This Privacy Policy explains what information Cashflow collects, how it is used, and what choices you have. It covers both this website (cashflow.ndl.cc) and the Cashflow mobile applications for iOS and Android.
Who we are
For the purposes of this Privacy Policy and the Terms of Service, “we”, “us”, and “our” refer to William Tyler, the developer of Cashflow, and any successor or assign — that is, any person or entity to whom he sells or otherwise transfers his rights in the Cashflow software. This definition applies to any such successor or assign.
The Cashflow mobile apps are check register and account ledger applications for iOS and Android. cashflow.ndl.cc is the marketing and support site for those apps.
If you have questions about this policy or about data we hold, open Cashflow on your device and go to Settings → Send Feedback to reach us.
Information the website collects
The website (cashflow.ndl.cc) does not require an account, and we do not ask you to submit personal information to view it.
We use Google Analytics 4 to count pageviews and understand which pages people read. Google Analytics sets cookies in your browser and may collect technical information such as your IP address, browser type, device type, and the pages you visit. We do not use this data to identify you personally; we use it in aggregate to improve the site.
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by blocking cookies in your browser.
We do not run advertising on the website. We do not sell or share website analytics data with third parties beyond Google itself.
Information the mobile app collects
The Cashflow mobile apps store your financial data — accounts, transactions, categories, scheduled transactions, and settings — on your device by default. Cashflow is local-first: under normal use, your financial data stays on your device and is not sent to us.
The one exception is Cloud Backup, an optional feature you turn on by signing in with a Cashflow account. When Cloud Backup is on, the app uploads an end-to-end-encrypted copy of your data to our servers, along with the email address and display name on your account. Your backups are end-to-end encrypted — we cannot read them.
This means:
- Under normal operation we cannot see your transactions, balances, or account names — even when Cloud Backup is on — because each backup is end-to-end encrypted before it leaves your device with a key that is locked by a backup password only you know. We store the locked key in your account, but we never receive your backup password.
- The only data tied to you that we hold is your account email, display name, and your end-to-end-encrypted backups (if you’ve enabled Cloud Backup).
- If your phone is lost, stolen, or wiped, the data on it is gone unless you have a backup.
The app may collect basic device-level diagnostics (for example, crash reports) through the operating system’s standard mechanisms (Apple’s TestFlight / App Store diagnostics on iOS, Google Play crash reporting on Android). These are governed by Apple’s and Google’s respective privacy policies, are aggregated, and do not include your financial data.
Backups
If you create a backup using the app’s backup feature, the backup file contains a full snapshot of your Cashflow data. You choose where the backup goes:
- Local file — written to your device’s local storage. You control where it ends up if you share it from there.
- Dropbox — if you connect Dropbox, the backup file is stored in your own Dropbox account, governed by Dropbox’s privacy terms.
- Cloud Backup (Cashflow account) — uploaded to our servers (hosted on Google Cloud) when you opt in by signing in with a Cashflow account. These backups are end-to-end encrypted before they leave your device with a key that is locked by a backup password only you know, so even though both the encrypted backup and the locked key live on our infrastructure, we never receive your backup password and so we cannot read them. Alongside each backup we store your account email address and display name so your backups can be associated with your account. We keep the latest 5 backups per device; older ones are removed automatically. All of this is deleted when you delete your Cashflow account (see the Data Deletion Request page). Access is layered: your sign-in account controls who can reach the encrypted backup and the locked key (only you, under our owner-only security rules), and your backup password unlocks the key. You restore on a device you still control or by entering your backup password on a new phone or after switching platforms. You are responsible for keeping both your sign-in account and your backup password; we suggest you do not reuse your Google or Apple account password for it. If you lose access to your account, or forget your backup password and no longer have a device that holds the unlocked key, your backups cannot be recovered — by you or by us.
For the local-file and Dropbox options, we have no access to those backup files — they live in your storage, not ours. For Cloud Backup, the encrypted backup and the locked key live on our infrastructure; because each backup is end-to-end encrypted and we never receive your backup password, we cannot read their contents under normal operation. The honest limit of that guarantee: because the encrypted backup and the locked key sit on our infrastructure, someone with administrative access to it could attempt to unlock the key by guessing your backup password — which is why a strong, non-reused password matters, and why we require minimum complexity when you set it.
Third-party services
The free version of the Cashflow app shows ads served by Google AdMob. AdMob may collect information such as your device’s advertising identifier, IP address, and general location to serve ads. You can manage ad personalization on iOS via Settings → Privacy & Security → Apple Advertising and on Android via Settings → Google → Ads. The paid version of Cashflow does not include ads or AdMob.
In-app purchases (where applicable) are processed by Apple’s App Store or Google Play, depending on your platform. Payment information goes directly to Apple or Google; we do not receive your payment details.
The website uses Google Analytics 4 for pageview measurement, as described above.
Cookies and similar technologies
The website uses cookies set by Google Analytics 4. These cookies record an anonymous identifier and information about your visit (page, duration, referrer). The mobile apps do not use cookies.
You can clear cookies, block cookies, or use a private browsing mode at any time through your browser’s settings. Doing so will not affect your ability to use the website.
Data retention
We hold the smallest amount of data we can. Google Analytics 4 data is retained for 14 months by default. Support correspondence is retained while it’s useful for resolving an open issue, and we’ll delete it on request within 30 days — see the Data Deletion Request page for the full process.
If you use Cloud Backup, we keep the latest 5 backups per device (older backups are removed automatically as new ones are made), along with your account email and display name. All of your Cloud Backup data — backups, encryption-key references, and account profile — is deleted when you delete your Cashflow account.
Children’s privacy
Cashflow is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, use Settings → Send Feedback inside the Cashflow app to contact us and we will take appropriate steps.
California residents (CCPA)
If you are a California resident, the California Consumer Privacy Act gives you the right to know what personal information we collect, to request deletion of personal information we hold about you, and not to be discriminated against for exercising those rights.
Under normal use, the Cashflow mobile apps keep your financial data on your device, so we hold little personal information tied to the app. If you use a Cashflow account with Cloud Backup, we hold your account email address, display name, and your end-to-end-encrypted backups (which we cannot read). You can delete all of that instantly from inside the app via Settings → Account → Delete Account — see the Data Deletion Request page. For data that lives only on your device, the right to delete is exercised by deleting that data on your device. For website analytics or any support correspondence you’ve sent us, use Settings → Send Feedback inside the Cashflow app to request deletion.
EU and UK residents (GDPR)
If you are in the European Union, the United Kingdom, or another jurisdiction with similar data protection law, you have rights to access, correct, delete, restrict, or object to processing of personal data we hold about you, as well as the right to data portability. Under normal use, the mobile app keeps your financial data on your device, so many of these rights are exercised by managing the data on your device. If you use a Cashflow account with Cloud Backup, the personal data we hold about you is your account email address, display name, and your end-to-end-encrypted backups (which we cannot read); you can delete all of it via Settings → Account → Delete Account (see the Data Deletion Request page). For website analytics or support correspondence, use Settings → Send Feedback inside the Cashflow app to reach us.
The legal basis for our processing of website analytics is your consent (where required) and our legitimate interest in understanding how the site is used.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the Effective Date shown at the top of this page. We encourage you to review the policy periodically.
Contact
Questions, requests, or concerns about this policy: open Cashflow on your device and go to Settings → Send Feedback to reach us.