1. Introduction

This Privacy Policy explains how Flatsby ("we", "us", "our") collects, uses, and protects your personal data when you use our household management application. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Account Information

When you sign up via Google or Apple Sign-In, we receive:

• Your name
• Email address
• Profile picture (if provided)
• Unique identifier from the authentication provider

3.2 User-Generated Content

Data you create while using the app:

• Shopping lists and items (names, categories, completion status)
• Expenses (amounts, descriptions, dates, categories, split information)
• Group information (names, member relationships)
• Chat conversations with our AI assistant

3.3 Technical Data

Automatically collected data varies by platform:

Website:

• IP address (for session management only, not shared with analytics)
• Page views and navigation patterns (anonymized)

Mobile App:

• IP address (shared with analytics provider)
• Device type, operating system, and app version
• Screen views and navigation patterns

4. Legal Basis for Processing

We process your personal data based on:

• Contract performance (Art. 6(1)(b) GDPR): To provide the service you signed up for, including AI-powered features like automatic category detection
• Consent (Art. 6(1)(a) GDPR): For the AI chat assistant
• Legitimate interests (Art. 6(1)(f) GDPR): For service improvement and security
• Legal obligations (Art. 6(1)(c) GDPR): To comply with applicable laws

5. How We Use Your Data

We use your personal data to:

• Provide and maintain the Flatsby service
• Enable collaboration with your household members
• Process and display your shopping lists and expenses
• Provide AI-powered assistance (when enabled)
• Send service-related communications
• Improve and optimize the service
• Ensure security and prevent fraud

6. Data Sharing

6.1 Within Your Groups

When you join a household group, other group members can see your name, profile picture, and the content you share within that group (shopping list items, expenses).

6.2 Service Providers

We use third-party services to operate Flatsby:

• Neon (Database): Stores your data securely
• Vercel (Hosting): Hosts our web application
• Google/Apple (Authentication): Provides sign-in services
• AI Services (Vercel AI Gateway): AI features are integrated throughout Flatsby (chat assistant, automatic category detection for shopping items, and more). Data is processed via Vercel AI Gateway, which routes requests to OpenAI (GPT models), Google (Gemini models), or Anthropic (Claude models). See Vercel's DPA for data processing terms.
• PostHog (Analytics): Helps us understand how users interact with Flatsby so we can improve the service. Data collection differs by platform:
  • Website: Analytics are processed on our servers before being sent to PostHog. Your IP address is not shared with PostHog.
  • Mobile App: The app connects directly to PostHog and may collect device information (operating system, app version), screen views, and IP address.
  PostHog processes data on EU servers. See PostHog's Privacy Policy.

6.3 Legal Requirements

We may disclose your data if required by law or to protect our rights and safety.

6.4 AI Data Processing

AI features are integrated throughout Flatsby. The following data may be sent to AI providers:

• Shopping list item names (for automatic category detection)
• Chat messages and conversation history (when using the AI assistant)
• Shopping list and expense data (when using AI assistant tools)
• Group member names (when AI needs to identify members)

AI providers process this data to provide intelligent features. Data processing is governed by Vercel's DPA linked above.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

• Your personal data is deleted immediately
• Shopping list items and expenses you created may be anonymized but retained for other group members
• Chat conversations are permanently deleted

We may retain certain data longer if required by law or for legitimate business purposes (e.g., billing records).

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Delete your personal data ("right to be forgotten")
• Restriction: Restrict processing of your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time for consent-based processing

Analytics opt-out: You can disable analytics tracking in the app settings. This will stop collection of usage data while still allowing the app to function normally.

To exercise these rights, use the "Export My Data" feature in Settings or contact us at support@flatsby.com. You also have the right to lodge a complaint with a supervisory authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Secure authentication via OAuth 2.0
• Regular security assessments
• Access controls and monitoring

10. International Data Transfers

Your data may be processed outside the European Economic Area (EEA) by our service providers. In particular, AI services (OpenAI, Google, Anthropic) process data in the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions. See the DPA link in Section 6.2 for details.

11. Children's Privacy

Flatsby is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, by additional notice (e.g., in-app notification).

13. Contact Us

For privacy-related questions or to exercise your rights, contact us:

Email: support@flatsby.com