Privacy Policy

Last updated: August 16, 2025

1. Introduction

Floosy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking application and related services.

2. Information We Collect

Personal Information

  • Name and email address (when you create an account)
  • Profile information you choose to provide
  • Authentication data from third-party providers (Google, Apple)

Financial Information

  • Transaction data you manually enter or input via voice/chat
  • Account names and balances you create
  • Categories and tags for your expenses
  • Receipt images you upload (processed locally when possible)

Usage Information

  • Device information and identifiers
  • Log data and analytics
  • Voice recordings (temporarily, for processing only)
  • Chat messages with our AI assistant

3. How We Use Your Information

We use your information to:

  • Provide and maintain our expense tracking services
  • Process your transactions and maintain your financial records
  • Convert voice commands and chat messages into expense entries
  • Generate insights and analytics about your spending
  • Send you important updates and notifications
  • Improve our AI models and service quality
  • Respond to your support requests

4. Device Permissions

We request access to certain device features only when necessary:

  • Microphone: We access your device microphone only when you explicitly tap the voice command button. Audio is processed immediately by OpenAI Whisper, converted to text, and the audio is not stored on our servers.
  • Camera: Camera access is requested only when you choose to scan a receipt. The image is processed to extract transaction data and then deleted from our servers after processing.
  • Notifications: With your permission, we send push notifications for important account activities and reminders you've set.

You can manage these permissions at any time through your device settings.

5. Data Storage and Security

Your data is stored securely using industry-standard encryption:

  • All data is encrypted in transit using TLS/SSL
  • Sensitive data is encrypted at rest in our databases
  • We use secure cloud infrastructure providers
  • Regular security audits and updates
  • No direct bank connections - we never access your bank accounts

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share your data only in these circumstances:

  • Service Providers: With trusted third parties who assist us (e.g., cloud hosting, payment processing)
  • AI Processing: Voice and chat data is processed by OpenAI Whisper (speech-to-text) and OpenAI GPT-4 (transaction parsing)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with a merger or acquisition
  • With Your Consent: When you explicitly agree to sharing

7. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services:

  • Active account data: Retained while account is active
  • Deleted account data: Removed within 30 days of deletion request
  • Backup data: Retained for up to 90 days in secure backups
  • Legal obligations: Some data may be retained longer if required by law
  • Voice recordings: Deleted immediately after processing

To request account deletion, contact us at privacy@floosy.ai

8. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Restriction: Request limited processing of your data
  • Withdraw Consent: Withdraw consent for data processing at any time

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Data hosted on Vercel's global infrastructure
  • All transfers comply with applicable data protection laws
  • We use standard contractual clauses where required
  • Third-party processors are bound by confidentiality agreements

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze usage patterns to improve our service
  • Provide security features and detect fraud

You can control cookies through your browser settings. Disabling cookies may limit some features.

11. Children's Privacy

Floosy is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover we have collected data from a child under 16, we will promptly delete it. If you believe we have information from a child under 16, please contact us.

12. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for specific purposes
  • Contract: To fulfill our service agreement with you
  • Legitimate Interests: To improve and secure our services
  • Legal Obligations: To comply with applicable laws

13. Marketing Communications

We may send you marketing communications about our services if you have opted in. You can unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in account settings
  • Contacting us at privacy@floosy.ai

We will always send you essential service communications regardless of marketing preferences.

14. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what information was involved
  • Explain steps we're taking to address the breach
  • Offer guidance on protecting yourself
  • Report to relevant authorities as required by law

15. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes
  • Requesting consent where required by law

17. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact our Data Protection Officer:

  • Email: privacy@floosy.ai
  • Website: https://floosy.ai
  • Address: Black and White Tech, LLC
    12856 N Highway 183 Ste B #1390
    Austin, TX, 78750 United States