1. Introduction
Welcome to Fluosy ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services.
By using Fluosy, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
2.1 Account Information
- Email address - Used for account creation and communication
- Name - Used for personalization (optional)
- Password - Stored securely using industry-standard hashing
2.2 Financial Data (User-Provided)
- Transaction records (income, expenses)
- Account/treasury balances
- Categories and subcategories
- Currency preferences
- Zakat calculations and tracking data
- Notes and descriptions
2.3 Technical Information
- Device type and operating system
- App version
- General usage statistics (anonymized)
🔒 Important: Zero-Knowledge Architecture
Your sensitive financial data is encrypted using Zero-Knowledge Encryption. This means your data is encrypted with your personal password before it reaches our servers. We cannot read, access, or decrypt your financial information - only you can.
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain our services
- Create and manage your account
- Process and display your financial data
- Calculate Zakat obligations based on your data
- Convert currencies using current exchange rates
- Send important service notifications
- Improve our application and user experience
- Respond to your inquiries and support requests
4. Data Security & Encryption
🛡️ AES-256 Encryption
🔐 Zero-Knowledge Architecture
🔑 User-Controlled Keys
We implement robust security measures to protect your information:
4.1 Zero-Knowledge Encryption
- Your financial data is encrypted on your device using your password
- Encryption keys are derived from your password and never stored on our servers
- Our servers only store encrypted data that we cannot decrypt
- Even in the event of a data breach, your financial information remains protected
4.2 Technical Security Measures
- AES-256 encryption for all sensitive data
- Secure HTTPS connections for all data transmission
- Regular security audits and updates
- Secure password hashing using industry-standard algorithms
- JWT-based authentication with secure token handling
4.3 What This Means for You
Because of our zero-knowledge architecture:
- If you forget your encryption password, we cannot recover your encrypted data
- We cannot comply with requests to provide your decrypted financial data to any third party
- Your financial privacy is mathematically guaranteed
5. Data Sharing
We do not sell, trade, or rent your personal information to third parties.
We may share limited information only in the following circumstances:
- With your consent - When you explicitly authorize us to share information
- Legal requirements - If required by law, court order, or governmental authority
- Service providers - With trusted third-party services that help us operate our application (e.g., hosting providers), under strict confidentiality agreements
📊 Note on Encrypted Data
Even if compelled by legal process, we can only provide encrypted financial data. Without your password, this data is unreadable and unusable.
6. Third-Party Services
Fluosy integrates with the following third-party services:
6.1 Google Sign-In (Optional)
- Used for convenient account authentication
- We receive your email address and name from Google
- We do not access your Google contacts, files, or other data
- Google's Privacy Policy: https://policies.google.com/privacy
6.2 Currency Exchange Rates
- We fetch current exchange rates from third-party APIs
- No personal information is shared with these services
6.3 Gold Price Data
- Used for Zakat Nisab calculations
- No personal information is shared with these services
7. Your Rights
You have the following rights regarding your personal data:
7.1 Access & Portability
- View all your data within the application
- Export your data in standard formats
7.2 Correction
- Update your account information at any time
- Edit or modify any financial records you've created
7.3 Deletion
- Delete individual records or categories
- Request complete account deletion
- Upon account deletion, all your data is permanently removed from our servers
7.4 Withdraw Consent
- Disconnect third-party sign-in methods
- Opt out of non-essential communications
8. Data Retention
We retain your data as follows:
- Active accounts: Data is retained as long as your account is active
- Account deletion: All data is permanently deleted within 30 days of account deletion request
- Backup retention: Encrypted backups may be retained for up to 90 days for disaster recovery purposes
9. Children's Privacy
Fluosy is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete such information from our servers.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top of this policy
- Sending an email notification for significant changes
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of Fluosy after any modifications indicates your acceptance of the updated policy.