Privacy Policy

1. Introduction

PayFlow Planner ("we," "our," or "us") is a personal finance management application operated by Kenneth Solomon. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at payflowplanner.com and our mobile application (collectively, the "Service").

2. Information We Collect

Account Information

• Email address (required for account creation)
• Display name (optional)
• Password (hashed, never stored in plain text)

Financial Data

• Income entries, expenses, and transaction records you create
• Wallet/account names and balances
• Budget and savings goal configurations
• Debt tracking details (lender names, amounts, payment schedules)
• Categories and tags you create

All financial data is entered manually by you. We do not connect to your bank accounts or automatically import transactions.

Payment Information

Subscription payments are processed by Stripe. We do not store your credit card number or payment method details. Stripe handles all payment data in compliance with PCI DSS standards.

Usage Data

• Pages visited and features used (via PostHog analytics)
• Device type, browser, and operating system
• Error reports (via Sentry, anonymized)

3. How We Use Your Information

• Provide, maintain, and improve the Service
• Process subscriptions and manage your account
• Send transactional emails (payment reminders, password resets, account confirmations)
• Monitor and fix errors and performance issues
• Understand how features are used to guide product development

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Supabase's cloud infrastructure with the following protections:

• Row Level Security (RLS) ensures users can only access their own data
• All data is encrypted in transit (TLS/HTTPS) and at rest
• Authentication via secure, cookie-based sessions
• Optional two-factor authentication (TOTP)
• Passwords are hashed using bcrypt

5. Third-Party Services

We use the following third-party services:

• Supabase — Database, authentication, and backend infrastructure
• Stripe — Payment processing for subscriptions
• PostHog — Product analytics (privacy-friendly, EU-hosted)
• Sentry — Error monitoring and performance tracking
• Mailtrap — Transactional email delivery
• Vercel — Web application hosting

Each service processes data in accordance with their own privacy policies.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (expenses, income, wallets, budgets, debts, and settings) is permanently removed within 30 days. Stripe payment records are retained as required by financial regulations.

7. Your Rights

You have the right to:

• Access and export your data (PDF, Excel, CSV exports available in-app)
• Correct inaccurate information (edit any record in-app)
• Delete your account and all associated data (Settings → Account → Delete Account)
• Opt out of analytics tracking (disable in browser settings or use an ad blocker)

8. Cookies

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies. PostHog analytics uses a first-party cookie for session tracking which can be blocked without affecting core functionality.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or your data, contact us at: support@payflowplanner.com