Privacy Policy

What we collect

To run WealthFlow we collect: your email address, your name (optional), the OAuth identifier from your linked provider (Google, if used), and every transaction, budget, financial account, savings goal, and planned outlay you create in the app.

How we use it

We use this data solely to render your dashboards, summaries, projections, and to keep your account working. We do not sell, share, or rent your data to third parties. We do not use your financial data for advertising.

Where it lives

Your data is stored in a Postgres database hosted on Railway in their primary region. The database is encrypted at rest. Transactions descriptions and notes are additionally encrypted at the application layer.

Sub-processors

• Railway — application and database hosting.
• Resend — transactional email (magic-link sign-in).
• Sentry — error tracking. We strip identifiers from events before they leave our server.
• Upstash — Redis for rate limiting (no user data stored).
• Google — only if you sign in with Google (OAuth).

Your rights

You can export all your data as JSON+CSV at any time from Settings. You can permanently delete your account and every associated row in our database from Settings → Account → Delete account. Deletion is irreversible.

Cookies

We use only essential cookies: a session cookie (so you stay signed in) and a CSRF token cookie. Both are HttpOnly, SameSite=Lax, and Secure. We do not use analytics or advertising cookies.

Contact

Questions: privacy@wealthflow.app.