Privacy Policy

1. Introduction

Welcome to TCFlow ("we", "our", or "us"). TCFlow is a personal finance tracking application that helps you monitor your income, expenses, and overall cashflow. This Privacy Policy explains how we collect, use, and protect your information when you use our service at netdollar.vercel.app.

By using TCFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Information We Collect

2.1 Information from Google Sign-In

When you sign in with Google, we receive the following from Google's OAuth 2.0 service:

• Your Google account name
• Your Google account email address
• Your Google profile picture URL
• A unique Google account identifier
• OAuth access and refresh tokens (used solely to read/write your Google Spreadsheet)

2.2 Financial Data You Enter

All financial data you enter — transactions, budgets, categories, and settings — is written directly to a Google Spreadsheet in your own Google Drive. This data is never stored on our servers.

2.3 Session Data

We store a short-lived, encrypted session cookie in your browser to keep you signed in. This cookie contains your Google profile information and OAuth tokens. It expires after 7 days and is deleted when you sign out.

2.4 Server Logs

Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, pages visited, and timestamps. These logs are used for security and performance monitoring and are governed by Vercel's Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

• Authenticate you via Google OAuth 2.0
• Create and access your personal Google Spreadsheet to store your financial data
• Maintain your session so you stay signed in
• Display your name and profile picture within the app
• Provide, maintain, and improve the TCFlow service

We do not use your data for advertising, profiling, or any purpose other than providing the TCFlow service to you.

4. Data Storage and Security

4.1 Your Financial Data

Your financial data is stored exclusively in a Google Spreadsheet named "TCFlow — My Finances" in your personal Google Drive. We do not copy, cache, or retain this data on our servers. You have full ownership and control — you can view, edit, or delete the spreadsheet at any time directly in Google Sheets.

4.2 Session Security

Session cookies are encrypted using a server-side secret key, marked HttpOnly (inaccessible to JavaScript), and transmitted only over HTTPS in production. We use industry-standard practices to protect your session.

4.3 OAuth Tokens

OAuth tokens are stored only in your encrypted session cookie and are used exclusively to access your Google Spreadsheet on your behalf. Tokens are automatically refreshed when they expire and are deleted when you sign out.

4.4 No Third-Party Data Sharing

We do not sell, trade, rent, or share your personal information with any third parties, except as required by law or as necessary to provide the service (e.g., Google APIs for authentication and Sheets access).

5. Google API Services

TCFlow uses the following Google APIs:

• Google OAuth 2.0 — for authentication and identity
• Google Sheets API v4 — to read and write your financial data
• Google Drive API — to create your spreadsheet on first sign-in

TCFlow's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

We only request the minimum scopes necessary:

• userinfo.email and userinfo.profile — to identify you
• spreadsheets — to read and write your financial spreadsheet
• drive.file — to create your spreadsheet (limited to files created by TCFlow)

6. Your Rights and Choices

• Access your data: Open your "TCFlow — My Finances" spreadsheet in Google Drive at any time.
• Delete your data: Delete the spreadsheet from your Google Drive. Your data is immediately and permanently removed.
• Revoke access: Visit Google Account Permissions and remove TCFlow. This immediately revokes our access to your Google account.
• Sign out: Use the sign-out button in the app to delete your session cookie from your browser.

7. Children's Privacy

TCFlow is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of TCFlow after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: