Last updated: March 27, 2026
Privacy-First Design
VitaFlow is built with an offline-first architecture. Your financial data stays on your device by default. Cloud sync is optional and always under your control. We never sell your data or show ads.
Security Features
Offline-First Architecture
All your financial data is stored locally on your device using AsyncStorage. The app works 100% offline with no internet required.
Local Data Storage
Your transactions, goals, and categories are stored on your device. Data only leaves your device if you explicitly enable cloud sync.
Secure Authentication
We use JWT tokens for secure authentication. Sensitive data like auth tokens are stored in SecureStore, not regular storage.
Your Own AI API Key
The AI assistant uses your own API key, stored locally. Your financial conversations go directly to your chosen AI provider, not through our servers.
Optional Cloud Sync
Cloud sync is entirely optional. When enabled, your data is encrypted in transit and stored securely on our servers.
No Data Selling
We never sell, share, or monetize your financial data. Your privacy is not a product.
Privacy Policy
Data We Store Locally
VitaFlow stores the following data on your device: transactions (type, amount, category, date, notes), financial goals (title, target, progress, deadline), custom categories (name, icon, color), app preferences (currency, theme), Friends and Splits metadata you view in the app, and AI chat history. This data never leaves your device unless you enable cloud sync or you use online features like Friends/Splits that require server communication.
Data We Collect (With Cloud Sync)
If you create an account and enable cloud sync, we store: your email address, encrypted password hash, device information for multi-device sync, and your synced financial data. We use this data solely to provide the sync service.
Friends & Social Features
If you use Friends, we process identifiers needed to connect you with other users (such as name, email address, VitaFlow ID, and profile/avatar information if provided). When you send or accept a friend request, the other user may see basic profile information (for example your name and avatar, if set) and your connection status. We do not share your personal financial transactions with friends unless you choose to include them in a Split.
Splits & Shared Expenses
If you create or join a Split, the Split’s participants can see the information you enter for that Split, such as: title, total amount, each participant’s share, notes/description, timestamps, and settlement status. This is necessary for the feature to work. Only participants you add (or who join via an invite/join flow) can access Split details. Please do not include sensitive information in Split notes.
AI Assistant Privacy
The AI financial assistant requires you to provide your own API key from Groq. Your API key is stored locally on your device. When you chat with the AI, messages are sent directly to your chosen provider. We do not store or have access to your AI conversations.
Analytics & Tracking
VitaFlow does not include third-party analytics, tracking pixels, or advertising SDKs. We do not track your behavior, collect device identifiers, or build user profiles. The only analytics are for crash reporting to improve app stability.
Data Security
Local data is stored using React Native AsyncStorage, which uses the device's native secure storage mechanisms. Authentication tokens are stored in SecureStore (Keychain on iOS, EncryptedSharedPreferences on Android). Cloud sync data is encrypted in transit using TLS/HTTPS.
Your Rights
You have full control over your data. You can: export your data as a PDF report, delete your account and all cloud data at any time, disable cloud sync to keep data local only, and clear local app data through your device settings. You can also manage Friends (accept/reject/remove) and leave or delete Splits where supported by the feature.
Data Retention
Local data remains on your device until you delete it or uninstall the app. If you use cloud sync and delete your account, your cloud data is permanently deleted within 30 days. Backups you create are retained according to your selected backup duration.
Third-Party Services
VitaFlow integrates with: AI providers (OpenAI, Anthropic, etc.) when you use the AI assistant with your own API key, and our backend server when you enable cloud sync. Each service has its own privacy policy that applies when you use those features.
Children's Privacy
VitaFlow is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you are a parent and believe your child has used the app, please contact us.
Contact Us
If you have questions about privacy or security, contact us at thandermughal@gmail.com. We are committed to transparency and will respond to your inquiries promptly.