Back to Settings

Privacy Policy

Last updated: March 24, 2026

Our Commitment to Your Privacy

Florin Gold ("Florin," "we," "us," or "our") operates the Florin personal finance application. We built Florin with a privacy-first philosophy: your financial data belongs to you, not to advertisers or data brokers.

We will never sell your personal or financial data. We do not share your information with third parties for marketing purposes. We do not display ads or allow advertisers to target you based on your financial data.

This Privacy Policy explains what data we collect, why we collect it, how we protect it, and your rights regarding your information. We encourage you to read it in full.

Information We Collect

Account Information

When you create a Florin account, we collect your name, email address, and a password. Your password is hashed using industry-standard algorithms and is never stored in plain text. If you enable biometric authentication (WebAuthn/passkeys), the biometric data itself never leaves your device — we only store a public key credential.

Financial Account Information

When you connect your bank accounts through Plaid, we receive and store:

  • Account details (institution name, account type, last four digits)
  • Transaction history (descriptions, amounts, dates, categories)
  • Account balances

Sensitive financial fields — including balances, transaction amounts, and descriptions — are encrypted at rest using AES-256-GCM before they are written to our database. Additionally, we use pseudonymous financial identifiers to separate your account identity from your financial records, so a database breach alone cannot link financial data back to your real identity.

Usage Information

We collect information about how you interact with Florin, such as the features you use (goals, quests, wealth tracking) and general app usage patterns. This helps us improve the product. We do not use third-party analytics trackers or advertising pixels.

How We Use Plaid

We use Plaid Technologies, Inc. ("Plaid") to securely connect to your financial institutions. Plaid is a widely used financial data intermediary trusted by thousands of financial apps.

By connecting your accounts through Plaid, you grant us and Plaid the right to access and transmit your financial information from your financial institution. We never see or store your bank login credentials — they are transmitted directly between Plaid and your financial institution.

You can disconnect any financial account at any time from your Florin settings. When you disconnect, we immediately revoke the Plaid access token and stop syncing new data. For more information, see Plaid's End User Privacy Policy.

AI-Powered Features & OpenAI

Florin offers optional AI-powered features (such as financial advice, spending insights, transaction categorization, and personalized savings quests) that use OpenAI's API to process certain data. These features are entirely opt-in — each one requires your explicit consent before activation, and you can review exactly what data is shared before opting in.

When you enable an AI feature, we send only the minimum data necessary to OpenAI. Depending on the feature, this may include category-level spending aggregates, merchant names, or anonymized financial signals. We never send your full account numbers, raw bank credentials, or complete transaction histories to OpenAI.

Per our agreement with OpenAI, data sent to their API is not used to train their models and is not retained beyond what is needed to process your request.

Our use of OpenAI is a temporary measure while we develop our own in-house AI models. We are actively building proprietary models that will allow us to power these features entirely within Florin's infrastructure, eliminating the need to send any data to a third-party AI provider. We will update this policy as that transition takes place.

You can enable or disable individual AI features at any time in your Settings under "AI Features." Disabling a feature immediately stops data from being sent to OpenAI for that feature.

How We Use Your Information

We use your information solely to:

  • Provide and maintain the Florin personal finance service
  • Display your account balances, transactions, and financial insights
  • Track your progress toward financial goals and savings quests
  • Calculate your net worth and wealth velocity trends
  • Power AI features you have explicitly opted into
  • Send you security notifications (login alerts, suspicious activity)
  • Improve the reliability and performance of the service

We do not use your data for advertising, user profiling for third parties, or any purpose unrelated to providing you with the Florin service.

How We Share Your Information

We do not sell your personal or financial information. We do not share your data with other companies for joint marketing purposes or allow third parties to market to you.

We share your information only in the following limited circumstances:

  • Plaid: To connect and sync data from your financial institutions, as described above
  • OpenAI: Only for AI features you have explicitly opted into, with minimized data as described above
  • Infrastructure providers: Our application is hosted on Railway and our database is encrypted at rest. These providers process data on our behalf under strict data processing agreements
  • Legal requirements: If required by law, subpoena, or court order, or to protect our rights, safety, or property

How We Protect Your Data

Security is central to how we built Florin. We implement multiple layers of protection:

  • Encryption at rest: Sensitive financial data (balances, transaction amounts, descriptions, Plaid tokens) is encrypted with AES-256-GCM before being stored in our database
  • Encryption in transit: All communications between your device and our servers use TLS (HTTPS)
  • Pseudonymous financial IDs: Your real user identity is separated from your financial records using encrypted pseudonymous identifiers
  • Biometric authentication: Optional WebAuthn/passkey support provides phishing-resistant login
  • Two-factor authentication: Optional 2FA with TOTP-based authenticator apps
  • Rate limiting: API endpoints are rate-limited to prevent abuse
  • Security monitoring: Automated alerting for suspicious login patterns and unusual account activity

Data Retention

We retain your data only as long as necessary to provide the service and comply with legal obligations:

  • Account and transaction data: Retained while your account is active to provide historical insights and trends
  • AI interaction history: Automatically purged after 90 days
  • Security audit logs: Retained for 365 days for security monitoring purposes
  • Wealth snapshots: Retained for up to 2 years to display long-term trends
  • Expired session tokens: Automatically purged within 1 hour

When you disconnect a bank account, we immediately revoke the connection through Plaid and stop syncing new data. Historical transaction data may be retained for your records unless you request full deletion.

When you delete your account, all personal data is permanently removed from our systems within 30 days. Plaid connections are revoked immediately.

Your Rights and Choices

You have the right to:

  • Access: View all personal and financial information we hold about you directly in the app
  • Correct: Update your information through your account settings
  • Delete: Delete your account and all associated data at any time
  • Disconnect: Remove any linked bank account at any time
  • Revoke AI consent: Disable any AI feature at any time in Settings, immediately stopping data sharing with OpenAI for that feature
  • Data portability: Request a copy of your data by contacting us

State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another state with consumer privacy legislation, you may have additional rights under applicable law, including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information.

Because we do not sell personal information and do not use it for targeted advertising, there is nothing to opt out of in this regard.

To exercise any privacy right, please contact us using the information below. We will respond to verified requests within the timeframe required by applicable law.

Children's Privacy

Florin is not intended for users under the age of 18. We do not knowingly collect information from children. If you believe a minor has provided us with personal information, please contact us immediately and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. If we make significant changes to how we use your data, we will notify you through the app before the changes take effect. Your continued use of Florin after changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please reach out:

Email: privacy@floringold.com

You can also manage your privacy settings directly in your Account Settings.