NanFlo logo

NanFlo

Smarter card decisions

Sign in
← Back

Legal

Privacy Policy

Last updated: March 17, 2026

This Privacy Policy explains how NanFlo ("NanFlo," "we," "us," or "our") collects, uses, shares, and retains information when you use our iOS app, web app, widget and app extensions, and related services (collectively, the "Service"). By using the Service, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to:

  • the NanFlo iOS app;
  • the NanFlo web app and marketing site;
  • NanFlo widgets and app extensions, including nearby recommendation surfaces and shared app-group storage used by the iOS app; and
  • support, account, recommendation, and privacy tools that are part of the Service.

This Privacy Policy does not apply to third-party services that you access through or alongside NanFlo, including Plaid, Auth0, Apple, or card issuer websites. Those services are governed by their own privacy notices.

2. Information We Collect

2.1 Account and identity information

We collect account and identity information such as:

  • your email address;
  • your Auth0 identifier or other authentication identifier;
  • your NanFlo user ID; and
  • profile information you choose to provide, such as your first name, last name, age range, location, or reward goals.

2.2 Financial account and transaction information

If you connect financial accounts through Plaid, we receive and store information such as:

  • financial institution name and Plaid item identifiers;
  • account metadata, including account name, type, subtype, mask, balances, and credit limits where available;
  • credit-card account details needed to map accounts to card templates;
  • transaction information, including date, amount, merchant name, pending or posted status, and provider-supplied category or merchant metadata; and
  • recurring or bill-related classifications derived from transaction activity.

We use this data to provide wallet views, transaction history, recommendations, insights, perk tracking, and related features. We do not sell financial account or transaction data.

2.3 Location information

If you grant location permission, we may receive precise location information from your device when you use nearby recommendation features such as Best Card Nearby or other location-aware recommendation surfaces.

We use location to identify nearby merchants and to generate context-aware recommendations. We do not store precise GPS coordinates as part of your long-term account history unless we explicitly tell you otherwise for a specific feature.

2.4 Search, recommendation, and feedback history

We collect information about how you use recommendation features, including:

  • merchant and category queries you submit;
  • amounts or context you enter when requesting a recommendation;
  • recommendation feedback, such as whether you accepted or ignored a recommendation;
  • category corrections or transaction classification feedback; and
  • certain recommendation interaction events used to improve quality and reliability.

2.5 Notifications and device tokens

If you enable notifications, we may store:

  • your Apple Push Notification service device token;
  • your notification preferences; and
  • delivery or interaction metadata related to NanFlo notifications.

2.6 Images and text you submit

If you use a feature that accepts screenshots, offer text, or similar content, we may process that content to extract structured details needed to provide the feature. Unless we clearly tell you otherwise, uploaded images are processed for feature operation and are not retained longer than necessary for that operation.

2.7 Preferences, settings, and app configuration

We collect information about your settings and preferences, including:

  • reward goals and priorities;
  • annual fee tolerance and related profile preferences;
  • preferred programs or airlines;
  • notification preferences;
  • appearance, navigation, and certain feature toggles; and
  • wallet/account inclusion settings that control what appears in Wallet, Spend, Insights, or recommendations.

2.8 Device, diagnostics, and performance information

We collect limited technical information to operate and improve the Service, including:

  • device and app version information;
  • crash diagnostics and stack traces;
  • performance traces such as screen load times and API latency; and
  • service logs needed for security, abuse prevention, troubleshooting, and product reliability.

We currently use Sentry for crash and performance monitoring.

2.9 Widget and app-extension data

NanFlo uses shared on-device storage between the iOS app and certain widgets or app extensions. This may include nearby recommendation payloads or other app data needed to render those surfaces. The widget or extension does not create a separate NanFlo account profile; it reads data that the main app has already stored for the feature.

2.10 Biometrics and Face ID

If you enable biometric unlock, NanFlo stores only the app setting indicating that biometric protection is enabled. NanFlo does not receive, collect, or store your Face ID or Touch ID biometric templates. Those templates remain managed by Apple on your device.

3. How We Use Information

We use the information we collect to:

  • create and secure your account;
  • authenticate you and keep you signed in;
  • connect and sync linked financial accounts;
  • map linked accounts to card templates and maintain wallet state;
  • display transactions, balances, rewards, perks, and insights;
  • generate card recommendations and recommendation explanations;
  • provide nearby and context-aware recommendation features;
  • send notifications you request or that are necessary for the Service;
  • support data export, deletion, and account-management requests;
  • detect, investigate, and prevent fraud, abuse, and security incidents;
  • diagnose crashes, fix bugs, and improve speed and reliability; and
  • improve recommendation quality, categorization quality, and general product performance.

We do not use your information for cross-app or cross-site advertising.

4. How We Share Information

We do not sell your personal information. We do not share your personal information with data brokers or advertising networks for targeted advertising.

We may share information with the following categories of recipients:

RecipientPurposeExamples of information shared
PlaidFinancial account connectivity and transaction syncTokens and identifiers required to retrieve account and transaction data on your behalf
Auth0Authentication and account identityEmail address, authentication identifiers, and session/authentication events
AppleApp distribution, notifications, device-level permissions, app extensionsDevice token delivery through APNs, widget/app-extension platform services
SentryCrash and performance monitoringError traces, device/app metadata, and performance events
Hosting, cloud, and infrastructure providersOperate and secure the ServiceData processed or stored as part of running the Service
Professional advisers or legal authoritiesCompliance, enforcement, safety, and legal processInformation reasonably necessary to comply with law or protect users, NanFlo, or others

We may also share information in connection with a merger, financing, acquisition, reorganization, sale of assets, or similar transaction, subject to applicable confidentiality and legal obligations.

5. Affiliate and Card-Issuer Links

NanFlo may, in some versions of the Service, show an "Apply Now" or similar link for certain card recommendations.

If you tap one of these links:

  • you may be taken to a third-party issuer or partner site;
  • the destination site may know that the visit came from NanFlo; and
  • NanFlo may log that you tapped the link for measurement, fraud prevention, product analytics, or referral attribution.

If NanFlo receives a referral fee, it is paid by the issuer or partner, not by you. NanFlo states elsewhere in the Service that recommendation ranking is intended to be independent of affiliate status, but you should always review the issuer's own terms, pricing, and disclosures before applying.

6. Cookies and Similar Technologies

Our web properties may use strictly necessary cookies, local storage, and similar technologies for authentication, security, and basic site functionality.

NanFlo does not currently use advertising cookies or third-party tracking cookies for behavioral advertising.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce our agreements, and maintain security and abuse-prevention records.

In general:

  • active account data is retained while your account remains active;
  • transaction, wallet, recommendation, and preference data is retained while needed to operate your account;
  • short-lived caches and snapshot data may be retained for a shorter period; and
  • infrastructure logs, monitoring records, and backups may persist for limited operational periods even after deletion requests are processed.

8. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, export, delete, or limit certain uses of your information.

NanFlo currently offers the following in-product controls:

  • export your data;
  • optionally include financial data in your export;
  • optionally include search and recommendation history in your export;
  • delete your NanFlo data while keeping your login available for future sign-in;
  • delete your NanFlo account and associated login credentials; and
  • disconnect linked accounts or change app permissions in your device settings.

Delete my data

"Delete my data" removes NanFlo data associated with your account from NanFlo systems and signs you out. You may later sign in again with the same login and start over with a fresh account state.

Delete account

"Delete account" is intended to remove both your NanFlo account data and your Auth0 login identity so that you can create a new account again later using the same email address, subject to provider processing, backups, and legal obligations.

Device permissions

You can manage location, notifications, camera, photos, biometrics, and similar permissions through your device settings. Disabling permissions may limit certain features.

If you want to make a privacy request outside the product, contact us at hello@nanflo.co.

9. Security

We use technical and organizational safeguards intended to protect information, including encryption in transit, authenticated access controls, token-based authentication, and platform-provided secure storage where appropriate.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

10. Children's Privacy

NanFlo is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us information, contact us at hello@nanflo.co.

11. International Data Transfers

NanFlo and its service providers may process information in the United States and other jurisdictions where we or our providers operate. By using the Service, you understand that your information may be transferred to and processed in countries that may have different data-protection rules than your home jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice through the Service or by email.

13. Contact

If you have questions about this Privacy Policy or would like to make a privacy request, contact:

NanFlo
hello@nanflo.co