🛡️

Privacy Policy

Last updated: 7 November 2025

1. Introduction

Welcome to SpendFlow ("we," "our," or "us"). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our application.

🔒Our Privacy Commitment

We want to be absolutely clear:

  • We do NOT sell your data - Your information is never sold to third parties, advertisers, or data brokers.
  • We do NOT share your data - Your financial information stays private and is never shared with external companies.
  • We do NOT track you - No third-party tracking pixels, no advertising networks, no cross-site tracking.
  • Your data is yours - You can export or delete your data at any time, no questions asked.

We only use your data to provide you with the best financial management experience. That's it.

2. Data Controller

For the purposes of the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), the data controller is:

SpendFlow Ltd.
United Kingdom
Email: spendflowapp@gmail.com

3. Information We Collect

We collect several types of information from and about users of our application, including:

  • Basic account information (name, email address)
  • Transaction data (amounts, categories, dates - but not payment details)
  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)

Important: We do not collect or store credit/debit card details or phone numbers. All payment processing is handled by secure third-party payment processors, and we only receive confirmation of transactions, not the payment details.

4. Legal Basis for Processing (GDPR)

Under GDPR, we rely on the following legal bases for processing your personal data:

  • Performance of a contract with you
  • Your consent (where required)
  • Compliance with legal obligations
  • Legitimate interests pursued by us or a third party

5. Your Data Protection Rights

Under GDPR, you have the following rights:

  • Right to access - Request copies of your personal data
  • Right to rectification - Request correction of inaccurate data
  • Right to erasure - Request deletion of your data
  • Right to restrict processing - Limit how we use your data
  • Right to data portability - Request transfer of your data
  • Right to object - Object to our processing of your data

To exercise these rights, please contact us at privacy@spendflow.app.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place for these transfers as required by applicable data protection laws, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions for specific countries
  • Other legally compliant transfer mechanisms

9. Cookies and Tracking Technologies

✓ We do NOT use third-party tracking, advertising pixels, or cross-site tracking cookies.

We only use essential cookies for:

  • Authentication - Keep you logged in securely (Firebase)
  • Preferences - Remember your settings (currency, theme)
  • Security - Prevent fraud and protect your account

We do not use cookies for advertising, marketing, or tracking your behavior across other websites. You can control cookies through your browser settings, though disabling essential cookies will affect functionality.

See our Cookie Policy for more details.

10. Third-Party Disclosures

✓ We do NOT sell, share, or trade your data with third parties for marketing, advertising, or any commercial purposes.

We only work with ONE third-party service:

Firebase (Google Cloud) - For essential infrastructure only:

  • Authentication (secure login)
  • Database (Firestore - encrypted storage)
  • Hosting (secure delivery)

Firebase does NOT use your data for advertising, analytics, or any other Google services. Your data stays in our isolated database.

We may share your information only when:

  • Legal Requirements - Required by law, court order, or legal process
  • Safety & Security - To protect your safety or prevent fraud

That's it. No other third parties. No advertisers. No data brokers. No marketing companies. No tracking networks. No analytics services.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Automated Decision Making

We may use automated decision-making processes to:

  • Detect and prevent fraud
  • Assess credit risk
  • Personalize your experience

You have the right to request human intervention, express your point of view, and contest the decision.

13. Data Breach Procedures

In the event of a data breach, we will:

  • Contain the breach and assess the risks
  • Notify affected individuals and relevant authorities when required
  • Take steps to mitigate any harm
  • Review and improve our security measures

14. Your Choices and Controls

You can exercise control over your personal data by:

  • Updating your account information in the app settings
  • Adjusting your notification preferences
  • Using browser controls to manage cookies
  • Contacting us to exercise your data protection rights

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: spendflowapp@gmail.com
United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).