Privacy Policy
Your trust is our priority. Read how we protect and manage your financial data with transparency.
1. Data We Collect
FinanceFlow processes information to deliver a comprehensive financial tracking experience. We limit collection to the following categories:
- Account Credentials: Name, verified email address, hashed passwords, and profile preferences.
- Financial Data: Bank account names, transaction dates, descriptions, categories, and balance information.
- WhatsApp Ingestion Logs: If linked, phone numbers and the content of transactional SMS/WhatsApp prompts.
- Receipt Scans: Images uploaded for AI-assisted line item extraction.
2. Processing receipt scans via Generative AI
Receipt scans uploaded to FinanceFlow are processed by the Google Gemini 2.5 Flash model via the official Google Generative AI SDK.
- Your uploaded receipt images are parsed programmatically to identify transaction totals, categories, dates, and vendors.
- FinanceFlow does not train generative AI models using your sensitive financial receipts or documents.
- Images are parsed transiently and stored in secure cloud buckets only to display historical uploads to the account owner.
3. WhatsApp Expense Tracking (Twilio Integration)
Our WhatsApp ingestion utility leverages the Twilio WhatsApp Gateway API to receive webhook notifications containing text prompts (e.g., "spent 500 on groceries").
We only parse messages that strictly fit transaction logging formatting directives. Standard messaging records are filtered through authentication checks. Unassociated phone numbers are rejected immediately, and messages containing non-expense descriptions are ignored to preserve data hygiene and user privacy.
4. Data Protection & Security Controls
We implement professional safeguards to secure information against unauthorized access:
- Session Cookies: HTTP-Only cookies to protect against cross-site scripting (XSS) session hijack attempts.
- Encryption: Password hashes generated via cryptographically secure salt algorithms (Bcrypt). SSL/TLS transit channels are enforced across all database connections.
- Guest Lifespans: Guest profile credentials and associated balances are automatically deleted from database indexes after 7 minutes of inactivity.
5. Data Retention & Deletion
Registered users retain total ownership over their files. You can delete transactions or terminate accounts directly from your personal settings screen. Upon account termination, all linked records are purged permanently from our active database within 24 hours.
6. Policy Updates & Contact Information
We may update this Privacy Policy periodically. Continued use of the platform after updates constitutes consent to the revised terms.
If you have any questions or require data deletion help, contact our data protection team at: financeflow341@gmail.com