Privacy Policy

1. Introduction

Welcome to ChauFlow. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using ChauFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, phone number, occupation, and city
• Transaction Data: Manually entered financial transactions, including amounts, dates, categories, and descriptions
• Payment Information: Payment details processed through Stripe (we do not store your full credit card information)
• Communication Data: Messages you send through our AI chat feature

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the service, and interaction patterns
• Device Information: Browser type, operating system, device type, IP address, and unique device identifiers
• Log Data: Server logs, error reports, and performance data
• Cookies: We use cookies and similar tracking technologies (see Section 8)

2.3 Analytics and Behavioral Tracking

Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to analyze how users interact with our website. Google Analytics uses cookies and similar technologies to collect information about your use of the website, including:

• Pages visited and time spent on each page
• How you arrived at our site (referral source)
• Your approximate geographic location (country/city level)
• Browser and device information
• Usage patterns and navigation paths

This information is transmitted to and stored by Google on servers in the United States and other countries. Google uses this data to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage.

Google may also transfer this information to third parties where required by law or where such third parties process the information on Google's behalf. For more information about how Google uses data, visit Google's Privacy Policy.

Meta Pixel (Facebook Pixel)

We use the Meta Pixel, a tracking technology provided by Meta Platforms, Inc. (formerly Facebook), to measure the effectiveness of our advertising campaigns, build targeted audiences for ads, and optimize our marketing efforts. The Meta Pixel allows us to:

• Track conversions from Facebook and Instagram ads
• Understand which ads led to signups and purchases
• Build custom audiences for retargeting (showing ads to people who visited our site)
• Create lookalike audiences (reaching people similar to our customers)
• Optimize ad delivery to people most likely to be interested

The Meta Pixel collects information about your interactions with our website, including:

• Pages visited and actions taken (e.g., signup, viewing pricing)
• Device and browser information
• IP address and approximate location
• Time and date of visits
• Referral source (where you came from before visiting our site)

We use both browser-based tracking (via JavaScript) and server-side tracking (Conversions API) to ensure accurate attribution even when browser tracking is blocked by ad blockers or privacy settings.

When you complete certain actions on our site (such as signing up or subscribing), we may send hashed versions of your email address and other information to Meta to match your activity with your Facebook account for advertising purposes.

Opting Out: You can opt out of interest-based advertising from Meta by visiting Facebook Ad Preferences or using the Digital Advertising Alliance's opt-out tool at aboutads.info.

For more information about how Meta collects and uses data, visit the Meta Privacy Policy and Meta Pixel documentation.

Vercel Speed Insights

We use Vercel Speed Insights to monitor and improve the performance of our website. Speed Insights collects performance metrics about page load times, user interactions, and web vitals to help us optimize your experience. This includes:

• Core Web Vitals (Largest Contentful Paint, First Input Delay, Cumulative Layout Shift)
• Page load times and performance scores
• Device type and browser information
• Geographic location (country/region level)
• Network connection type

Speed Insights data is anonymized and does not include personally identifiable information. The data is used solely for performance monitoring and optimization purposes. For more information about how Vercel handles data, visit Vercel's Analytics Privacy Policy.

2.4 Financial Data from Third Parties

• Bank Transaction Data: When you connect your bank account via Plaid, we collect transaction history, account balances, and account details
• OAuth Data: If you sign up with Google, we collect your name, email, and profile picture

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve ChauFlow's features and functionality
• Transaction Processing: To categorize transactions, identify tax deductions, and generate financial insights
• AI Features: To power our AI chat and generate personalized financial insights using OpenAI's technology
• Account Management: To create and manage your account, process subscriptions, and provide customer support
• Communication: To send you service updates, security alerts, and marketing communications (with your consent)
• Analytics & User Experience: To understand usage patterns through tools like Microsoft Clarity (session replays, heatmaps, behavioral metrics) and Google Analytics, improve user experience, and develop new features
• Marketing & Advertising: To optimize our marketing efforts, understand product popularity, and deliver relevant advertising
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

• Plaid: For bank account connections and transaction retrieval. See Plaid's Privacy Policy
• Stripe: For payment processing and subscription management. See Stripe's Privacy Policy
• OpenAI: For AI-powered features (transaction categorization, chat, insights). See OpenAI's Privacy Policy
• Supabase: For database hosting and authentication services. See Supabase's Privacy Policy
• Vercel: For application hosting, deployment, and performance monitoring (Speed Insights). See Vercel's Privacy Policy
• Microsoft Clarity: For behavioral analytics, session replays, and heatmaps to improve user experience and marketing. See Microsoft Privacy Statement
• Google Analytics: For website analytics and usage statistics. See Google's Privacy Policy

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If ChauFlow is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict access controls limit who can view your data
• Authentication: Secure authentication with password hashing and optional OAuth
• Regular Audits: We regularly review and update our security practices
• No Credential Storage: We never store your bank login credentials (handled securely by Plaid)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Upon account deletion, we delete or anonymize your data within 30 days
• Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes (e.g., tax records, dispute resolution)
• Backup Systems: Data may persist in backup systems for up to 90 days after deletion

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate personal data
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Object: Object to processing based on legitimate interests
• Right to Restriction: Restrict processing under certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Know what personal information is collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell your data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@chauflow.com or use the account deletion feature in your Settings page.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

• Essential Cookies: Required for authentication and service functionality
• Performance Cookies: Help us understand how you use the service and improve performance
• Analytics Cookies: Collect usage statistics through Google Analytics and Microsoft Clarity
• Behavioral Tracking: Microsoft Clarity uses first and third-party cookies to capture session replays, heatmaps, and behavioral metrics

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the service.

For more information about how Microsoft Clarity uses cookies and tracking technologies, please visit the Microsoft Privacy Statement.

9. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

ChauFlow is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using ChauFlow, you consent to the transfer of your information to the United States and other countries where our service providers operate.

For European users, we ensure appropriate safeguards are in place for international transfers, such as Standard Contractual Clauses approved by the European Commission.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of ChauFlow after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: