Privacy Policy

Last updated: June 2025

Our Core Commitment

Your financial data is private. FlowFund does not sell, share, or monetize your personal data. We do not run ads. We do not share data with third parties for marketing. Your finances are your business.

What We Collect

• Account data: Email address and password (hashed, never stored in plain text)
• Financial data you enter: Transactions, goals, debts, income, bills — stored encrypted in your account
• Usage analytics: Page views and feature usage (anonymous, no personal identifiers) to improve the product
• Uploaded files: Documents stored in your Vault, videos uploaded to Reels

What We Do Not Collect

• We never collect bank login credentials or access tokens
• We never sell your data to advertisers, data brokers, or third parties
• We never use your financial data to train AI models outside of your account
• We do not require KYC (Know Your Customer) identity verification

How We Store Your Data

All data is stored on Supabase infrastructure with AES-256 encryption at rest. All data transmission uses TLS 1.3. Authentication is handled via Supabase Auth with JWT tokens. Passwords are never stored in plain text.

AI Features and Your Data

When you use the AI Advisor, your financial summary (totals, categories, goals) is sent to an AI API (NVIDIA Llama) to generate insights. We do not send personally identifying information (name, email) to the AI. AI responses are generated fresh each time and not permanently stored in AI training systems.

Data Retention

Your data is retained as long as your account exists. When you delete your account, all personal data is permanently deleted within 30 days. You can export your data at any time from Settings → Export Data.

Cookies

We use only essential session cookies required for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Third-Party Services

• Supabase: Database, authentication, and file storage
• Stripe: Payment processing (we never see your full card number)
• NOWPayments: Cryptocurrency payment processing
• Vercel: Hosting and deployment

Your Rights

• Right to access all data we hold about you
• Right to export your data in CSV format
• Right to delete your account and all associated data
• Right to correct inaccurate information
• GDPR rights for EU/EEA residents

Children's Privacy

FlowFund is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us immediately.

Changes to This Policy

We will notify users of material changes to this Privacy Policy via email and an in-app notification at least 14 days before changes take effect.

Contact

For privacy inquiries or data deletion requests, contact us at flow.fund012@gmail.com