Legal
Privacy Policy
Last updated: 3 July 2026
We believe privacy should be written in plain English. This policy explains exactly what information we collect, why we collect it, and what we do with it. We do not sell your data. We never will.
1. Who We Are
Osusu MoneyFlow ("we", "us", "our") operates the savings circle coordination platform at osusu-moneyflow.vercel.app. We are the data controller for information collected through the Platform.
Contact us about privacy: hello@osusumoneyflow.com
2. Information We Collect
Information you give us
- Account details: your full name, email address, and optional phone number when you register.
- Profile information: an optional avatar URL if you choose to add one.
- Group activity: savings circle names, contribution amounts, currencies, payout schedules, and notes you add when marking payments.
- Communications: if you contact us by email, we retain that correspondence.
Information collected automatically
- Usage data: pages visited and features used, to help us improve the Platform.
- Device information: browser type and operating system, collected in server logs.
Information we do NOT collect
- Bank account or payment card details — all payments happen outside our Platform.
- Government ID, passport, or tax file numbers.
- Financial transaction data — we record only what members manually mark and confirm.
3. How We Use Your Information
We use your information only to operate and improve the Platform:
- To provide the service: create your account, display your groups and contribution history, and send coordination notifications.
- To send transactional emails: login codes, payment notifications, and group reminders. These are essential to the service — you cannot opt out while maintaining an active account.
- To improve the Platform: understand how features are used so we can fix issues and build better tools.
- To process subscriptions: if you upgrade to a paid plan, we pass your email to Stripe to manage billing. We do not store your card details.
- To comply with legal obligations: if required by law, court order, or regulatory authority.
We do not use your information for advertising, profiling, or sale to third parties.
4. Who We Share Your Information With
We share your information only with the following third-party services, each necessary to operate the Platform:
- Resend — email delivery provider. Your email address is passed to Resend to send you transactional emails (login codes, notifications). Resend's privacy policy: resend.com/privacy
- Stripe — payment processing for paid subscriptions. If you subscribe, your email is shared with Stripe to manage billing. Stripe's privacy policy: stripe.com/privacy
- Railway — our backend hosting and database provider. Your data is stored on Railway's infrastructure. Railway's privacy policy: railway.app/legal/privacy
- Vercel — our frontend hosting provider. Vercel's privacy policy: vercel.com/legal/privacy-policy
Within your savings circle, your name and email are visible to other members of that group. This is necessary for coordination and transparency.
We do not sell, rent, or trade your personal information to any third party for marketing or commercial purposes.
5. Data Retention
We retain your account information and group activity records for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it by law.
Group contribution records may be retained for a short period after account deletion to maintain accurate history for other group members.
6. Data Security
We take reasonable steps to protect your information, including:
- Passwords are hashed using bcrypt and never stored in plain text.
- All connections to the Platform use HTTPS encryption.
- Database connections use SSL encryption in transit.
- Access to production systems is restricted to authorised personnel only.
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
7. Cookies
Osusu MoneyFlow uses a minimal cookie footprint. We use:
- Session cookies: required for Google OAuth sign-in to work. These are temporary and deleted when you close your browser.
- Local storage: we store your authentication token in your browser's local storage to keep you signed in.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: update inaccurate information via your profile page, or by contacting us.
- Deletion: request deletion of your account and personal data.
- Portability: request your data in a machine-readable format.
- Objection: object to certain uses of your data.
To exercise any of these rights, contact us at hello@osusumoneyflow.com. We will respond within 30 days.
9. Children
Osusu MoneyFlow is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice on the Platform. Continued use after changes are posted constitutes acceptance of the updated policy.
11. Contact
For any privacy questions or requests, contact us at: hello@osusumoneyflow.com