Privacy Policy

At FutureFlow, Inc. ("FutureFlow," "we," "us," or "our"), your privacy is not a feature — it is a fundamental right. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the FutureFlow platform and services (the "Service"). By using the Service, you agree to the collection and use of your information as described in this Policy.

1. Introduction

FutureFlow is a personal finance management platform. To provide our Service, we must process certain personal and financial information about you. We take this responsibility seriously and are committed to:

• Collecting only the data necessary to provide and improve the Service;
• Never selling your personal data to third parties;
• Never using your data to serve you third-party advertisements;
• Giving you meaningful control over your data;
• Protecting your data with industry-leading security practices.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, password (stored as a hashed value), phone number, and profile preferences;
• Identity Verification: Date of birth and last four digits of Social Security Number, required for certain verification processes (stored with encryption);
• Payment Information: Billing address and payment method details processed by our payment processor (we do not store full card numbers);
• Communications: Any messages, feedback, or support requests you send us.

2.2 Financial Data (via Plaid and Connected Accounts)

• Account balances and account numbers (masked);
• Transaction history, including merchant names, amounts, dates, and categories;
• Investment holdings, balances, and performance data;
• Credit score and credit report data (if you enable Credit Score Monitor);
• Loan and debt account balances and payment history.

This data is obtained on a read-only basis. FutureFlow cannot initiate transactions, move funds, or modify your financial accounts in any way.

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent in the app, click patterns, and interaction logs;
• Device Information: Device type, operating system, browser type and version, screen resolution, and language settings;
• Log Data: IP address, access timestamps, error logs, and crash reports;
• Location: General location derived from IP address (not GPS or precise location).

2.4 Email Data (Sub Radar Feature — Optional)

If you opt into the Email + Plaid Sub Radar feature, you authorize FutureFlow to scan your connected email account for subscription-related emails (receipts, billing confirmations, trial notices). We scan only for subscription-related patterns and do not read or store the general content of your emails. You can disconnect email access at any time from account settings.

3. How We Collect Information

• Directly from you when you register, update your profile, or contact us;
• From Plaid Technologies, Inc. when you connect your financial accounts — subject to Plaid's own privacy policy and your authorization;
• From credit bureaus through our credit score monitoring partners, only with your explicit consent;
• Automatically through cookies, web beacons, and similar technologies when you use the Service;
• From third-party analytics providers that help us understand how users interact with the Service.

4. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service: Process your connected account data, generate insights, and deliver the features you use;
• Personalize your experience: Tailor recommendations, alerts, and financial insights to your specific situation;
• Process payments: Manage your subscription and billing;
• Communicate with you: Send account alerts, product updates, security notices, and support responses;
• Improve the Service: Analyze aggregate usage patterns to enhance features and fix bugs;
• Ensure security: Detect and prevent fraud, unauthorized access, and abuse;
• Comply with legal obligations: Respond to lawful requests from authorities where required by law.

We do not use your personal financial data to train general AI models or sell insights to advertisers, lenders, or data brokers.

5. How We Share Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

• Service Providers: Trusted vendors who help us operate the Service (e.g., cloud hosting, payment processing, customer support tools), bound by confidentiality obligations and prohibited from using your data for any other purpose;
• Plaid Technologies, Inc.: As our financial data aggregation partner, subject to Plaid's privacy policy;
• Legal Requirements: If required by law, court order, or governmental authority, or to protect the rights, safety, or property of FutureFlow, our users, or the public;
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy;
• With Your Consent: In any other case where you have provided explicit consent.

6. Plaid & Third-Party Services

FutureFlow uses Plaid Technologies, Inc. to connect to your financial institutions. When you connect an account, you are also subject to Plaid's End User Privacy Policy. FutureFlow does not receive or store your banking login credentials — these are passed directly and securely to Plaid.

The Service may contain links to third-party websites. FutureFlow is not responsible for the privacy practices of those sites and encourages you to review their privacy policies.

7. Cookies & Tracking

FutureFlow uses the following types of cookies and tracking technologies:

• Essential Cookies: Required for the Service to function (authentication, session management). Cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service (e.g., page views, session duration). Used with aggregate, anonymized data only.
• Preference Cookies: Remember your settings and preferences to improve your experience.

We do not use third-party advertising cookies or tracking pixels for ad targeting.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account:

• We will delete or anonymize your personal data within 90 days of account closure;
• Certain records may be retained for up to 7 years where required by law (e.g., tax records, fraud prevention);
• Aggregate, anonymized data that cannot identify you may be retained indefinitely for analytical purposes.

9. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you;
• Correction: Update or correct inaccurate information through your account settings or by contacting us;
• Deletion: Request deletion of your personal data. You can delete your account directly in the app or by contacting us at privacy@futureflow.app;
• Data Portability: Request your data in a structured, machine-readable format;
• Opt-Out of Communications: Unsubscribe from marketing emails at any time via the unsubscribe link in any email. You cannot opt out of transactional and security notifications;
• Disconnect Financial Accounts: Disconnect any linked financial account at any time from your account settings.

To exercise any of these rights, contact us at privacy@futureflow.app. We will respond within 30 days.

10. Data Security

We take the security of your data seriously and implement the following measures:

• 256-bit AES encryption for data at rest and TLS 1.3 for data in transit;
• Multi-factor authentication (MFA) available for all accounts;
• Regular third-party security audits and penetration testing;
• SOC 2 Type II compliance for our infrastructure and operations;
• Strict access controls: FutureFlow employees can only access your data when required for support or legal compliance, and all access is logged.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. If you believe your account has been compromised, contact us immediately at privacy@futureflow.app.

11. Children's Privacy

FutureFlow is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe we may have collected information from a child under 18, please contact us at privacy@futureflow.app.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you;
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions;
• Right to Opt-Out of Sale: We do not sell personal information. You have the right to opt out of the sale of personal information, though we have nothing to opt you out of;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights;
• Right to Correct: Request correction of inaccurate personal information;
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (such as financial data) to what is necessary to provide the Service.

To submit a verifiable consumer request, email us at privacy@futureflow.app with the subject line "CCPA Request."

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or a prominent notice in the Service at least 30 days before the changes take effect. We will also update the "Last Updated" date at the top of this page.

Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree to the updated Policy, please discontinue use of the Service and delete your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

• Email: privacy@futureflow.app
• Mail: Privacy Officer, FutureFlow, Inc., 548 Market Street, Suite 12100, San Francisco, CA 94104
• Support Portal: futureflow.app/contact

We are committed to resolving privacy concerns promptly and transparently.