Privacy Policy

1. Introduction

Welcome to FlowPlan ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial planning application and website (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for an account
• Use our Service
• Contact us for support
• Subscribe to our mailing list

The personal information we collect may include:

• Account Information: Email address, username, password (encrypted)
• Financial Data: Income, expenses, debts, savings goals (stored securely and never shared)
• Profile Information: Display preferences, notification settings

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information, including:

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent on pages, click data
• Cookies: We use cookies and similar tracking technologies to track activity on our Service

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: To create and manage your account, process your financial data, and provide personalized financial planning tools
• Improve Our Service: To understand how users interact with our Service and improve functionality
• Communication: To send you updates, notifications, and support messages
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with applicable laws and regulations

4. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Password Security: Passwords are hashed using bcrypt with salt
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Audits: We conduct regular security audits and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

5. How We Share Your Information

We do NOT sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We use third-party service providers (e.g., Convex for database, Resend for emails, Vercel for hosting) who need access to your information to perform services on our behalf
• Legal Requirements: If required by law or to respond to valid legal processes
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: We may share your information with your explicit consent

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information
• Data Portability: Request a copy of your data in a portable format
• Opt-Out: Opt out of marketing communications at any time

To exercise these rights, please contact us at privacy@flowplan.app

7. Data Retention

We retain your personal information only for as long as necessary to provide you with our Service and as described in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

When you delete your account, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal or regulatory purposes.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to the transfer of your information to these locations.

10. Third-Party Services

Our Service uses the following third-party services:

• Convex: Database and backend infrastructure (Privacy Policy)
• Vercel: Hosting and deployment (Privacy Policy)
• Resend: Email delivery (Privacy Policy)

These third-party services have their own privacy policies. We encourage you to review them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@flowplan.app
• Website: https://flowplan.app

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• The right to access, update, or delete your personal information
• The right to rectification if your information is inaccurate or incomplete
• The right to object to our processing of your personal information
• The right to request restriction of processing of your personal information
• The right to data portability
• The right to withdraw consent at any time

Legal Basis for Processing: We process your data based on your consent, contract performance, legal obligations, and legitimate interests.

To exercise your GDPR rights, contact us at privacy@flowplan.app

14. CCPA Compliance (California Users)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale of personal information (we do not sell your data)
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

To exercise your CCPA rights, contact us at privacy@flowplan.app