Effective June 2026 · Takiflow is operated by Sikora Labs, LLC ("we", "us") · plain language on purpose.
Account: your email and a hashed password (via Supabase, our auth and database provider). Your Lunch Money token: encrypted at rest with a key Supabase never sees; used read-only to fetch your accounts, balances, transactions, and recurring items when you load the app. Your settings and your past AI analyses (weekly reviews and monthly deep-dives), stored so the AI features can refer back to them. Billing: if you subscribe to Pro, your payment is handled by Stripe; we store only a Stripe customer reference to manage the subscription — never your card number. Short-lived caches of your Lunch Money data exist only to render your dashboard.
The money math (allocations, forecasts, projections) is deterministic code — no AI ever runs it. If you enable the AI features (the Pro weekly review, monthly deep-dive, and chat), your budget summaries and recent transactions are sent to the model that writes those texts — an open-weights model running on DigitalOcean's inference service, the same cloud that hosts Takiflow. Your financial data is not sent to any outside AI company (such as OpenAI or Anthropic), and it is never used to train a model. That is the only place your financial data is shared for AI, and turning the AI features off in Settings stops it entirely.
In the mobile app, the lock screen is opened with Face ID, fingerprint, or your device passcode — handled entirely by your device's operating system, so your biometrics never reach us. If you turn on notifications, we store a device push token so we can send your weekly-review reminder; that notification is delivered through Expo's push service (to Apple on iOS, or Google on Android) and carries no financial detail — it's only a nudge to open the app. The app is a secure window onto the same hosted service and adds no advertising, analytics, or cross-app tracking.
We never see or store your bank credentials (Lunch Money and its providers hold those). We never sell your data, never share it for advertising, and never use a shared Lunch Money key — your token acts only for you.
Two httpOnly session cookies keep you signed in — no advertising or cross-site tracking cookies. The Takiflow app makes no third-party browser requests (fonts included) and runs no analytics. Our public marketing site (takiflow.com) uses a privacy-focused analytics service to measure aggregate, anonymous visits such as page views and referrers; it sets no tracking cookies and never builds an advertising profile or follows you across other sites.
Delete your account in Settings (or email us) and we remove your profile, settings, encrypted token, stored analyses, and any device push tokens, and we cancel an active Pro subscription by deleting your Stripe customer — which ends billing immediately. Revoking the token in Lunch Money cuts access instantly either way. Caches expire on their own. We'll notify affected users and Lunch Money if a breach ever touches token data.
Questions: [email protected] · Terms · © 2026 Sikora Labs, LLC · Educational software, not financial advice.