CCashFlow Pro
PrivacyTermsSign inGet started

Privacy Policy

Last updated: 2026-04-17

This Privacy Policy explains how CashFlow Pro (“we”, “our”, “the Service”) collects, uses, and protects personal information. We designed the Service to minimize the data we handle and to put you in control of everything that remains.

1. Who is the data controller

The controller is the operator of CashFlow Pro, reachable at support@cashflowpro.app.

2. What we collect

  • Account data: your email address and, if you sign in with Google, your Google account identifier and display name.
  • Financial data you enter: accounts, transactions, categories, bills, budgets, goals, payees, class tags, attachments, exchange rates, settings.
  • Device data: user-agent string for push subscriptions and, in error logs, the URL path and stack trace of any crash.
  • Push subscription endpoints: if you enable push notifications.

3. What we do NOT collect

  • We do not access your bank credentials. We do not integrate Open Banking or Plaid-style aggregators.
  • We do not use analytics, advertising, or cross-site tracking.
  • We do not use your data to train machine-learning models.
  • We do not sell or rent personal data.

4. Why we process data (legal bases)

  • Contract: we process your data to provide the Service to you.
  • Legitimate interest: security, abuse prevention, and Service reliability.
  • Consent: push notifications, biometric registration — both opt-in.

5. Processors

We use the following service providers, which process data on our behalf:

  • Supabase — authentication, database, storage, and scheduled functions.
  • Vercel — hosting of the web application.
  • Google OAuth — sign-in (only if you choose Google sign-in).
  • Web Push Services (e.g., FCM, Apple Push Notification service) — delivery of push notifications you opt into.

6. Storage and transfers

Data is stored in encrypted form in our providers’ infrastructure. Some providers operate in the United States and/or European Union; where cross-border transfers occur under EU / UK GDPR, they rely on Standard Contractual Clauses.

7. Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days. Backups age out within 90 days.

8. Your rights

Subject to applicable law, you have the right to:

  • access your personal data,
  • correct inaccurate data,
  • delete your data (use the “Delete account” button in Settings),
  • export your data (JSON backup in Settings → Import & Export),
  • object to processing that relies on legitimate interest,
  • withdraw consent for processing that relied on your consent,
  • lodge a complaint with your local supervisory authority.

9. Cookies

We use a small number of strictly-necessary cookies for sign-in session management and to remember which profile is active. We do not use analytics or advertising cookies.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child provided us information, contact us so we can delete it.

11. Security

We use TLS in transit, managed database encryption at rest, row-level security to isolate user data, and optional client-side passcode and biometric unlock for device-level access control. No system is perfectly secure; please use a strong password and enable push or passcode alerts to detect unauthorized access.

12. Breach notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and supervisory authorities as required by applicable law.

13. Changes

We may update this Policy from time to time. Material changes will be announced in-app or by email. Continued use of the Service after changes take effect constitutes acceptance.

14. Contact

Email support@cashflowpro.app with any questions.