← Back to FLOAT

Privacy Policy

Last updated: 18 April 2026

FLOAT is built on a simple principle: your financial data belongs to you. This policy explains what we collect, why we collect it, how we protect it, and what rights you have. We wrote it in plain language because if you are here to get better with money, the last thing you need is legal jargon.

This policy is written in compliance with the Protection of Personal Information Act (POPIA) of South Africa.

1. Who is responsible for your data

FLOAT is operated by FLOAT. For the purposes of POPIA, FLOAT is the responsible party and Information Officer.

Information Officer: FLOAT

Email: privacy@myfloat.app

Country: South Africa

2. What personal information we collect

We only collect information that helps FLOAT work for you. Here is what that includes:

  • Account details — your email address, display name, and avatar if you upload one
  • Financial profile — income, expenses, age, employment type, number of dependents, risk appetite, and payday date
  • Bank statements and documents — PDFs, CSVs, or screenshots you upload so we can extract your transactions
  • Transactions — individual financial transactions we extract from your uploaded documents
  • Goals and debts — savings goals, debt balances, and monthly obligations you enter
  • Investment holdings — asset positions parsed from screenshots or entered manually
  • Chat history — your conversations with your Money Mentor
  • Preferences — your chosen Mentor personality, theme, currency, and notification settings
  • Phone number — if you choose to connect via WhatsApp

We do not collect your ID number, banking login credentials, or any information beyond what you explicitly provide.

3. Why we collect it

Every piece of data serves one purpose: helping you build wealth. Specifically:

  • Freedom Day calculation — your income, expenses, and investment balances determine when work becomes optional for you
  • Spending analysis — your transactions show where your money goes so you can make better decisions
  • Payment Order — your goals, debts, and obligations create a personalised plan for where every rand should go each month
  • AI guidance — your financial profile powers personalised advice from your Money Mentor
  • Notifications — to send you payday reminders, milestone celebrations, and weekly check-ins if you opt in

Nothing is collected for advertising, profiling, or sale to third parties. Ever.

4. How your data is processed

When you upload a bank statement or ask your Money Mentor a question, your data is processed by AI to extract transactions, categorise spending, and generate personalised guidance. This processing happens through secure API calls. Your data is not used to train AI models.

5. Who else handles your data

We use a small number of trusted services to run FLOAT. Here is who they are and why:

  • Supabase — database and authentication. Your data is stored in a Supabase database with encryption at rest and row-level security so only you can access your records.
  • Anthropic (Claude AI) — powers document parsing and your Money Mentor. Your data is sent to Claude for processing but is not stored by Anthropic or used for AI training.
  • Resend — email delivery. Used to send you magic links, password resets, and notification emails. Resend receives your email address only.
  • Vercel — hosting and infrastructure. FLOAT runs on Vercel servers. Vercel processes web requests but does not access your stored financial data.

We do not sell, rent, or share your personal information with anyone else. No advertisers, no data brokers, no exceptions.

6. How long we keep your data

We keep your data for as long as you have an active FLOAT account. Your financial history is important for tracking progress over time, so we do not automatically delete old data.

If you delete your account, all your data is permanently removed from our systems immediately. This includes your financial profile, transactions, statements, goals, debts, chat history, and any uploaded files. This cannot be undone.

If your account is inactive for more than 24 months, we may contact you to confirm you still want your data stored. If we do not hear back, we will delete your account and all associated data.

7. Your rights under POPIA

Under the Protection of Personal Information Act, you have the right to:

  • Access your data — see all the personal information we hold about you. You can export a complete copy from Settings at any time.
  • Correct your data — update or fix any information that is wrong. You can edit your financial profile, transactions, and goals directly in the app.
  • Delete your data — permanently remove your account and all associated data. You can do this from Settings. It is immediate and irreversible.
  • Object to processing — if you believe we are processing your data unlawfully, you can contact us and we will address your concern.
  • Lodge a complaint — if you are not satisfied with how we handle your data, you can lodge a complaint with the Information Regulator of South Africa.

8. How to exercise your rights

Most actions you can take directly in the app. Go to Settings to export your data, correct your profile, or delete your account.

For anything else, or if you have questions about your personal information, email us at privacy@myfloat.app. We will respond within 30 days as required by POPIA.

Information Regulator (South Africa)

Website: inforegulator.org.za

Email: enquiries@inforegulator.org.za

9. How we protect your data

  • Encryption — all data is encrypted at rest in the database and in transit via TLS/HTTPS. We enforce HSTS (HTTP Strict Transport Security) so your browser always uses a secure connection.
  • Row-level security — every database table is configured so you can only access your own data. No other user and no FLOAT team member can see your financial information.
  • Authentication — your account is protected by password or magic link authentication with secure HTTP-only cookies. Two-factor authentication is coming soon.
  • Session protection — FLOAT automatically signs you out after 30 minutes of inactivity to protect your financial data if you leave your device unattended.
  • Login protection — after multiple failed login attempts, your account is temporarily locked to prevent unauthorized access.
  • Rate limiting — API requests are rate-limited to prevent abuse
  • No plain-text storage — passwords are hashed and never stored in readable form
  • Security headers — we use industry-standard headers (X-Frame-Options, Content-Type-Options, Referrer-Policy, Permissions-Policy) to protect against clickjacking, MIME sniffing, and other common web attacks.
  • Input validation — all data submitted to FLOAT is validated and sanitized to prevent injection attacks.
  • File upload security — uploaded files are validated for type and size, and filenames are sanitized before storage.

Last updated: April 2026

10. Cookies

FLOAT uses only essential cookies required for authentication and keeping you signed in. We do not use tracking cookies, advertising cookies, or analytics cookies. There is nothing to opt out of because we do not track you.

11. Children

FLOAT is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. If we make material changes to how we handle your personal information, we will notify you through the app and update the date at the top of this page. Continued use of FLOAT after changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this privacy policy or how your data is handled, reach out:

FLOAT (Information Officer)

Email: privacy@myfloat.app