Privacy

What stays on your device

Floo stores all sensitive financial data in a local SQLite database on your machine. This includes:

• Plaid access tokens
• Bank account details and balances
• Transaction history
• Investment holdings and securities

None of this data ever touches our server. The server acts as a stateless proxy — it forwards your requests to Plaid and returns the results directly to you.

What our server handles

We store the minimum needed for authentication and billing:

• Your name, email, and profile image from GitHub sign-in
• Stripe customer ID and subscription status
• Session data (token, expiry)
• Payment records

We do not store your Plaid access tokens, transactions, balances, holdings, or any financial data on the server.

Third-party services

• GitHub — OAuth sign-in only
• Stripe — subscription billing and payment processing
• Plaid — bank account connections (our server proxies requests but never stores your tokens)
• Vercel — hosting (standard web server logs)

No tracking

There are no analytics, no tracking pixels, no third-party scripts, and no cookies used for tracking. We don't collect usage data or behavioral information.

Data deletion

All local financial data can be cleared anytime from the app's settings. To delete your server account and associated billing data, contact us and we'll remove it.

Open source

Floo is open source. You can inspect exactly what data is stored and how it's handled in the GitHub repository.