nogaflow

Privacy Policy

Last updated: April 22, 2026 · ValleyDoesIt LLC

1. Who We Are

NogaFlow is a personal finance tracking tool operated by ValleyDoesIt LLC, an Illinois limited liability company. You can reach us at www.nogaflow.com or InfoNogaFlow@gmail.com.

We help you track spending, set budgets, manage subscriptions, and understand your cash flow. We are not a bank, broker-dealer, or financial institution.

2. What We Collect

Account data. Your email address and a hashed password (we never store your password in plain text).

Bank data via Plaid. When you connect a bank account, Plaid retrieves read-only transaction data, account balances, and institution names on our behalf. We never receive or store your banking credentials — those go directly to Plaid over an encrypted connection.

Payment data via Stripe. Subscription payments are processed by Stripe. We do not store your card number, CVV, or full billing address on our servers.

Usage data. We may collect anonymized data about features used and pages visited to improve the product. This data is not linked to your identity.

3. How We Use It

  • Operate and improve the NogaFlow service
  • Sync and display your transactions and account balances
  • Send transactional emails (account confirmation, password reset, billing receipts)
  • Generate AI-powered budget insights (Pro plan only)
  • Process subscription payments via Stripe
  • Comply with legal obligations
We do not sell your personal data. Ever.

4. Third Parties

Supabase
Database hosting and authentication. Your account data is stored in Supabase-managed PostgreSQL databases with row-level security.
Plaid
Bank account linking. Plaid retrieves read-only financial data from your institution. Subject to Plaid's own Privacy Policy.
Stripe
Subscription billing and payment processing. Subject to Stripe's Privacy Policy.
Anthropic
AI-powered financial insights (Pro plan only). Anonymized financial summaries may be sent to Anthropic's API. No personally identifiable information is included.

We share data only with the providers listed above. We do not share data with advertisers or data brokers.

5. Data Security

  • All data in transit is encrypted via HTTPS/TLS
  • Passwords are hashed using bcrypt — never stored in plain text
  • Plaid access tokens are encrypted at rest using AES-256
  • Database access is restricted using Supabase Row Level Security (RLS)
  • We use environment variables and secrets management — no credentials in source code

No system is completely secure. We encourage you to use a strong, unique password and enable two-factor authentication on your email account.

6. Your Rights

You have the right to access, correct, or delete your personal data. To exercise any of these rights:

  • Access & portability: Email us and we'll send you a copy of your data within 30 days.
  • Correction: Update your email in account settings, or email us for other corrections.
  • Deletion: Request account deletion at any time. Data is permanently deleted within 30 days.

Contact us at InfoNogaFlow@gmail.com to exercise any right.

7. Cookies

We use essential cookies only — those required to keep you logged in. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. See our Cookie Policy for the full list.

8. Children

NogaFlow is not directed at anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, email us at InfoNogaFlow@gmail.com and we will delete it promptly.

9. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. Continued use of NogaFlow after that date constitutes your acceptance of the updated policy.

10. Contact

ValleyDoesIt LLC

Email: InfoNogaFlow@gmail.com

Website: www.nogaflow.com