FinFloe Inc. — Mobile App Privacy Policy

Last updated: October 19, 2025

Introduction

This Privacy Policy describes how FinFloe Inc. ("FinFloe," "we," "us," or "our") collects, uses, and shares your personal information when you use our mobile application ("App" or "FinFloe App") available on iOS (Apple App Store) and Android (Google Play Store).

This policy applies only to our mobile App. For our website privacy practices, see our separate Website Privacy Policy.

By using the FinFloe App, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the App.

Questions or concerns? Contact us at:
- Privacy: privacy@finfloe.com
- Support: support@finfloe.com
- Mail: FinFloe Inc., 300 McNicoll Ave., North York, Ontario M2H 2C7, Canada

Table of Contents

  1. Summary of Key Points
  2. What Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing (Canada)
  5. How We Share Your Information
  6. Artificial Intelligence (AI) Features
  7. Cookies and Tracking Technologies
  8. Affiliate Marketing and Financial Product Offers
  9. Data Retention
  10. Data Security
  11. Children's Privacy
  12. Your Privacy Rights
  13. Do Not Track
  14. U.S. State Privacy Rights
  15. International Data Transfers
  16. Changes to This Policy
  17. Contact Us

Summary of Key Points

What personal information do we collect?
We collect personal information you provide (name, email, financial data you manually enter) and information automatically collected (device data, usage analytics, general location).

Do we process sensitive information?
Yes. We process financial data (income, expenses, bills, account information) that you manually input. We also collect general location data to prevent abuse and improve services.

Do we collect information from third parties?
No. We do not connect to your bank accounts or collect data from third-party services. All financial information is manually entered by you.

How do we use your information?
We use your information to provide our financial management services, generate AI-powered insights (Premium plan), improve the App, communicate with you, and show you relevant affiliate offers for financial products.

When and with whom do we share your information?
We share information with service providers (cloud hosting, analytics, AI, payment processing), advertising partners (to create audiences for marketing), and as required by law. We do NOT sell your personal information to data brokers.

How do we keep your information safe?
We use encryption, secure cloud infrastructure, and industry-standard security practices. However, no system is 100% secure.

What are your rights?
Depending on where you live, you may have rights to access, correct, or delete your information, opt out of marketing, and more.

How do you exercise your rights?
Contact us at privacy@finfloe.com or support@finfloe.com.

What Information We Collect

1. Information You Provide to Us

Account Information:

  • Full name
  • Email address
  • Phone number (optional, for account recovery)
  • Date of birth
  • Username and password (password is encrypted and never stored in plain text)

Financial Information (Manually Entered by You):

Important: We do NOT connect to your bank accounts or use services like Plaid. You manually enter all financial data.

  • Account names (e.g., "Chase Checking," "TD Savings") – NO account numbers or routing numbers
  • Account balances (updated manually by you)
  • Income information (salary, side income, etc.)
  • Expense data (spending categories, amounts)
  • Bills and recurring payments (name, amount, due date)
  • Payment information (for tracking, not for actual payment processing)
  • Financial goals (savings targets, budget goals)

Payment Information (for App Subscription):

  • Processed by Apple App Store (iOS) or Google Play Store (Android)
  • We do NOT directly collect or store your credit card information
  • Subscription management is handled by RevenueCat (see Third-Party Services below)

Support Communications:

  • If you contact us for support, we collect your email address and the content of your messages

2. Information Collected Automatically

Device Information:

  • Device type and model (e.g., iPhone 14, Samsung Galaxy S23)
  • Operating system and version (iOS 17, Android 14)
  • Device identifiers (e.g., Apple IDFA, Android Advertising ID, device UUID)
  • App version
  • Mobile carrier

Usage Data:

  • Features you use within the App
  • Time spent on different screens
  • Frequency of App usage
  • In-app actions (e.g., adding an expense, updating a balance)
  • Crash reports and error logs

Location Data:

  • General location (city/region level) derived from IP address
  • Purpose: Prevent abuse, fraud detection, and localize services
  • We do NOT collect precise GPS coordinates or continuous location tracking

Analytics and Performance:

  • We use analytics tools (e.g., Supabase Analytics) to understand App performance and user behavior

3. Information We Do NOT Collect

  • Bank account numbers, routing numbers, or login credentials
  • Credit card numbers (handled by Apple/Google)
  • Social Security Numbers (SSN) or Social Insurance Numbers (SIN)
  • Race, ethnicity, religion, or political views
  • Biometric data (fingerprints, Face ID data remains on your device only)
  • Gender or marital status (at this time; may be added later for optional demographic insights)
  • Precise GPS location

HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

Core App Functions

  1. Account Management: Create and manage your user account, authenticate your identity
  2. Service Delivery: Provide financial tracking, budgeting, and management features
  3. AI Insights (Premium Plan): Analyze your financial data to provide personalized insights, spending patterns, budget recommendations, and forecasts

Communication

  1. Customer Support: Respond to your inquiries and provide technical assistance
  2. Service Notifications: Send important updates about your account, App changes, or service disruptions (via email or push notifications, once implemented)
  3. Marketing Communications: Send promotional emails about App features, upgrades, or partner offers (you can opt out)

Product Improvement

  1. Analytics: Understand how users interact with the App to improve features and user experience
  2. Testing: Conduct A/B tests and beta testing for new features
  3. Bug Fixes: Identify and resolve technical issues

Affiliate Offers

  1. Financial Product Recommendations: Show you relevant credit card and financial product offers from our affiliate partners (you may earn rewards; we may earn commissions)
  2. Personalization: Tailor affiliate offers based on your financial profile (e.g., credit card offers if you track credit card expenses)

Security and Compliance

  1. Fraud Prevention: Detect and prevent fraudulent activity, abuse, or unauthorized access
  2. Legal Compliance: Comply with applicable laws, regulations, and legal processes

Marketing and Advertising (External)

  1. Audience Building: Share anonymized/aggregated data with advertising platforms (Meta, Google, etc.) to create "lookalike audiences" and find new users
  2. Retargeting: Show FinFloe ads to people who have visited our website or used our App

For Canadian Users (PIPEDA Compliance):

We process your personal information based on:

  1. Your Consent (Express or Implied):
    • By using the App and providing information, you consent to our data practices
    • You can withdraw consent at any time by deleting your account or contacting us
  2. Contractual Necessity:
    • We need your information to provide the App services you've subscribed to
  3. Legitimate Business Interests:
    • Improving our App, preventing fraud, and marketing our services
  4. Legal Obligations:
    • Complying with tax, accounting, and other legal requirements

Sensitive Information: Financial data is considered sensitive under Canadian law. We only process this data with your explicit consent and as necessary to provide our core services.

For U.S. Users:
We process your information based on your consent, our legitimate business interests, and as necessary to fulfill our contract with you.

HOW WE SHARE YOUR INFORMATION

We share your personal information with the following categories of third parties:

1. Service Providers (Data Processors)

These companies process data on our behalf under strict contractual obligations:

Cloud Hosting and Infrastructure:

  • Supabase (backend database and authentication) – Stores your account and financial data
  • Data is encrypted in transit and at rest

AI and Machine Learning:

  • Anthropic (Claude AI) – Accessed via Open Router or directly
  • Google AI – For AI-powered insights
  • Important: Your financial data is anonymized before being sent to AI providers. We strip identifying information (name, email, etc.) so AI models process only aggregated/anonymized financial patterns.

Analytics:

  • Supabase Analytics – App usage and performance monitoring
  • Data is anonymized where possible

Subscription Management:

  • RevenueCat – Manages in-app subscriptions and tracks purchase history
  • RevenueCat collects: Purchase history, subscription status, anonymous user ID
  • See RevenueCat's privacy policy: https://www.revenuecat.com/privacy/

App Store Platforms:

  • Apple App Store (iOS) – Processes payments for iOS subscriptions
  • Google Play Store (Android) – Processes payments for Android subscriptions

Email Services (Future):

  • When implemented, we will use email service providers (e.g., SendGrid, AWS SES) to send you notifications and marketing emails

2. Advertising and Marketing Partners

Purpose: Create audiences for targeted advertising and retargeting campaigns

We share limited, anonymized/aggregated data with:

  • Meta (Facebook/Instagram) – Audience building, retargeting ads
  • Google Ads – Conversion tracking, lookalike audiences
  • TikTok, LinkedIn, Reddit, Twitter/X – Ad targeting and measurement
  • Other advertising platforms we may add

What we share:

  • Hashed email addresses (converted to anonymous identifiers)
  • Device identifiers (Apple IDFA, Google Advertising ID)
  • Aggregate user behaviors (e.g., "users who completed onboarding")

What we do NOT share with advertisers:

  • Your specific financial data (income, expenses, account balances)
  • Full name or phone number
  • Detailed transaction history

Purpose: This allows us to find new users similar to you and show you relevant FinFloe ads on social media and other platforms.

3. Affiliate Partners

We partner with financial product providers (credit card companies, banks, fintech apps) to offer you relevant financial products within the App.

How it works:

  • We show you offers (e.g., "Earn 2% cashback with XYZ Credit Card")
  • If you click on an offer and apply, the affiliate partner may collect information directly from you (subject to their privacy policy)
  • We may earn a commission if you're approved or make a purchase
  • We do NOT share your FinFloe financial data with affiliate partners without your explicit action (e.g., clicking on an offer)

Affiliate Disclosure: See section 8 for full transparency about affiliate relationships.

4. Business Transfers

In the event of a merger, acquisition, financing, sale of assets, or bankruptcy:

  • We may transfer your information to the acquiring entity
  • You will be notified via email and/or App notification
  • The new entity must honor this Privacy Policy

5. Legal and Safety Purposes

We may disclose your information if required to:

  • Comply with legal obligations (court orders, subpoenas)
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of FinFloe, our users, or the public
  • Prevent fraud or illegal activity

What We Do NOT Do:

  • ❌ We do NOT sell your personal information to data brokers
  • ❌ We do NOT share your specific financial data with advertisers
  • ❌ We do NOT provide third parties access to your data for their own marketing without your consent

Artificial Intelligence (AI) Features

What AI Does in Our App

FinFloe uses AI to provide Premium Plan users with:

  1. Spending Pattern Analysis – Identifies trends in your expenses
  2. Budget Recommendations – Suggests optimal budget allocations
  3. Bill Payment Reminders – Predicts upcoming bills based on patterns
  4. Investment Suggestions – Offers general financial advice (not personalized investment advice)
  5. Expense Categorization – Auto-suggests categories for transactions
  6. Financial Goal Tracking – Monitors progress toward savings goals
  7. Predictive Analytics – Forecasts future spending and income

How We Process Your Data with AI

Privacy-First Approach:

  1. Anonymization: Before sending data to AI providers (Anthropic, Google), we remove personally identifiable information:
    • Your name, email, phone number are stripped
    • Data is aggregated (e.g., "User spent $500 on groceries" vs. "John Doe spent $500 at Whole Foods")
  2. AI Providers We Use:
    • Anthropic (Claude) – Via Open Router API or direct API
    • Google AI – For specific AI models
    • These providers process data according to their privacy policies and contractual agreements
  3. No Long-Term Storage by AI Providers:
    • AI providers do not store your data permanently
    • Queries are processed in real-time and then discarded
  4. Data Minimization:
    • We only send the minimum data necessary for AI to generate insights

Opting Out of AI Features

Basic Plan users do NOT have access to AI features – Your data is never sent to AI providers.

Premium Plan users:

  • AI features are a core part of the Premium Plan
  • You cannot opt out of AI processing while remaining on the Premium Plan
  • To opt out: Downgrade to the Basic Plan or cancel your subscription

Compliance with AI Privacy Laws

Our AI practices comply with:

  • Canada's PIPEDA – AI processing is done with your consent and for legitimate purposes
  • Canadian principles for responsible AI (Office of the Privacy Commissioner)
  • U.S. state AI laws (e.g., California AI transparency requirements)

Cookies and Tracking Technologies

Mobile App Tracking

We do NOT use cookies in the mobile App (cookies are a web technology).

However, we use similar mobile tracking technologies:

  1. Analytics SDKs: Supabase Analytics tracks in-app behavior
  2. Advertising IDs: We collect Apple IDFA (iOS) and Google Advertising ID (Android) for marketing purposes
  3. Device Identifiers: Unique device IDs for authentication and fraud prevention

Managing Tracking on Mobile

iOS (Apple):

  • Go to Settings > Privacy & Security > Tracking
  • Toggle off Allow Apps to Request to Track
  • This limits our ability to use your IDFA for advertising

Android (Google):

  • Go to Settings > Google > Ads
  • Enable Opt out of Ads Personalization
  • Or reset your Advertising ID

Note: Disabling tracking will not affect core App functionality, but may result in less relevant ads.

Affiliate Marketing and Financial Product Offers

Transparency About Affiliate Relationships

Important Disclosure:

FinFloe earns revenue through affiliate partnerships with financial product providers. This means:

  1. We promote credit cards, bank accounts, investment apps, and other financial products within the App
  2. If you click on an offer and are approved or make a purchase, we earn a commission
  3. This does NOT increase the price you pay – You receive the same terms as applying directly
  4. Your decision to use an affiliate offer is completely voluntary

How Affiliate Offers Work

  • Dynamic Offers: The offers you see may change over time based on our partnerships
  • Personalization: We may show you offers relevant to your financial profile (e.g., if you track credit card expenses, you might see credit card offers)
  • Third-Party Privacy Policies: When you click on an offer, you leave the FinFloe App and are subject to the affiliate partner's privacy policy

Our Commitment

  • We only promote products we believe may benefit our users
  • We clearly label affiliate offers (e.g., "Partner Offer," "Sponsored")
  • We do NOT share your FinFloe financial data with affiliate partners unless you explicitly provide it to them

Compliance

Our affiliate practices comply with:

  • Canada's Advertising Standards (ASC) – Disclosure and transparency requirements
  • U.S. Federal Trade Commission (FTC) – Endorsement and disclosure guidelines

Data Retention

How Long We Keep Your Information

Active Accounts:

  • We retain your personal and financial data for as long as your account is active
  • You can delete specific data (e.g., old transactions) within the App at any time

Deleted Accounts:

  • When you delete your account, we retain your data for 6 months to 2 years after deletion for:
    • Legal and regulatory compliance (tax, accounting)
    • Fraud prevention and security
    • Resolving disputes
  • After this period, your data is permanently deleted or anonymized

Specific Retention Periods:

  • Financial transaction data: Up to 2 years after account deletion (for potential tax audits)
  • Account information: 6 months after deletion
  • Analytics data: Anonymized and retained indefinitely for research and improvement

Requesting Immediate Deletion

You may request immediate deletion of your data by contacting privacy@finfloe.com. We will comply unless we have a legal obligation to retain certain data.

Data Security

How We Protect Your Information

We implement industry-standard security measures, including:

  1. Encryption:
    • In transit: All data is encrypted using TLS/SSL (HTTPS)
    • At rest: Data stored in Supabase is encrypted
  2. Authentication:
    • Passwords are hashed using bcrypt (never stored in plain text)
    • Device-level biometric unlock (Face ID, Touch ID, fingerprint) is handled by your device – we do NOT collect biometric data
  3. Access Controls:
    • Only authorized FinFloe personnel can access user data, and only when necessary (e.g., customer support)
    • Role-based access controls (RBAC) limit data access
  4. Secure Infrastructure:
    • Hosted on Supabase (built on AWS, which holds SOC 2 and ISO 27001 certifications)
    • Regular security audits and vulnerability assessments
  5. Monitoring:
    • We monitor for suspicious activity and potential security breaches

Limitations

No system is 100% secure. Despite our efforts, we cannot guarantee that your information will never be accessed, disclosed, altered, or destroyed due to a breach of security. You use the App at your own risk.

Your Responsibility:

  • Use a strong, unique password
  • Enable device lock (PIN, biometric)
  • Do not share your account credentials

Children's Privacy

The FinFloe App is not intended for individuals under 18 years of age (or the equivalent age as specified by law in your jurisdiction).

We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@finfloe.com. We will promptly delete such information.

YOUR PRIVACY RIGHTS

Depending on where you live, you may have certain rights regarding your personal information.

For Canadian Residents (PIPEDA)

You have the right to:

  1. Access: Request a copy of the personal information we hold about you
  2. Correction: Request corrections to inaccurate or incomplete information
  3. Portability: Request your data in a portable format (e.g., CSV, JSON) – *Currently not available in-app; contact support*
  4. Withdraw Consent: Withdraw your consent to data processing at any time
  5. Delete: Request deletion of your personal information
  6. Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/)

How to Exercise Your Rights:

  • In-App: Some data can be edited or deleted directly in the App
  • By Email: Contact support@finfloe.com or privacy@finfloe.com with your request

For U.S. Residents

See Section 14: U.S. State Privacy Rights below for detailed state-specific rights.

Opt-Out Rights

Marketing Emails:

  • Click the "Unsubscribe" link in any marketing email
  • Or contact support@finfloe.com to opt out

Targeted Advertising:

  • Disable tracking on your device (see Section 7: Cookies and Tracking Technologies)
  • Opt out of interest-based ads: http://optout.aboutads.info/ (U.S.) or http://youronlinechoices.ca/ (Canada)

AI Processing:

  • Downgrade to Basic Plan (AI features are only available on Premium Plan)

Data Sharing with Advertisers:

  • Contact privacy@finfloe.com to request that we stop sharing your data with advertising partners for audience building
  • Note: This may affect our ability to provide you with the App if advertising revenue is critical to our business model

Do Not Track

Some web browsers and mobile operating systems have a "Do Not Track" (DNT) feature that signals websites/apps not to track users.

Our Response to DNT Signals:

  • There is currently no universal standard for how to interpret DNT signals
  • We do not currently respond to DNT signals in the mobile App
  • However, you can manage tracking through device settings (see Section 7)

California DNT Disclosure:

California law requires us to disclose how we respond to DNT signals. As stated above, we do not respond to DNT signals at this time.

U.S. STATE PRIVACY RIGHTS

If you are a resident of certain U.S. states, you may have additional privacy rights under state laws, including:

  • California (CCPA/CPRA)
  • Virginia (VCDPA)
  • Colorado (CPA)
  • Connecticut (CTDPA)
  • Utah (UCPA)
  • Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas (various state laws)

Your Rights Under U.S. State Laws

You may have the right to:

  1. Know: What personal information we collect, use, and share
  2. Access: Request a copy of your personal information
  3. Correct: Request correction of inaccurate information
  4. Delete: Request deletion of your personal information
  5. Portability: Receive your data in a portable format
  6. Opt-Out: Opt out of:
    • Sale of personal information (Note: We do not "sell" data to data brokers, but sharing with advertisers may qualify as a "sale" under some laws)
    • Sharing for targeted advertising
    • Automated decision-making/profiling (if applicable)
  7. Non-Discrimination: We will not discriminate against you for exercising your rights

Categories of Personal Information (Last 12 Months)

Category Examples Collected Shared with Third Parties
A. Identifiers Name, email, phone, user ID, device ID ✅ YES ✅ YES (hashed/anonymized)
B. Financial Information Income, expenses, bills, account names ✅ YES ❌ NO (except anonymized for AI)
C. Internet/Network Activity App usage, clicks, session data ✅ YES ✅ YES (analytics partners)
D. Geolocation Data City/region (from IP) ✅ YES ❌ NO
E. Inferences Financial patterns, preferences ✅ YES ✅ YES (anonymized for ads)
F. Sensitive Personal Information Financial account data ✅ YES ❌ NO (except anonymized for AI)

Business Purpose for Collection

We collect this information to:

  • Provide financial tracking and budgeting services
  • Generate AI insights (Premium Plan)
  • Improve App functionality
  • Communicate with you
  • Market our services
  • Show relevant affiliate offers

Third Parties We Share With

  • Service Providers: Supabase, Anthropic, Google AI, RevenueCat, Apple, Google
  • Advertising Partners: Meta, Google Ads, TikTok, LinkedIn, Reddit, Twitter/X
  • Affiliate Partners: Financial product providers (only when you click on offers)

"Sale" or "Sharing" of Personal Information

We do NOT sell your personal information to data brokers.

However, under some U.S. state laws, sharing data with advertising partners for targeted advertising may be considered a "sale" or "sharing."

In the past 12 months, we have shared the following for targeted advertising:

  • Hashed email addresses
  • Device identifiers (IDFA, Advertising ID)
  • Aggregate usage data

Categories of Third Parties:

  • Ad Networks (Meta, Google, TikTok, LinkedIn, Reddit, Twitter/X)

How to Exercise Your Rights

Submit a Request:

  1. Email: privacy@finfloe.com
  2. Subject: "Privacy Rights Request – [Your State]"
  3. Include:
    • Your full name and email associated with your FinFloe account
    • The specific right you wish to exercise (access, delete, opt-out, etc.)
    • Your state of residence

Verification:

  • We will verify your identity by asking for information that matches our records (e.g., email, phone, account details)
  • For deletion requests, we may require additional verification

Authorized Agent:

  • You may designate an authorized agent to make a request on your behalf
  • The agent must provide written proof of authorization

Response Time:

  • We will respond within 45 days (may extend by 45 days if needed, with notice)

Opt-Out of "Sale" or "Sharing"

To opt out of targeted advertising:

  1. Disable tracking on your device (see Section 7)
  2. Email privacy@finfloe.com with "Opt Out of Targeted Advertising" in the subject line

Appeals (for Certain States)

If we deny your privacy request, you may appeal by emailing privacy@finfloe.com with "Appeal" in the subject line. We will respond within the timeframe required by law.

If your appeal is denied, you may contact your state attorney general to file a complaint.

California-Specific Disclosures

California "Shine the Light" Law:

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact privacy@finfloe.com.

California Minors:

If you are a California resident under 18 and wish to remove content you posted, contact support@finfloe.com. Note: Removal does not ensure complete deletion if the content has been shared by others.

International Data Transfers

FinFloe is based in Canada. If you use the App from outside Canada, your information may be transferred to and processed in:

  • Canada (our primary operations)
  • United States (cloud hosting via Supabase/AWS, AI providers)

Data Protection:

  • We ensure that third-party service providers comply with applicable data protection laws
  • Data transferred to the U.S. is protected under contractual safeguards (e.g., Standard Contractual Clauses)

Your Consent:

By using the App, you consent to the transfer of your information to Canada and the U.S.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App features.

When we make material changes:

  1. We will update the "Last updated" date at the top
  2. We will notify you by:
    • Posting a prominent notice in the App
    • Sending you an email notification (if we have your email)
    • Displaying an in-app alert upon your next login

Your Continued Use:

Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

FinFloe Inc.
300 McNicoll Ave.
North York, Ontario M2H 2C7
Canada

Email:
- Privacy inquiries: privacy@finfloe.com
- General support: support@finfloe.com

For Privacy Complaints:

Canada:

  • Office of the Privacy Commissioner of Canada
  • Website: https://www.priv.gc.ca/
  • Phone: 1-800-282-1376

United States:

  • Contact your state attorney general's office or the Federal Trade Commission:
  • Website: https://www.ftc.gov/
  • Phone: 1-877-FTC-HELP (1-877-382-4357)

Related Policies

  • Website Privacy Policy – For visitors to finfloe.com
  • Terms of Service – Legal terms for using the FinFloe App
  • Cookie Policy – Details about cookies on our website (optional separate document)

Acknowledgments

This Privacy Policy complies with:

  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Quebec: Law 25 (modernization of privacy laws)
  • United States: State privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, and others)
  • Advertising Standards: Canadian Code of Advertising Standards, U.S. FTC guidelines
  • Platform Requirements: Apple App Store privacy requirements, Google Play Store privacy requirements

Last Reviewed: October 19, 2025

End of Mobile App Privacy Policy