Legal

Privacy Policy

WalletFlow is a personal finance app. This policy explains what we collect, why, how it is protected, and the choices you have.

Last updated: June 2, 2026

Overview

WalletFlow ("WalletFlow", "we", "us") provides expense tracking, budgets, goals, and related tools across web, mobile, and a Model Context Protocol (MCP) connector. We designed WalletFlow to keep your financial data private: it belongs to you, it is isolated to your account, and we never sell it or use it for advertising.

This policy applies to the WalletFlow mobile app, the website, and the MCP connector. By using WalletFlow you agree to the practices described here.

Information we collect

We only collect what we need to run the app:

  • Account information. Your email address and an encrypted password, used to create and secure your account.
  • Financial data you enter. The accounts, transactions, amounts, currencies, categories, merchants, budgets, goals, subscriptions, debts, and notes you choose to record.
  • Receipts and attachments. Images or files you upload to a transaction. These are stored in private, per-user storage.
  • Device & notification data. If you enable notifications, a push token plus your device platform (iOS/Android) so we can deliver reminders. You can revoke this at any time.
  • Basic technical data. Standard logs (e.g. timestamps, error diagnostics) needed to operate and secure the service. We do not use third-party advertising or analytics trackers.

How we use your information

  • Provide core features: record and display your finances, compute budgets, goals, insights, and currency conversions.
  • Snapshot the exchange rate at the time of each foreign-currency transaction so historical reports stay accurate.
  • Send the notifications you opt into (e.g. upcoming bills, budget overages, goal milestones).
  • Authenticate you, keep your account secure, and prevent abuse.
  • Respond to support requests and fix problems.

We do not sell your personal data, and we do not use it for advertising or cross-app tracking.

How your information is shared

We share data only with the service providers that make WalletFlow work, and only as needed:

  • Supabase — our database, authentication, and file storage provider. Your data is stored here with per-user access controls.
  • Cloudflare — hosting and content delivery for the website.
  • Render — hosting for the MCP connector backend.
  • Expo and Apple Push Notification service / Google Firebase Cloud Messaging — to deliver push notifications to your device (only if you enable them).
  • A third-party AI provider (currently OpenAI) — only when you use the optional AI assistant. See below.
  • Currency-rate providers — public exchange-rate APIs. We send only currency codes and dates, never your personal or financial data.

We may also disclose information if required by law, or to protect the rights, safety, and security of WalletFlow and its users. If ownership of the service changes, we will keep this commitment to your data or notify you.

The AI assistant (optional)

WalletFlow includes an optional AI assistant. When you ask it a question, your question and the relevant financial context needed to answer it are sent to a third-party AI provider (currently OpenAI) for processing. If you prefer not to share information with the assistant, simply don't use that feature. Assistant answers may be inaccurate and are not financial advice.

Data retention

We keep your data for as long as your account is active. You can delete individual records at any time, or delete your entire account, which removes your personal and financial data from our systems (backups are purged on a rolling basis). To request deletion, email support@lyfty.agency.

Your rights and choices

  • Access and export your data from within the app.
  • Correct or delete any record you have entered.
  • Turn notifications on or off at any time in Settings or your device settings.
  • Delete your account and associated data.
  • Depending on where you live, you may have additional rights (e.g. under GDPR or CCPA) to access, port, restrict, or object to processing. Contact us to exercise them.

Security

Each account's data is isolated using row-level security, so one user can never read another user's data. All traffic is encrypted in transit (TLS), and access to backend systems follows least-privilege principles. No system is perfectly secure, but we work to protect your information and to respond quickly to any issue.

International data transfers

Our providers may process and store data in regions outside your own. Where required, we rely on appropriate safeguards for these transfers.

Children's privacy

WalletFlow is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their data. If you believe a child has provided us information, contact us and we will remove it.

Changes to this policy

We may update this policy as the product evolves. We will revise the "Last updated" date above and, for material changes, provide a more prominent notice.

Contact us

Questions about this policy or your data? Email support@lyfty.agency.

Take control of your money today

Join people who track smarter with WalletFlow. Free to start, built for mobile, web, and AI chat.