Privacy Policy
What we collect
We collect only what is necessary to run the service: your name and email address, the financial records you enter, app-usage information that does not include financial figures, device identifiers and push-notification tokens, and IP address or general region for security and fraud detection.
Third-party services
Supabase provides database and authentication infrastructure. Google Gemini powers Wisey: when you ask Wisey a question, your message and relevant financial context are sent to Google to generate a response. Google Cloud Vision or ML Kit may assist with receipt text extraction. Firebase helps us monitor crashes and reliability. Each provider receives only the data needed to provide that service.
Wisey AI
Wisey uses your messages and a summary of relevant financial context, such as balances, spending patterns, and upcoming obligations, to answer your question. You can stop using Wisey at any time without affecting the rest of your account.
Notifications and analytics
If you allow notifications, WiseFlow can send alerts such as spending summaries, bill reminders, and budget warnings. You can turn them off at any time. We also collect anonymized feature-use, crash, and performance data to improve the app; this data does not include your financial figures.
Anonymous peer benchmarks
Where available, peer benchmarks use aggregated financial metrics. Raw transactions and balances are not shared. You can opt out in the app settings.
Legal basis and automated decisions
For EU and UK users, we process data to perform our contract with you, for legitimate interests such as security and improvement, with consent for optional notifications or marketing, and where legally required. Wisey provides information and suggestions only; no decision affecting your legal rights or financial standing is made automatically. You may request human review of a specific Wisey output.
Storage, retention, and deletion
Data is stored on Supabase infrastructure hosted on AWS in the United States. Data is kept while an account is active. After account deletion, we target deletion or de-identification within 30 days, except where law or legitimate security needs require retention. Security, fraud, dispute, and compliance records may be retained for up to 180 days, and encrypted backups may persist up to 90 days.
Your rights
You can ask for access, correction, deletion, portability, or restriction/objection where applicable. California residents can request information about data collected, correction, deletion, and opt-out of sale or sharing; WiseFlow does not sell personal information. EU and UK residents may complain to their local data-protection authority.
To exercise a privacy right, email contact@wiseflowapp.com with your account email and request. We respond within 30 days.
Security and children
WiseFlow uses security measures including encryption in transit and at rest, access controls, incident-response procedures, and regular policy review. No system is completely secure. WiseFlow is not intended for anyone under 18.