Flowna uses cookies

Essential cookies keep you signed in and our API secure. We'd also like to use analytics cookies to understand how Flowna is used so we can make it better. You can change this anytime. Learn more.

FlownaBack home
Legal · Your data rights

Your data, your rights

A practical guide to exercising every right you have over the data Flowna holds on you, under the Nigeria Data Protection Act 2023 (NDPA) and, where relevant, the EU GDPR.

Last updated February 2026

We took the principle behind GDPR — that your data is yours, not ours — and applied it as our default, even though most of our users are in Nigeria where the NDPA is the primary law. This page tells you what each right means in plain English and how to use it.

The seven rights, and how to use each

1. Right to access

You can request a copy of everything we have on you — account info, every income and expense entry, every Guide chat, your subscription history, your audit trail.

How: Profile → "Export my data" → click. We send a downloadable JSON file to your email within 7 days. Free, unlimited.

2. Right to correction

Anything inaccurate (typo in your name, wrong occupation, mis-tagged expense) can be edited inside the app — you don't need our permission.

How: Profile, Activity, or just open the entry and edit. For anything you can't edit yourself, email privacy@flowna.co.

3. Right to erasure ("right to be forgotten")

You can ask us to delete your account and everything in it. We delete within 30 days, except records we are obliged to keep by Nigerian law (typically a small set of transaction logs for 7 years for AML purposes).

How: Profile → "Delete account". You'll be asked to type DELETE to confirm. There is no undo.

4. Right to data portability

Your export from right #1 is in JSON — a portable, machine-readable format — so you can move to a competitor or to your own spreadsheet without friction.

5. Right to object to processing

You can stop us using your data for anything beyond running the core service. That includes product analytics, anonymous research, and marketing emails.

How: Profile → Notifications, toggle off. Or email privacy@flowna.co for the broader objection.

6. Right to restrict processing

If you dispute the accuracy of something, or you've objected and we're still reviewing, you can ask us to pause processing while we sort it out — your account stays alive but we don't do anything with it.

7. Right to withdraw consent

Wherever we rely on your consent (marketing, optional analytics), you can withdraw any time without affecting the lawfulness of what we did before you withdrew.

Where your data lives

  • Database: MongoDB Atlas, encrypted at rest, hosted in the nearest available African region
  • Email delivery: Resend (US-based, encrypted in transit)
  • Payments: Paystack (Nigeria, PCI-DSS Level 1)
  • AI Guide: OpenAI / Anthropic — your chats are sent for inference only, not used for training, and identifiers are stripped

If you are in the EU / UK

The EU GDPR and UK GDPR also apply to you. The rights above mirror those regimes. The same email — privacy@flowna.co — handles GDPR requests. We will respond within 30 days as required by Article 12.

Complaints

If you're unhappy with how we handled your request:

  • Nigeria: Nigeria Data Protection Commission — ndpc.gov.ng
  • EU: your local Data Protection Authority
  • UK: Information Commissioner's Office — ico.org.uk

→ Contact us about anything on this page