Privacy Policy

1. Introduction

WhizzFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our mileage tracking, expense management, and business operations platform.

For questions about how your data is handled, contact us at privacy@whizzflow.com.

2. Data We Collect

Account Information: Name, email address, password (hashed), country, account type, and organization details.

Location Data: GPS coordinates for trip tracking (only when tracking is actively enabled by you).

Financial Data: Receipt images, expense amounts, budget information, bank statement data (uploaded by you), and invoice details.

Vehicle Data: Vehicle make, model, year, fuel type, and odometer readings.

Usage Data: Feature usage analytics, device information, and interaction logs.

3. How We Use Your Data

We use your data to provide and improve our services, including trip tracking, expense categorization, AI-powered receipt scanning, budget analysis, bank statement benchmarking, generating reports, and delivering notifications.

4. Data Storage & Security

All data is stored on Microsoft Azure infrastructure with encryption at rest and in transit. We use PostgreSQL with ACID compliance and point-in-time backup. Authentication supports WebAuthn/FIDO2 passkeys for passwordless security.

5. Third-Party Services

We use the following third-party services: Google Maps (route visualization), Anthropic Claude AI (assistant features and receipt processing), Azure Document Intelligence (OCR), European Central Bank (exchange rates), and Azure Communication Services (email delivery).

6. Cookies & Similar Technologies

WhizzFlow uses cookies and similar technologies (including localStorage) to make the site work, remember your consent preferences, and — only with your permission — measure how the site is used.

Strictly necessary cookies are always on. They handle session security, CSRF protection, load balancing, and storing your cookie-consent choice. These cannot be disabled because the site will not function without them.

Analytics cookies help us understand aggregate usage (pages viewed, time spent, traffic sources). They are set only if you opt in.

Marketing cookies are used to measure advertising effectiveness and personalize content on other sites. They are set only if you opt in.

You can accept, reject, or fine-tune your preferences at any time by clicking Cookie Preferences in the footer. Your consent record is stored locally with a timestamp and is re-requested when our policy changes materially.

7. Data Sharing

We never sell your personal data. Data is shared only with team administrators within your organization (for team accounts), third-party service providers as described above, and law enforcement when legally required.

8. Your Rights

Under GDPR, the UK DPA, the UAE PDPL, and other applicable laws, you have the right to access, correct, delete, or export your data. You may also restrict processing or object to certain uses. To exercise any of these rights, contact privacy@whizzflow.com. We will respond within 30 days.

9. Children's Privacy

WhizzFlow is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it promptly. If you believe a child has submitted data to us, please contact privacy@whizzflow.com.

10. Contact Us