Privacy Notice
Last updated: 7/5/2026
1. Who we are
FlowSight is the legal business name of the seller ("FlowSight", "we", "us") and is the data controller for personal data processed in connection with the FlowSight service. Contact: hello@flowsight.app.
2. Data we collect
- Account data — name, email address, hashed password, authentication provider identifiers.
- Business profile — business name, base currency, categories you configure.
- Financial data — transactions you upload or enter (date, amount, description, category, type).
- Bank & transaction data (optional) — where you link a bank account, the account name, last 4 digits, balances, and transaction history retrieved from your bank via our aggregator, Plaid.
- AI Copilot conversations — the messages you send and the assistant's replies.
- Support data — messages you send us and any attachments.
- Usage & device data — pages visited, actions taken, device identifiers, IP address, browser type, timestamps.
- Cookies — see the Cookies section below.
Payment card details are collected directly by our Merchant of Record, Paddle, and are not stored on our servers. Bank login credentials are entered directly into Plaid's secure widget and are never seen or stored by FlowSight; Plaid provides us with a revocable access token only.
3. How we use your data and legal bases
- To create and operate your account and deliver the Service — performance of a contract.
- To generate AI Copilot answers and weekly briefings using your financial data — performance of a contract.
- To secure the Service and prevent fraud, abuse and unauthorized access — legitimate interests.
- To provide customer support — performance of a contract.
- To improve the Service and understand aggregate usage patterns — legitimate interests.
- To comply with legal obligations (accounting, tax, responding to lawful requests) — legal obligation.
- To send product updates or marketing where permitted — consent, which you can withdraw at any time.
4. Who we share data with
We share personal data only with the categories of recipients listed below and only as necessary.
- Paddle — our Merchant of Record for sale of the product, subscription management, payments, tax compliance and invoicing.
- Plaid Inc. — bank account aggregator. Where you choose to link a bank, Plaid authenticates you with your bank and shares your account and transaction data with FlowSight. Governed by Plaid's End User Privacy Policy.
- Supabase — managed database and authentication hosting.
- Cloudflare — application hosting and edge delivery.
- AI model providers via the Lovable AI Gateway (e.g. Google) — to generate AI Copilot responses from your prompts and finance context. Your prompts are sent to these providers only to produce the response.
- Google — where you use Sign in with Google.
- Professional advisers — legal, accounting and other advisers, under confidentiality.
- Authorities — where required by law or to protect rights, property or safety.
5. International transfers
Your data may be processed outside the country in which you live, including in the United States and the European Union. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect transferred data.
6. Retention
We retain your account and financial data for as long as your account is active. If you delete your account we will delete or anonymize your data within 30 days, except where we are required to retain it for legal, accounting or fraud-prevention purposes. Support and billing records may be retained longer to comply with tax and accounting law.
7. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent. Users in the UK and EEA additionally have the right to lodge a complaint with a supervisory authority. To exercise these rights, email hello@flowsight.app; we will respond within one month.
8. Security
We use appropriate technical and organizational measures to protect personal data, including encryption in transit, encryption at rest for stored data, access controls, and least-privilege service credentials. No system is perfectly secure; if you suspect a security issue please email us.
9. Cookies
We use strictly necessary cookies to keep you signed in and to remember your preferences. We do not use advertising cookies. If we introduce analytics or marketing cookies in the future we will ask for your consent.
10. Changes
We may update this Privacy Notice from time to time. Material changes will be notified in-app or by email.