Install Flowna on your device

Open Flowna instantly, even on spotty networks. No app store required.

Flowna uses cookies

Essential cookies keep you signed in and our API secure. We'd also like to use analytics cookies to understand how Flowna is used so we can make it better. You can change this anytime. Learn more.

FlownaBack home
Legal · Privacy

Privacy Policy

The plain-English version of how we treat your data — built around the Nigeria Data Protection Act (NDPA) 2023.

Last updated February 2026

Flowna helps you make sense of irregular income. To do that we need to handle some of your information. This page explains what we collect, why we collect it, and how you can take it back.

1. The short version

  • We never sell your data — full stop.
  • We don't hold your money. Flowna is a planning tool, not a wallet or a bank.
  • You can export or delete everything we hold on you, any time, from your profile.
  • We only collect what we genuinely need to compute your Safe-Spend number.

2. Who we are

Flowna ("we", "us", "our") is operated from Lagos, Nigeria. The data controller for the purposes of the Nigeria Data Protection Act (NDPA) 2023 is Flowna Limited. For privacy questions, write to privacy@flowna.co.

3. What we collect

Account data

Email, name, hashed password, occupation, and the role you sign up with.

Financial activity you log

Income entries, expense entries, goals, and any chat you have with the Flowna Guide. We keep these because they are the input to your Safe-Spend, Stability Score and Buffer calculations.

Usage signals

Last sign-in time, the device's user-agent on auth events, and UTM parameters from any marketing email link you click. Used for product improvement and to measure which messages are useful.

Payment data

If you upgrade to Premium, Paystack handles your card / bank / USSD details. We only store the transaction reference and outcome — never the card itself.

4. What we do not collect

  • Your bank account login or BVN — we don't connect to banks (yet).
  • Your physical location.
  • Your contact list, photos, or files.
  • Card numbers — Paystack receives those directly from your browser.

5. Why we use it

  • To run the service: compute Safe-Spend, send weekly reports, nudge you when your buffer drops.
  • To keep you safe: detect risky patterns (massive single-day spend that drains buffer) and warn you.
  • To improve the product: aggregated metrics. We never look at individual chats unless you flag one for review.
  • Legal compliance: retention for AML / fraud investigation if Nigerian regulators ever ask.

6. Who sees it

  • You — always.
  • The Flowna admin team, on a strict role-based access basis. A Support Agent can see your tickets but not your settings; a Finance admin can see billing but not your Guide chats. Every admin action is audit-logged.
  • Sub-processors we trust to run the service:
    • MongoDB Atlas — encrypted database hosting
    • Resend — transactional email delivery
    • Paystack — payment processing
    • OpenAI / Anthropic — only the chats you send to the Flowna Guide, stripped of identifiers, used only to generate the response in real time

7. How long we keep it

Your account data: as long as you have an account. Delete your account and everything is wiped within 30 days, except where Nigerian law obliges us to keep transaction records (typically 7 years).

8. Your rights under the NDPA

  • Access: request a copy of everything we hold
  • Correction: fix anything inaccurate
  • Erasure: ask us to delete
  • Portability: get a machine-readable export
  • Objection: stop us using your data for product improvement
  • Withdraw consent: for marketing emails, any time, in your profile

Most of these are one-click in your profile. For anything else, email privacy@flowna.co. We respond within 7 days. If you're not satisfied, you can complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

9. Cookies

We set a small number of cookies — some essential (to keep you signed in and protect against bots), some optional (analytics, only with your consent). The full list, with purposes and retention, is in our Cookie Policy. You can opt in or out of analytics any time from Profile → Privacy & cookies.

10. Changes

If we make a material change to this policy, we'll email everyone with an active account at least 14 days in advance. The "Last updated" date at the top tells you when the document last changed.

This page is intentionally written in plain English. It is not a substitute for legal advice and the binding text in case of a dispute is the version we will publish at flowna.co/privacy after passing legal review prior to public launch.