Table of Contents
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Third-Party Service Providers
- Data Storage and Security
- Data Retention and Deletion
- Your Rights and Choices
- Device Permissions
- Push Notifications
- Children's Privacy
- International Data Transfers
- Cookies and Tracking
- Changes to This Policy
- Contact Us
Orbit Digital LLC ("we," "us," or "our") operates the FlatFlow mobile application (the "App"), available on iOS and Android. FlatFlow is a household management tool that helps flatmates and housemates coordinate bills, chores, shopping, and more.
This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information when you use our App. It applies to all users of the App regardless of location. Please read this policy carefully before using FlatFlow. By creating an account or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
If you do not agree with the terms of this Privacy Policy, please do not access or use the App.
1 Information We Collect
We collect information that you voluntarily provide to us when you register for an account, create or join a household, use the App's features, or contact us for support. We do not collect information from third-party sources or track your activity outside of the App.
1.1 Account Registration Information
When you sign up for a FlatFlow account, we collect the following information:
- Email address — We use this as your unique login identifier, to send account verification emails, and to enable password recovery. Your email is also used as the reply-to address if you submit feedback or a support request through the App.
- Password — Your password is securely hashed and managed entirely by Firebase Authentication, a service provided by Google. We never have access to, store, or transmit your plaintext password. Firebase uses industry-standard bcrypt-based hashing to protect your credentials.
- Username — A display name you choose during registration. Your username is visible to all members of your household so they can identify you within the App.
- Profile color — During registration, you select a color that represents your avatar throughout the App. This is a visual preference stored as a hex color code (e.g., "#9333ea").
- Profile image (optional) — You may optionally upload a profile photo. If uploaded, this image is stored securely in Firebase Storage and is visible to your household members.
1.2 Household Information
FlatFlow uses a single-household-per-user architecture, meaning each user may belong to one household at a time. When you create or join a household, we collect and store:
- Household name — A name you choose for your household (e.g., "42 Oak Street").
- Member list — When members join your household, their username, profile color, and profile image are stored as part of the household record so all members can see who's in the household.
- Share code — A unique 6-character alphanumeric code generated automatically for inviting new members. You control who receives this code.
- Currency preference — The currency your household uses for bill splitting (e.g., USD, GBP, EUR), selected during setup or changed later by the household administrator.
- Household details (optional) — You and your household members may optionally add information about your living space, including:
- Property address
- WiFi network name and password
- Landlord or property manager name, phone number, and email
- Emergency contact information
- Bin collection day
- Free-form notes about the property
Important: Household details such as WiFi passwords, landlord contacts, and property addresses are visible to all members of your household. Only share information you're comfortable with all household members seeing.
1.3 Feature Data
As you use the App's features, we collect and store the data you create. All feature data is associated with your household and is visible to all household members unless noted otherwise. Below is a detailed breakdown of the data collected by each feature:
| Feature | Data Collected | Details |
|---|---|---|
| Bills | Title, amount, due date, category, split method, individual splits, payment status, notes | Categories include Gas, Electricity, Water, Internet, Rent, Groceries, Household, Subscriptions, and Other. Split methods include Equal, Custom, and Itemized. Recurring bills store frequency (Weekly, Biweekly, Monthly, Quarterly, Yearly). Optional receipt image or PDF may be attached. |
| Bill Receipts | Receipt image or PDF file, file name, file type, upload timestamp | Receipt files are stored in Firebase Storage. We store the image/PDF, a reference URL, the original file name, and the upload timestamp. Free tier households are limited to 5 receipts per month. |
| Rotas (Chores) | Rota name, description, frequency, participants, generated tasks, completion status | Rotas automatically generate tasks assigned to household members on a rotating basis. Frequencies include Daily, Weekly, Biweekly, and Monthly. Each generated task includes the assigned member, date, and completion status. |
| Nudges | Message content, category, target recipient, anonymous flag, status | Categories include Trash, Kitchen, Bathroom, Dishes, Laundry, Noise, and Other. Nudges may target a specific household member or the entire household. If sent anonymously, the sender's identity is hidden from recipients but still stored in our database for moderation purposes. |
| Shopping List | Item name, quantity, checked status, who added it | A shared list visible to all household members. Items can be checked off and the list can be cleared. |
| Kitchen & Laundry Logs | Activity type, start time, end time, duration, active status | Kitchen activities include Cooking, Coffee, Meal Prep, and Heating Food. Laundry activities include Washing, Quick Wash, Heavy Load, and Drying. Plus subscribers can also book scheduled time slots in advance, which store the scheduled time and duration. |
| Calendar Events | Event title, description, date, time, event type | Events may be user-created or automatically generated from bills (due dates), rotas (task dates), and maintenance issues. Auto-generated events link back to their source item. |
| Maintenance | Issue title, description, priority level, status, reporter | Priority levels include Low, Medium, and High. Status progresses from Open to In Progress to Completed. Free tier households are limited to 5 issues per month. |
| Notices | Title, content, pinned status, author | Household announcements that can be pinned to the top. Visible to all household members. |
1.4 Device and Technical Information
We collect the following technical information necessary to operate the App:
- Push notification token (FCM token) — When you grant notification permissions, we store a Firebase Cloud Messaging token on your user profile. This token is a unique device identifier used solely to deliver push notifications to your specific device. The token is regenerated by the operating system periodically, and we update it accordingly. We remove this token when you leave a household or when the token becomes invalid (e.g., if you uninstall the App).
- Notification badge count — We track an unread notification count on your user profile to display the correct badge number on the app icon (iOS). This count is incremented with each push notification and reset to zero when you open the App.
- Device information (support only) — When you submit a bug report, feature suggestion, or support request through the App's Settings screen, we include your device model, operating system version, and app version in the support email to help us diagnose issues. This information is only collected at the moment you submit feedback and is not passively gathered.
1.5 Subscription and Purchase Information
FlatFlow offers a premium subscription called FlatFlow Plus. If you subscribe, we store the following information about your subscription status:
- Subscription tier — Whether your household is on the Free or Plus tier.
- Subscription owner — The user ID of the household member who purchased the subscription, used to manage permissions (e.g., only the subscription owner can manage the subscription).
- Expiration date — The date and time when your current subscription period ends.
- Auto-renewal status — Whether your subscription is set to automatically renew at the end of the current billing period.
We never collect your payment details. All payment processing is handled entirely by the Apple App Store (iOS) or Google Play Store (Android) through our subscription management partner, RevenueCat. We never see, access, or store your credit card number, bank details, Apple ID password, or Google account credentials.
1.6 Usage Metrics
To enforce free tier limits, we track aggregate monthly counters per household:
- Number of bills created this month
- Number of nudges created this month
- Number of maintenance issues created this month
These counters contain only numeric totals — not the content, titles, or details of the items. Counters automatically reset at the start of each calendar month through date-based document naming.
1.7 Information We Do NOT Collect
For transparency, here is a list of information we explicitly do not collect:
- Location data (GPS, IP-based geolocation, or any location tracking)
- Contact lists or address books
- Phone call or SMS data
- Browsing history or activity outside the App
- Advertising identifiers (IDFA/GAID)
- Analytics or behavioral tracking data
- Biometric data (fingerprints, facial recognition)
- Data from other apps on your device
- Microphone or camera data (except when you explicitly capture a photo for a receipt or profile picture)
2 How We Use Your Information
We process your information only for the purposes directly related to providing and operating the FlatFlow App. Specifically, we use your information to:
- Create and authenticate your account — Your email and password are used to register your account, verify your identity, and allow you to log in securely across devices.
- Enable household coordination — All feature data (bills, rotas, nudges, shopping lists, logs, calendar events, maintenance issues, and notices) is stored and synchronized in real time so that all household members can collaborate effectively.
- Deliver push notifications — We use your FCM token to send notifications about bill due dates, chore reminders, new nudges, household membership changes, and other relevant activity. Push notifications are sent both locally (scheduled on your device) and remotely (via our cloud infrastructure).
- Process subscriptions — We use your subscription information to determine which features are available to your household and to manage transitions between free and paid tiers when subscription events occur (purchases, renewals, cancellations, and expirations).
- Enforce usage limits — Monthly usage counters are used to enforce free tier limits and to display usage warnings when you approach a limit.
- Provide customer support — When you contact us through the App, we use the information included in your feedback (email, device info, message) to investigate and respond to your request.
- Maintain and improve the App — We may use aggregated, non-identifiable information to understand general usage patterns and prioritize feature development. We do not perform individual user profiling or behavioral analysis.
We do not use your data for advertising, profiling, AI/ML training, or any purpose unrelated to operating FlatFlow.
4 Third-Party Service Providers
We rely on the following third-party services to operate FlatFlow. Each provider processes only the data necessary for its specific function:
4.1 Firebase (Google LLC)
Purpose: Core infrastructure — authentication, real-time database, file storage, cloud messaging, and serverless functions.
Data processed: All account information, household data, and feature data as described in Section 1. Firebase Authentication manages your email and hashed password. Firestore (database) stores all structured data. Firebase Storage holds uploaded profile images and bill receipts. Firebase Cloud Messaging handles push notification delivery. Cloud Functions process subscription webhooks and scheduled reminders.
Data location: United States (Google Cloud infrastructure).
Privacy policy: firebase.google.com/support/privacy
4.2 RevenueCat (RevenueCat, Inc.)
Purpose: Cross-platform subscription management for iOS and Android.
Data processed: Your Firebase user ID (to link purchases to your account), subscription purchase events (initial purchase, renewal, cancellation, expiration), product identifiers, and subscription expiration timestamps. RevenueCat communicates with our backend via a secure webhook endpoint.
Data NOT processed: RevenueCat does not receive your email, username, household data, or any feature content.
Privacy policy: revenuecat.com/privacy
4.3 Expo (650 Industries, Inc.)
Purpose: Push notification delivery and app build infrastructure.
Data processed: Device push tokens (Expo push tokens derived from FCM/APNs tokens) and notification payloads (title, body, and metadata such as notification type and related item ID). Expo routes notifications through Apple Push Notification service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android.
Data NOT processed: Expo does not receive your email, account information, or household data.
Privacy policy: expo.dev/privacy
4.4 Resend (Resend, Inc.)
Purpose: Transactional email delivery for customer support.
Data processed: When you submit feedback, a bug report, or a feature suggestion through the App's Settings screen, the following is sent to Resend for email delivery: your email address (as reply-to), your feedback message, your user ID, app version, device model and OS, and your household name. This email is delivered to our support inbox at support@flatflowapp.com.
When triggered: Only when you explicitly submit feedback through the App. Resend is never triggered passively.
Privacy policy: resend.com/legal/privacy-policy
4.5 Apple App Store (Apple Inc.) and Google Play Store (Google LLC)
Purpose: App distribution and in-app purchase processing.
Data processed: Purchase transactions, subscription status, and payment information are processed directly by Apple and Google. We receive only confirmation of purchase events via RevenueCat — we never receive payment card details or app store account credentials.
Privacy policies: apple.com/legal/privacy | policies.google.com/privacy
5 Data Storage and Security
5.1 Where Your Data Is Stored
All FlatFlow data is stored on Google Cloud infrastructure (via Firebase) located in the United States. This includes:
- Firestore — All structured data (account information, household data, bills, rotas, nudges, etc.)
- Firebase Storage — Uploaded files (profile images stored at
profile_images/{userId}and bill receipts stored atreceipts/{householdId}/{billId}) - Firebase Authentication — Hashed passwords and authentication state
5.2 Security Measures
We implement the following security measures to protect your data:
- Encryption in transit — All data transmitted between the App and our servers uses TLS (Transport Layer Security) / HTTPS encryption. No data is ever sent in plaintext.
- Encryption at rest — All data stored in Firestore and Firebase Storage is encrypted at rest using Google Cloud's default AES-256 encryption.
- Password security — Passwords are hashed using industry-standard algorithms by Firebase Authentication. We never store or have access to plaintext passwords.
- Authentication required — All database reads, writes, and file storage operations require a valid authenticated session. Unauthenticated requests are rejected.
- Firestore Security Rules — Server-side security rules require valid authentication for all database operations, restricting access to authenticated users only.
- Webhook authentication — Our subscription webhook endpoint validates incoming requests using a secret bearer token stored in Google Cloud Secret Manager, preventing unauthorized webhook calls.
- Stale token cleanup — When push notification delivery fails due to an unregistered device, we automatically remove the invalid token from the user's profile to prevent data leakage.
While we take reasonable and industry-standard measures to protect your data, no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.
5.3 Local Device Storage
The App caches certain data locally on your device to enable faster loading and limited offline functionality:
- AsyncStorage — Your user profile and household data are cached locally so the App can display content immediately while fetching the latest data from the server. Cache keys are scoped to your user ID and household ID.
- Authentication persistence — Your login session is persisted locally so you don't need to re-enter your credentials each time you open the App.
- Theme and onboarding preferences — Your theme choice (light/dark/system) and whether you've completed the onboarding flow are stored locally.
All locally cached data is removed when you uninstall the App from your device.
6 Data Retention and Deletion
We retain your data only as long as necessary to provide the App's services. Here is how retention works for each category of data:
| Data Category | Retention Period | Deletion Trigger |
|---|---|---|
| Account data | Until account deletion is requested | You request account deletion via email |
| Household data | Until household is empty or deletion is requested | All members leave or deletion is requested |
| Feature data (bills, rotas, etc.) | Until the item is deleted by a user or the household is deleted | User deletes the item, or household deletion |
| Bill receipts | Until the associated bill is deleted | Bill deletion triggers receipt file deletion from storage |
| Push notification tokens | Until token becomes invalid or user leaves household | User leaves household, token expires, or device unregistered |
| Usage counters | Current month (auto-resets monthly) | New month begins (date-based document naming) |
| Support feedback | Retained in our email system | Deleted upon request |
| Local device cache | Until app uninstall | App is uninstalled from device |
When you leave a household, the following happens immediately:
- Your household association (
householdId) is set to null - Your push notification token is deleted from your user profile
- Your scheduled local notifications for that household are cancelled
- Your profile is removed from the household's member list
Historical data you created (e.g., past bills, completed chore tasks) may remain in the household for other members' records.
7 Your Rights and Choices
7.1 Access and Correction
You can view and update your account information at any time through the App's Settings screen, including your username, profile image, profile color, and theme preference. Household administrators can update household details such as the household name, currency, and house information.
7.2 Data Portability
You have the right to request a copy of your personal data in a commonly used, machine-readable format. To request a data export, contact us at support@flatflowapp.com. We will provide your data within 30 days of receiving a verified request.
7.3 Account Deletion
You have the right to request deletion of your account and all associated personal data. To request account deletion, email us at support@flatflowapp.com from the email address associated with your account. Upon verification, we will:
- Delete your user profile from Firestore
- Delete your Firebase Authentication account
- Delete your profile image from Firebase Storage (if applicable)
- Remove your membership from any household you belong to
- Cancel any scheduled notifications associated with your account
Account deletion will be completed within 30 days of receiving a verified request. Some data may be retained if required by law (e.g., transaction records for tax or accounting purposes).
7.4 Notification Preferences
You can disable push notifications at any time through your device's system settings (Settings > Notifications > FlatFlow on iOS; Settings > Apps > FlatFlow > Notifications on Android). Disabling notifications will not affect the core functionality of the App — all features will continue to work, but you will not receive reminders or alerts.
7.5 Leave a Household
You can leave your household at any time through the App's Settings screen. Leaving a household immediately removes your association with that household and clears your push notification token. If you are the subscription owner of a FlatFlow Plus household, you must cancel your subscription before leaving.
7.6 Rights for EEA, UK, and Swiss Users
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws, including the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate or incomplete personal data
- Erasure — Request deletion of your personal data ("right to be forgotten")
- Restriction — Request that we restrict the processing of your personal data
- Portability — Receive your data in a structured, commonly used format
- Objection — Object to the processing of your personal data
Our legal basis for processing your data is the performance of our contract with you (the Terms of Service) and your consent where applicable. To exercise any of these rights, contact us at support@flatflowapp.com.
7.7 Rights for California Users
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your data, and the right to opt out of the sale of personal information. As stated in Section 3.5, we do not sell your personal information. To exercise your rights, contact us at support@flatflowapp.com.
8 Device Permissions
The App may request the following device permissions. All permissions are optional, and the App will function without them, though certain features may be limited:
| Permission | Why We Need It | When It's Requested | Status |
|---|---|---|---|
| Camera | To take photos for bill receipts or profile pictures directly from the App | When you tap the camera option while uploading a receipt or profile photo | Optional |
| Photo Library | To select existing images from your device for bill receipts or profile pictures | When you tap the photo library option while uploading a receipt or profile photo | Optional |
| Notifications | To send push notifications for bill reminders, chore assignments, nudges, and household activity | Prompted during initial app setup or when a notification-related feature is first used | Optional |
You can grant or revoke any permission at any time through your device's system settings. Revoking camera or photo library permission will only prevent you from uploading new images — all other features remain fully functional. Revoking notification permission will stop all push notifications but will not affect in-app functionality.
9 Push Notifications
FlatFlow uses push notifications to keep you informed about household activity. We believe in sending only relevant, useful notifications. Here is a detailed breakdown of the types of notifications we send:
9.1 Local Notifications (Scheduled on Your Device)
- Bill due date reminders — Scheduled 1 day before a bill's due date to remind you of upcoming payments
- Rota task reminders — Scheduled reminders for chore assignments
Local notifications are scheduled on your device and are automatically cancelled if the related bill or rota is deleted or completed. Notification IDs are stored in the bill/rota record to enable cancellation.
9.2 Remote Notifications (Sent from Our Servers)
- Daily chore reminders — Sent at 9:00 AM UTC via our cloud function to users who have chore tasks due that day
- Household membership changes — Sent when a member joins, leaves, or is removed from your household
- Nudge notifications — Sent when another household member sends you a nudge
9.3 Notification Data
Each notification contains a title, body text, and a small metadata payload including the notification type (e.g., "bill," "rota," "nudge") and a related item ID. This metadata is used to navigate you to the correct screen when you tap the notification. Notifications do not contain sensitive data such as bill amounts, passwords, or financial details in the visible payload.
10 Children's Privacy
FlatFlow is designed for use by adults and older teenagers managing shared living arrangements. The App is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age.
If you are a parent or guardian and you believe that your child under 13 has created a FlatFlow account or provided us with personal information, please contact us immediately at support@flatflowapp.com. We will promptly investigate and delete the child's account and associated personal data from our systems.
Users between the ages of 13 and 17 may use FlatFlow with the permission and supervision of a parent or legal guardian. The parent or guardian is responsible for the minor's use of the App and agrees to these terms on the minor's behalf.
11 International Data Transfers
FlatFlow is operated by Orbit Digital LLC, a company based in Kansas, United States. Regardless of your location, your personal data is transferred to and processed in the United States via Google Cloud (Firebase).
If you are located outside the United States, please be aware that data protection laws in the United States may differ from those in your country of residence. By using FlatFlow, you explicitly consent to the transfer of your data to the United States and its processing in accordance with this Privacy Policy.
For users in the European Economic Area (EEA) and the United Kingdom, Google's Firebase services operate under Standard Contractual Clauses (SCCs) approved by the European Commission to provide adequate protection for data transferred outside the EEA. You may contact us at support@flatflowapp.com for more information about the safeguards in place.
12 Cookies and Tracking Technologies
FlatFlow is a native mobile application and does not use cookies, web beacons, pixels, or browser-based tracking technologies.
We use minimal analytics tooling (Expo Insights) to monitor app stability and performance. We do not use advertising SDKs or participate in any advertising networks. We do not track your activity across other apps or websites.
The only identifiers we store are your Firebase Authentication user ID (used to identify your account) and your FCM push notification token (used to deliver notifications to your device).
13 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- Material changes — We will notify you via a push notification, an in-app notice, or an email to the address associated with your account at least 30 days before the changes take effect.
- Minor changes — Non-material updates (e.g., clarifications, formatting) may be made without prior notice.
The "Effective Date" and "Last Updated" dates at the top of this policy indicate when it was last revised. Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the App and request account deletion.
We encourage you to periodically review this Privacy Policy to stay informed about how we protect your data.
14 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our privacy practices, please don't hesitate to reach out:
Orbit Digital LLC
Email: support@flatflowapp.com
We aim to respond to all privacy-related inquiries within 5 business days.