Flowsight

Privacy Policy

Effective: April 29, 2026

Flowsight is a personal financial dashboard that brings your bank, credit card, investment, and email-receipt data into one place. This policy describes what we collect, how we use it, and who else can see it. The short version: we only use your data to make the app work for you, we never sell it, we never share it for advertising, and we keep it as secure as we know how.

What we collect

We collect data only from sources you explicitly connect:

  • Google account profile — name, email, and Google account ID, via Google Sign-In, so we can authenticate you.
  • Gmail messages (read-only, optional) — only if you use the receipt-extraction feature. We scan emails matching receipt-like keywords (order, receipt, invoice, payment) and send those email bodies to our LLM provider for parsing. We do not persist email contents in v1.
  • Bank and credit-card data via Plaid — account names, balances, transactions, credit card statement details, APR, credit limits, and payment due dates. Plaid handles the credential exchange; Flowsight never sees your bank login credentials.
  • Apple Card data (optional) — when you upload a CSV export from the iOS Wallet app, we parse and store the transactions you uploaded.
  • Application data — your in-app preferences (income, pay cadence, manual credit limits), and minimal logs needed to operate the service.

How we use it

Strictly to make the product work for you:

  • Show you your accounts, balances, transactions, and trends
  • Detect recurring charges and surface anomalies
  • Power the AI chat that answers questions about your data
  • Send you opt-in product emails (the daily brief, when enabled by you)
  • Maintain and improve the service

We do not use your data for advertising, behavioral profiling, or training third-party AI models. We do not sell your data, ever.

Sub-processors

Flowsight uses the following providers to operate. They each see only the data they need to do their job, and each is bound by their own privacy and security commitments:

  • Plaid — connects your financial accounts and returns transaction/balance/liability data to Flowsight (privacy policy)
  • Supabase — managed Postgres database where your data is stored at rest (privacy policy)
  • Vercel — application hosting and edge network (privacy policy)
  • Anthropic — processes data you send to the AI chat and the receipt parser. Anthropic does not train on API data by default (privacy policy)
  • Resend — sends transactional email if you opt in to the daily brief (privacy policy)
  • Google — provides authentication and (optionally) Gmail access, scoped narrowly to what you grant (privacy policy)

Retention

We retain your data for as long as your account is active or until you delete it. You can disconnect a Plaid institution at any time from the Connect page; transactions for a deleted institution are removed via cascade. To delete your entire account and all associated data, email hugocodes1997@gmail.com and we'll process the deletion within 30 days.

Your rights

  • Access — most of your data is visible in the app; email us to request anything else.
  • Export — email us for a JSON export of your transactions, accounts, and preferences.
  • Deletion — email us to delete your account.
  • Correction — manually edit your inputs (manual credit limit, income, etc.) directly in the app.

Children

Flowsight is not intended for use by anyone under 18 and we do not knowingly collect data from minors.

Changes

If we make material changes, we'll update the effective date at the top of this page and notify you in-app. Continued use after a change constitutes acceptance.

Contact

Questions or requests: hugocodes1997@gmail.com