Privacy Policy

Last updated: October 20, 2025

1. Introduction

Floosy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking application and related services.

2. Information We Collect

Personal Information

  • Name and email address (when you create an account)
  • Profile information you choose to provide
  • Authentication data from third-party providers (Google, Apple)

Financial Information

  • Transaction data you manually enter or input via voice/chat
  • Account names and balances you create
  • Categories and tags for your expenses
  • Receipt images you upload (processed locally when possible)

Usage Information

  • Device information and identifiers
  • Log data and analytics
  • Voice recordings (temporarily, for processing only)
  • Chat messages with our AI assistant

Information We Do NOT Collect

  • Location Data: We do not collect, store, or track your GPS location or geographic coordinates
  • Bank Credentials: We never connect to or access your bank accounts
  • Credit Card Details: Payment processing is handled by Stripe; we never store your card information

Social Information

  • Usernames and display names
  • Friend connections and nicknames you assign to friends
  • Split expense details with connected friends
  • Settlement history and requests
  • In-app notification preferences
  • Contact hashes for friend discovery (only if you grant permission)

3. How We Use Your Information

We use your information to:

  • Provide and maintain our expense tracking services
  • Process your transactions and maintain your financial records
  • Convert voice commands and chat messages into expense entries
  • Generate insights and analytics about your spending
  • Send you important updates and notifications
  • Improve our AI models and service quality
  • Respond to your support requests

4. Device Permissions

We request access to certain device features only when necessary:

  • Microphone: We access your device microphone only when you explicitly tap the voice command button. Audio is processed immediately by OpenAI Whisper, converted to text, and the audio is not stored on our servers.
  • Camera: Camera access is requested only when you choose to scan a receipt or upload a profile picture. Images are processed locally when possible and deleted from our servers after processing.
  • Contacts: With your permission, we can help you find friends who use Floosy. Your contacts are hashed on your device before being sent to our servers, and we never store your raw contact information.
  • Notifications: With your permission, we send push notifications for important account activities, friend requests, split expenses, and reminders you've set.

Location: We do NOT request or collect location data. Our push notification service (OneSignal) has location tracking explicitly disabled.

You can manage these permissions at any time through your device settings.

5. Data Storage and Security

Your data is stored securely using industry-standard encryption:

  • All data is encrypted in transit using TLS/SSL
  • Sensitive data is encrypted at rest in our databases
  • We use secure cloud infrastructure providers
  • Regular security audits and updates
  • No direct bank connections - we never access your bank accounts

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share your data only in these circumstances:

Third-Party Service Providers

We use the following trusted third-party services:

  • Authentication & Database: Supabase - Manages user accounts, authentication, and stores your transaction data securely in encrypted databases.
  • Payment Processing: Stripe - Processes subscription payments. We do not store your credit card information; Stripe handles all payment data securely.
  • Push Notifications: OneSignal - Delivers notifications about friend requests, split expenses, settlements, and account activities. Only device tokens and user IDs are shared. Location tracking is explicitly disabled; we do not collect or use your geographic location for any purpose.
  • SMS Verification: Twilio Verify - Sends one-time passwords for phone number verification. Only your phone number is shared for OTP delivery, and Twilio does not use your data for marketing.
  • Email Delivery: Resend - Sends transactional emails (verification codes, password reset, account updates). Only your email address and name are shared.
  • AI Processing: Voice and chat data is processed by:
    • OpenAI Whisper: Converts voice recordings to text (audio deleted immediately after processing)
    • OpenAI GPT-4: Parses transaction data from text input
    • Claude API (Anthropic): Processes chat messages to extract and structure transaction information
  • Cloud Infrastructure: Vercel - Hosts our web application and API endpoints with enterprise-grade security and encryption.

Other Circumstances

  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with a merger or acquisition
  • With Your Consent: When you explicitly agree to sharing

7. Social Features and Friend Data

Friend Connections

You can connect with friends using usernames to split expenses and settle debts:

  • What we collect: Usernames, nicknames you assign to friends, transaction history with friends
  • Visibility: Only users who are mutually connected can see shared transaction details
  • Privacy protection: Your email address and phone number are never visible to friends

Contact Discovery (Optional)

With your permission, we can help you find friends who use Floosy:

  • How it works: Your contacts are hashed (SHA-256) on your device before being sent to our servers
  • Privacy first: We never store your raw contact information (emails or phone numbers)
  • What we return: Only usernames of registered users who match your contacts
  • Opt-in only: You can skip this feature entirely and add friends by username instead

Split Expenses

When you split an expense with a friend, they receive:

  • A notification about the split expense
  • Transaction details (amount, category, description)
  • Your nickname (if they've set one for you) or your username
  • Both parties can view the shared transaction in their history

Data Sharing with Friends

  • Visible to friends: Username, display name, avatar
  • Never visible to friends: Email address, phone number, full transaction history (only shared expenses are visible)
  • You control: Nicknames, settlement requests, which expenses to split

8. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services:

  • Active account data: Retained while account is active
  • Deleted account data: Removed within 30 days of deletion request
  • Backup data: Retained for up to 90 days in secure backups
  • Legal obligations: Some data may be retained longer if required by law
  • Voice recordings: Deleted immediately after processing

To request account deletion, contact us at privacy@floosy.ai

9. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Restriction: Request limited processing of your data
  • Withdraw Consent: Withdraw consent for data processing at any time

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Data hosted on Vercel's global infrastructure
  • All transfers comply with applicable data protection laws
  • We use standard contractual clauses where required
  • Third-party processors are bound by confidentiality agreements

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze usage patterns to improve our service
  • Provide security features and detect fraud

You can control cookies through your browser settings. Disabling cookies may limit some features.

12. Children's Privacy

Floosy is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover we have collected data from a child under 16, we will promptly delete it. If you believe we have information from a child under 16, please contact us.

13. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for specific purposes
  • Contract: To fulfill our service agreement with you
  • Legitimate Interests: To improve and secure our services
  • Legal Obligations: To comply with applicable laws

14. Marketing Communications

We may send you marketing communications about our services if you have opted in. You can unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in account settings
  • Contacting us at privacy@floosy.ai

We will always send you essential service communications regardless of marketing preferences.

15. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what information was involved
  • Explain steps we're taking to address the breach
  • Offer guidance on protecting yourself
  • Report to relevant authorities as required by law

16. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes
  • Requesting consent where required by law

18. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact our Data Protection Officer:

  • Email: privacy@floosy.ai
  • Website: https://floosy.ai
  • Address: Black and White Tech, LLC
    12856 N Highway 183 Ste B #1390
    Austin, TX, 78750 United States