Flowdue

Privacy Policy

Flowdue helps users manage cheques, subscriptions, bills, groups, payment sources, reminders, and scanned bill details. We collect only the account and app data needed to provide those features. We do not sell your data, share it with brokers, or use it for third-party advertising.

Last updated: 11 May 2026 (Firebase swap).

Data We Collect

Account data. Email address, user identifier, and sign-in provider used to create and authenticate your account.

Financial entries you enter. Dues, due dates, amounts, billing cycles, payment-source labels (such as bank name, card name, or last four digits when you choose to enter them), cheque metadata, group/folder allocation, and reminder preferences. Flowdue never asks for bank login credentials, full card numbers, or CVV codes.

Purchase history. Subscription and entitlement state is managed through RevenueCat and the Apple App Store / Google Play store SDKs. We receive purchase status, product identifiers, and renewal state — not your payment-card details.

Device identifiers and product analytics (opt-in). If you opt in to product analytics, we send anonymized event data and a device identifier to PostHog Cloud (EU region). Analytics are off by default and you can turn them on or off at any time from Settings. We do not use these identifiers to track you across other apps or websites.

Crash and performance diagnostics (opt-in). If you opt in to crash reporting, we send crash reports and basic performance traces to Firebase Crashlytics, operated by Google on its global infrastructure. These reports include the technical state of the app at the moment of the crash, an anonymized device identifier, and the app version; they do not include your financial entries. Crash reporting is off by default and you can toggle it from Settings.

Push notification token. Used only to deliver the reminders you configure.

Why We Collect It

Account data lets you sign in and recover your data across devices. Financial entries are the core of the product — without them Flowdue cannot show you what you owe or what you can spend today. Purchase history unlocks Pro features. Analytics (when opted in) help us improve the app. Diagnostics help us fix crashes. Push tokens deliver the reminders you have asked for.

Scans And Camera

When you scan a bill or other document, the camera image is processed on your device to extract text for auto-fill. The image is not uploaded or stored — only the text you choose to save when you review and submit the form is sent to your account.

Third Parties We Use

Flowdue uses Supabase for authentication and database services, RevenueCat for subscription status, Firebase Cloud Messaging (and on iOS, Apple Push Notification service) for remote reminders, exchange-rate services when currency conversion is needed, PostHog Cloud (EU region) for product analytics when you opt in, and Firebase Crashlytics for crash and performance diagnostics when you opt in. Each provider processes data under its own privacy terms; we share only the minimum data needed to provide the feature.

Data We Do Not Collect

We do not collect bank passwords, full card numbers, CVV codes, bank transaction history, precise GPS location, contacts, browsing history, or health data. We do not run third-party advertising SDKs and we do not sell your data.

Security

Data is encrypted in transit using TLS. Data at rest is encrypted by our infrastructure providers. Access to production systems is limited to authorized engineers and is audited.

Account Deletion

You can delete your account from inside the app: open Settings, then choose Delete my account and data. Once you confirm, your account enters a 30-day soft-delete window during which sign-in is blocked but the data can still be recovered if you contact support. After 30 days the account, financial entries, and related records are permanently purged from production systems. Backups are rotated and overwritten on the standard provider schedule.

You can also request deletion by writing to support@flowdue.app from the email connected to your account. See the Delete Account page for the full procedure.

Your Rights

You can request a copy of the data we hold about you, ask us to correct it, ask us to export it in a portable format, or ask us to delete it. Email support@flowdue.app from your account email and we will respond within 30 days.

Children

Flowdue is not directed at children under 13 (or under 16 in regions where that is the applicable age of digital consent). We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

Regional Acknowledgements

GDPR (EU/UK). The legal bases we rely on are performance of a contract (to provide the app), consent (for opt-in analytics and marketing emails), and legitimate interests (for diagnostics and security). EU data subjects can lodge a complaint with their local supervisory authority.

CCPA / CPRA (California). California residents have the right to know, delete, correct, and port their personal information, and to opt out of sale or sharing. Flowdue does not sell or share personal information for cross-context behavioural advertising.

UAE PDPL. For UAE residents, Flowdue is the data controller. You have rights of access, correction, deletion, and objection under the UAE Personal Data Protection Law. Contact us using the email below to exercise any of these rights.

Changes To This Policy

If we make material changes we will update the “last updated” date above and, where appropriate, notify you in-app or by email before the change takes effect.

Contact

For privacy requests, contact us at support@flowdue.app, or visit the Support page.