The General Data Protection Regulation (GDPR) is a European regulation that strengthens the protection of personal data of European citizens. It gives you clear rights over your data and imposes obligations on companies that process it.
For a service like StashFlow that processes your financial data, GDPR is essential. It ensures that your data is protected, that you maintain control, and that you are informed of your rights.
The data concerned by this GDPR page are the data you import into StashFlow (bank transactions from your CSV files) as well as the minimal technical data necessary for the service to function.
For more details on the data collected, see our Privacy Policy.
You have the right to know what personal data is processed and to access it.
Exemple : For example, you can see all your imported transactions, balances, and detected fixed charges directly in the application.
Sur StashFlow : On StashFlow: all your data is stored locally on your device. You already have direct access via the application interface.
You have the right to correct inaccurate or incomplete data.
Exemple : If you imported a transaction with an incorrect label, you can modify your CSV data and reimport it.
Sur StashFlow : On StashFlow: you can modify your data at any time by editing your CSV files and reimporting them into the application.
You have the right to request the deletion of your personal data.
Exemple : You can decide to delete all your data to start over or if you no longer wish to use the service.
Sur StashFlow : On StashFlow: use the "Clear Data" feature in the application. Deletion is immediate and final. Your data is never sent to our servers, so it only exists on your device.
You have the right to retrieve your data in a structured format and transfer it to another service.
Exemple : You can export your transactions to import them into another financial management tool if you wish.
Sur StashFlow : On StashFlow: you keep your original CSV files. You can also export your data from the application if this feature is available. Your data is already in a portable format (CSV).
You have the right to object to the processing of your personal data.
Exemple : If you no longer want StashFlow to process your data, you can stop using the service and delete your data.
Sur StashFlow : On StashFlow: you can object to processing by deleting your data in the application or by ceasing to use the service. Since your data is stored locally, stopping using StashFlow means no processing takes place.
You have the right to restrict the processing of your data in certain cases.
Exemple : If you contest the accuracy of certain data or if the processing is unlawful, you can request the restriction of processing.
Sur StashFlow : On StashFlow: since your data is stored locally on your device, you fully control its processing. You can delete certain data or stop using certain features at any time.
To exercise your rights, send us an email with your request. We may ask you to prove your identity for security reasons.
Email : privacy@stashflow.app
We commit to responding to your requests within a maximum of one month, in accordance with GDPR.
StashFlow implements technical and organizational measures to protect your data:
Chiffrement : Encryption in transit: all communications with our site are encrypted via HTTPS. However, since your financial data is stored locally on your device, it never transits through our servers.
Limitation d'accès : Access limitation: your data is stored in your browser's local storage (LocalStorage). Only your browser has access to it, no one else.
Bonnes pratiques : Best practices: we recommend using an up-to-date browser, not sharing your device, and clearing your data if you use a shared device.
Hébergeur : Hosting: StashFlow is hosted by technical providers (web hosting, CDN). These providers only have access to the technical data necessary for the site to function (technical metadata, anonymized error logs). They have no access to your financial data, which remains on your device.
Services email : Email services: we use email services for user support. If you contact us, your emails are processed by these services, but your financial data is never shared.
No commercial partners exploiting data: StashFlow does not work with any partner that would exploit your financial data for commercial purposes. No marketing partners, no advertising platforms, no data brokers.
StashFlow does not transfer your financial data outside the European Union because it remains stored locally on your device. No financial data is transmitted to our servers, so no international transfer takes place.
The only technical data that may transit through our servers (anonymized error logs) is processed by providers compliant with GDPR, with appropriate guarantees for international transfers if necessary.
In case of a data breach likely to result in a high risk to your rights and freedoms, StashFlow commits to notify you as soon as possible, in accordance with GDPR.
However, since your financial data is stored locally on your device and is never sent to our servers, the risk of a breach of your financial data via StashFlow is considerably reduced. The only data potentially exposed would be anonymized technical data.
For any questions regarding your GDPR rights or to exercise your rights, you can contact us:
Email : privacy@stashflow.app
You also have the right to file a complaint with the competent supervisory authority (in France: CNIL - Commission Nationale de l'Informatique et des Libertés) if you believe that the processing of your personal data constitutes a violation of GDPR. Website: www.cnil.fr.