← Back to Home

Privacy Policy

Last updated: January 2, 2025

Our Commitment to Your Privacy

At Cashflow.fit, we believe your financial data is deeply personal. We're committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information. This policy explains everything in plain English—no legal jargon, no hidden surprises.

What Information We Collect

Information You Provide

  • Email address: When you join our waitlist or create an account
  • Account credentials: Username and encrypted password
  • Profile information: Optional details like name and preferences

Financial Data (via Plaid)

When you connect your bank accounts through Plaid, we collect:

  • Transaction history: Your purchases, deposits, and transfers
  • Account balances: Current and historical balance information
  • Account details: Institution name, account type, and account numbers (last 4 digits only)
  • Recurring payments: Subscriptions, bills, and regular expenses

Important: We never see your bank login credentials. Plaid handles authentication securely, and we only receive read-only access to the data you authorize.

Usage Information

  • Device information: Device type, operating system, browser
  • Usage data: Features you use, questions you ask our AI
  • Log data: IP address, timestamps, error logs

How We Use Your Information

We use your data to:

  • Provide our service: Generate cash flow forecasts, spending insights, and personalized financial guidance
  • Improve our AI: Train and refine our models to give you better answers (your data is anonymized for this)
  • Communicate with you: Send important updates, security alerts, and optional product news
  • Ensure security: Detect fraud, prevent abuse, and protect your account
  • Comply with laws: Meet legal obligations and respond to valid legal requests

We will NEVER:

  • Sell your data to third parties
  • Share your financial information with advertisers
  • Use your data for purposes you haven't explicitly authorized

How We Protect Your Data

Security is our top priority. We use:

  • Bank-level encryption: 256-bit AES encryption for data at rest, TLS 1.3 for data in transit
  • Secure infrastructure: Hosted on Supabase with enterprise-grade security
  • Access controls: Strict internal policies limiting who can access your data
  • Regular audits: Third-party security assessments and penetration testing
  • Secure authentication: Multi-factor authentication and encrypted sessions

Third-Party Services

We work with trusted partners who help us provide our service:

Plaid (Financial Data)

Plaid connects your bank accounts securely. They're a regulated financial service provider trusted by thousands of apps. Read Plaid's Privacy Policy

Supabase (Database & Auth)

Your data is stored securely on Supabase's infrastructure with enterprise-grade security. Read Supabase's Privacy Policy

OpenAI / Anthropic (AI Processing)

We use AI models to provide insights. Your financial data is anonymized before being sent to these services, and they don't store your data. OpenAI Privacy | Anthropic Privacy

Your Rights and Choices

You have full control over your data:

Access and Download

Request a copy of all your data at any time through your account settings or by emailing privacy@cashflow.fit

Correction

Update or correct your information anytime in your account settings

Deletion

Delete your account and all associated data permanently. We'll erase everything within 30 days (except what we're legally required to keep for accounting purposes)

Opt-Out

Unsubscribe from marketing emails anytime (we'll still send critical account updates)

Disconnect Accounts

Revoke access to your bank accounts at any time through Plaid or your account settings

Data Retention

We keep your data only as long as necessary:

  • Active accounts: Data retained while your account is active
  • Inactive accounts: After 2 years of inactivity, we'll send a reminder and then delete your data
  • Deleted accounts: Permanently erased within 30 days
  • Legal requirements: Some data (like transaction logs) may be kept longer for compliance

Children's Privacy

Cashflow.fit is not intended for anyone under 18. We don't knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@cashflow.fit

International Users

Cashflow.fit is based in the United States. If you're accessing our service from outside the US, your data will be transferred to and processed in the US. By using our service, you consent to this transfer.

For EU/UK users: We comply with GDPR. You have additional rights under European data protection laws.

For California residents: See our CCPA disclosure below.

California Privacy Rights (CCPA)

If you're a California resident, you have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt-out of the sale of your personal information (we don't sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, email privacy@cashflow.fit

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email and post a notice in the app. The "Last updated" date at the top shows when the policy was last revised.

Contact Us

Questions, concerns, or just want to chat about privacy? We're here to help:

Bottom line: Your financial data is yours. We're just here to help you understand it better. We'll protect it like it's our own, never sell it, and give you full control to view, download, or delete it anytime.