Privacy Policy

FlowCal Mobile

Effective Date: February 5, 2026

Overview

FlowCal Mobile ("the App") is a personal budget calendar that helps you track bills, income, and account balances. This policy describes what data the App collects, how it is used, and how it is stored.

Data We Collect

Account Information

Email address and password — used to create and authenticate your account.

Financial Data

Account names, types, and opening balances
Recurring bill rules (names, amounts, due dates, frequency)
Bill instances (names, amounts, due dates, paid status, paid amounts)
Starting balances and monthly totals

You enter all financial data manually or via the screenshot import feature. The App does not connect to banks, credit cards, or other financial institutions.

Photos and Camera

When you use the Scan feature, you may grant access to your device camera or photo library.
Selected images are sent to a server-side AI service (Anthropic Claude) for transaction extraction. Images are processed in real time and are not stored on our servers after processing.
Images are transmitted securely over HTTPS.

Device Storage

Authentication tokens are stored locally on your device using encrypted secure storage to keep you signed in.
Theme preference (dark/light mode) is stored locally on your device using encrypted secure storage.

How We Use Your Data

Authentication: To create your account, sign you in, and secure your data.
App functionality: To display your bills, calculate balances, and generate forecasts.
Screenshot import: To extract transaction data from images you provide. Images are sent to Anthropic's Claude API via a secure server-side function. Anthropic's data usage policies apply to this processing — see Anthropic's Privacy Policy.

We do not use your data for advertising, profiling, or marketing purposes.

Data Storage and Security

All account and financial data is stored in Supabase (cloud-hosted PostgreSQL database).
Data is protected by Row Level Security (RLS) — each user can only access their own data.
All communication between the App and backend services uses HTTPS/TLS encryption.
Authentication tokens are stored in your device's encrypted keychain.
We do not store your password in plaintext. Authentication is handled by Supabase Auth with industry-standard hashing.

Third-Party Services

Service	Purpose	Privacy Policy
Supabase	Authentication, database, server functions	supabase.com/privacy
Anthropic (Claude API)	AI-powered screenshot transaction extraction	anthropic.com/privacy
Expo	App framework and development platform	expo.dev/privacy

Data We Do Not Collect

We do not collect analytics or usage telemetry.
We do not track your location.
We do not access your contacts, microphone, or files (other than photos you explicitly select).
We do not use cookies or third-party tracking SDKs.
We do not sell or share your data with third parties for advertising.

Data Retention

Your data is retained as long as your account is active.
You can delete your account and all associated data directly from the app (Account tab → Delete Account). This immediately and permanently removes all your bills, rules, and account information.

Your Rights

You have the right to:

Access your data (visible within the App at any time)
Correct your data (editable within the App)
Delete your account and all associated data (in-app, Account tab → Delete Account)
Export your data (by request)

Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Effective Date" at the top of this document.

Contact

If you have questions about this Privacy Policy or wish to request data deletion, contact:

glacierflowfinancial@gmail.com