, no JavaScript that processes user data, and no cookies. Fonts are self-hosted. No third-party requests are made. The site is served over HTTPS (enforced by the .app TLD, which is on the HSTS preload list).
If you discover a security issue in AllowanceKit or this website, please report it to us so we can address it promptly.
Email: security@allowancekit.app
We aim to acknowledge reports within 48 hours and provide a resolution timeline within 7 days. We do not currently offer a bug bounty programme, but we deeply appreciate responsible disclosure and will credit researchers (with their permission) in our release notes.
If you have any questions about our security practices, please contact us at hello@allowancekit.app.