Privacy Policy for MeFlow
This Privacy Policy explains how Cybiqon ("we", "us", "our") collects, uses, and protects your information when you use the MeFlow mobile application ("MeFlow", the "App"). MeFlow is owned and operated by Cybiqon.
Quick summary
- MeFlow is a personal productivity app (expenses, tasks, habits, goals, journal, notes) developed by Cybiqon.
- Your data is stored in your private account on Google Firebase and is not sold to anyone, ever.
- We collect the minimum needed to run the app: account info, the content you create, and basic technical/diagnostic data.
- You can export, edit, and permanently delete your data at any time from inside the app, or by emailing us.
1. Information we collect
1.1 Account information
When you sign up, we collect:
- Email address and display name (or, for Google Sign-In, the email and name returned by Google).
- An encrypted password hash (only if you sign up with email/password — managed by Google Firebase Authentication; we never see your raw password).
- An optional profile photo URL.
1.2 Content you create in the app
MeFlow stores the data you choose to enter so it is available across your devices:
- Expenses, income records, accounts, categories, and budgets.
- Tasks, to-dos, goals, milestones, routines, habits, and side quests.
- Notes, sticky notes, folders, and tags.
- Journal entries and mood logs.
- Reminders, achievements, wishlist items, and app preferences (theme, currency, notification settings).
This content is private to your account and is not visible to other users.
1.3 Device and diagnostic information
- Device type, OS version, app version, and language — used to diagnose issues and target updates.
- Crash reports and non-fatal error logs (via Firebase Crashlytics, when enabled).
- Anonymous usage events (e.g., "user opened journal screen") used in aggregate to improve the app.
- Approximate timestamps for sync.
1.4 Information we do not collect
- We do not collect your precise location.
- We do not access your contacts, photos, microphone, camera, SMS, or call logs.
- We do not collect financial-account credentials. Expenses you enter are typed by you; we never connect to your bank.
- We do not use your content to train AI models.
- We do not sell or rent your personal data to third parties.
2. How we use your information
| Purpose | What we use | Legal basis |
|---|---|---|
| Provide the App's core features (sync, log in, store your entries) | Account info, content you create | Performance of contract |
| Send local and push notifications you have configured (reminders, habit nudges) | Reminder schedules you set | Performance of contract |
| Detect crashes and fix bugs | Diagnostic data, crash logs | Legitimate interest |
| Understand which features are used so we can improve them | Aggregated, anonymous usage events | Legitimate interest |
| Prevent abuse, fraud, and security incidents | Authentication metadata | Legitimate interest / legal obligation |
| Respond to your support requests | Email, account ID, message you send us | Legitimate interest |
3. How your data is stored and protected
- Your content is stored in Google Cloud Firestore in the
asia-south2region (Delhi, India). - Authentication is handled by Google Firebase Authentication.
- All data is transmitted over HTTPS/TLS.
- Firestore security rules ensure that only you (the authenticated owner) can read or write your data.
- You can enable biometric app lock (fingerprint / face) inside the app for an additional on-device layer of protection.
No system is perfectly secure. If we ever become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.
4. Third-party services we use
MeFlow uses a small number of trusted third-party services, all provided by Google. These providers process limited data on our behalf and are bound by their own privacy policies.
| Provider | What it does | Privacy policy |
|---|---|---|
| Google Firebase Authentication | Sign-up, sign-in, password reset | firebase.google.com/support/privacy |
| Google Cloud Firestore | Stores your account content and sync state | cloud.google.com/terms/cloud-privacy-notice |
| Firebase Crashlytics (optional) | Reports crashes so we can fix them | firebase.google.com/support/privacy |
| Google Sign-In (optional) | Lets you sign in with your Google account | policies.google.com/privacy |
| Google Play Services | Push notifications and app delivery | policies.google.com/privacy |
5. Data sharing and disclosure
We do not sell your personal data. We share data only in these limited situations:
- Service providers listed in section 4, strictly to operate the App.
- Legal requests, when we are legally required to comply with a valid court order, subpoena, or government request under applicable law.
- Business transfers, in the event Cybiqon is acquired or merged. You will be notified before your data is transferred and becomes subject to a different privacy policy.
- To protect rights and safety, where necessary to investigate fraud, abuse, or threats to users.
6. International data transfers
Your data is primarily stored in India (Google Cloud
asia-south2). Some of our service providers (such as
Google) may process limited diagnostic data in other countries. Where
such transfers happen, they rely on safeguards required by
applicable law (such as Standard Contractual Clauses).
7. Data retention
- Account and content data is kept as long as your account exists.
- If you delete your account, all personal content is removed from our active databases immediately.
- Backups are rotated on a 30-day cycle; deleted data is fully removed from backups within that window.
- Firebase Authentication may retain hashed identifiers for up to 30 days after deletion to prevent abuse.
- Anonymous, aggregated analytics (which cannot identify you) may be retained indefinitely.
- Records we are legally required to retain (fraud investigation, tax, etc.) are kept only for the legally mandated period.
8. Your rights and choices
You have the following rights with respect to your personal data:
- Access & export — view and export your data from inside the App.
- Correction — edit any entry directly in the App.
- Deletion — delete individual entries, or delete your entire account (see Delete Account).
- Withdraw consent — sign out, disable notifications, or uninstall the App at any time.
- Object / restrict processing — email support@cybiqon.com to exercise rights granted by laws such as GDPR, UK GDPR, India's DPDP Act, or applicable U.S. state privacy laws (e.g., CCPA/CPRA).
- Lodge a complaint — you may complain to your local data protection authority.
We respond to verified requests within 30 days.
9. Children's privacy
MeFlow is not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us at support@cybiqon.com and we will delete it.
10. Permissions used by the App
MeFlow may request the following Android permissions:
- Internet — to sync your data with Firebase.
- Notifications (POST_NOTIFICATIONS) — to deliver reminders you have configured.
- Schedule exact alarms — to fire reminders on time.
- Biometric / Use fingerprint — to support the optional app lock.
- Receive boot completed — to restore reminder schedules after the device restarts.
Each permission is used only for the feature described above. You can revoke any permission from your device's system settings.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page and, for material changes, notify you in the App or via email before the change takes effect.
12. Contact us
If you have any questions about this Privacy Policy or your data:
- Email: support@cybiqon.com
- Developer: Cybiqon
- App: MeFlow (available on Google Play)