Relief Flow
Relief Flow
Legal

Data Policy & Compliance

Effective Date: April 6, 2026 · Property Relief Services LLC

1. Data Architecture Overview

Relief Flow uses a split data model designed for maximum privacy:

  • Financial Data: Stored exclusively in your browser's localStorage. Never leaves your device. Never accessible to us.
  • Account Data: Email and encrypted authentication tokens stored securely via Supabase with AES-256 encryption at rest.
  • Payment Data: Handled exclusively by Stripe. PCI-DSS compliant. We never store card numbers or CVV.
  • Analytics Data: Basic anonymized usage only. No financial information included.

2. Data We Do NOT Collect

Relief Flow explicitly does NOT collect:

  • Bank account numbers or login credentials
  • Social Security Numbers or government IDs
  • Financial account balances from external institutions
  • Transaction data from linked accounts (we have no bank linking feature)
  • Location data, contacts, camera, or microphone data

3. CCPA Compliance

Relief Flow complies with the California Consumer Privacy Act. California residents have the right to:

  • Know what personal information is collected.
  • Delete their personal information.
  • Opt out of the sale of personal information — we do not sell data.
  • Non-discrimination for exercising their rights.

To submit a CCPA request: Email support@getreliefflow.com with subject "CCPA Request." We will respond within 45 calendar days.

4. GDPR Compliance

For EEA users, we process personal data under: contract performance (email for account and billing management); legitimate interests (basic analytics to improve the App).

EEA users have rights to access, rectification, erasure, restriction, portability, and objection. Contact support@getreliefflow.com to exercise these rights.

5. Data Security Measures

  • HTTPS/TLS encryption for all data in transit.
  • AES-256 encryption for account data at rest via Supabase.
  • Stripe PCI-DSS Level 1 compliance for payment processing.
  • No financial data transmitted to or stored on our servers.
  • Regular security reviews of authentication systems.

6. Data Breach Notification

In the event of a data breach, we will notify affected users via email within 72 hours. Notification will include the nature of the breach, data affected, steps taken, and recommended actions.

Note: Because financial data is stored locally on user devices, a breach of our systems would not expose users' financial information.

7. Third-Party Data Processors

  • Stripe, Inc. — payment processing (stripe.com/privacy)
  • Supabase, Inc. — authentication and user account storage (supabase.com/privacy)
  • Netlify, Inc. — app hosting and delivery (netlify.com/privacy)

8. Data Retention and Deletion

Account data (email): retained while account is active, deleted within 30 days of deletion request.

Financial data: stored on user device only — you control it entirely.

Payment records: retained by Stripe per their policies and applicable tax law.

Analytics data: anonymized, retained for 24 months.

To request account deletion: Email support@getreliefflow.com with subject "Delete My Account." Processed within 30 days.

9. Cookies and Tracking

Relief Flow uses minimal cookies necessary for authentication (session tokens only). We do not use advertising cookies, cross-site tracking, or third-party analytics. We do not share data with advertising networks or engage in behavioral advertising.

10. Contact

Email: support@getreliefflow.com
Website: getreliefflow.com
Company: Property Relief Services LLC, United States