← Back

Privacy Policy

Last updated: July 4, 2026

1. Introduction

This Privacy Policy explains what information Cash Flow ("Cash Flow", "we", "us", or "our") collects when you use our website and application (the "Service"), how we use and store it, and the choices you have. By creating an account or using the Service, you acknowledge and consent to the collection, use, and storage of your information as described in this policy.

2. Information We Collect

We collect the following categories of information:

  • Account information you provide, such as your name, email address, and password (stored only in hashed form). If you sign in with Google, we receive your basic Google profile information.
  • Financial and transaction data that you import or enter, including CSV files, account balances, categories, and cash-flow records. This data is stored on our servers so we can provide the Service to you.
  • Usage data generated as you use the Service, such as pages viewed, features used, device and browser information, and log data including IP address.
  • Payment information, which is collected and processed by Stripe. We do not store full payment card numbers ourselves; we retain only limited billing metadata such as your subscription status and the last four digits of your card.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and secure the Service;
  • Process payments, manage subscriptions, and send billing-related communications;
  • Store and display the financial data you import so you can view and analyze it;
  • Respond to your requests and provide customer support;
  • Monitor, diagnose, and fix errors and improve the Service; and
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use your financial data for advertising.

4. Data Storage & Consent

By using the Service, you understand and agree that we store the information described above, including the account details and financial data you provide, on our servers and those of our infrastructure providers. We retain this information for as long as your account is active and as needed to provide the Service.

5. Cookies & Tracking

We use cookies and similar technologies that are necessary to operate the Service — for example, to keep you signed in and to remember your preferences. We may also use privacy-respecting analytics to understand how the Service is used. You can control cookies through your browser settings, though disabling essential cookies may prevent parts of the Service from working.

6. Third-Party Services

We rely on the following third parties to operate the Service, each of which processes data under its own privacy policy:

  • Stripe — payment processing and subscription billing.
  • Google — optional sign-in via Google OAuth.
  • Sentry — error tracking to help us diagnose and fix issues.

7. Data Retention

We retain your account and financial data for as long as your account remains active. When you delete your account, we delete or anonymize your personal and financial data within a reasonable period, except where we are required to retain certain records (for example, billing and tax records) to comply with our legal obligations.

8. Your Rights

Depending on where you live (including under the California Consumer Privacy Act and similar laws), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at support@rdooley.dev. We will not discriminate against you for exercising these rights.

9. Data Security

We take reasonable technical and organizational measures to protect your information, including encryption in transit, hashed passwords, and access controls. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

Questions about this policy? Contact us at support@rdooley.dev.