Skip to content
Cashflow Voyager
Sign in

Privacy

Privacy policy.

Last updated: 6 May 2026

This policy explains what personal information Cashflow Voyager collects when you use the service, why we collect it, who has access to it, and what control you have over it. It applies to anyone signed in to a Cashflow Voyager account. If you use the calculators without signing in, no personal information is collected — they run entirely in your browser.

Our commitment

We use your data to deliver Cashflow Voyager — and that's it.

We never:

  • Send you marketing email
  • Sell or share your data with anyone for their own purposes
  • Use your data to train AI models
  • Build advertising profiles or fingerprint you across the web

Who we are

Cashflow Voyager is operated by Edwin Stoltz, trading as Cashflow Voyager (a sole proprietorship). We are the responsible party for the personal information described in this policy.

  • Information Officer: Edwin Stoltz
  • South African Information Regulator registration: 2026-012436
  • Email: info@edwinstoltz.com
  • Postal: contact via email for postal address

What we collect

We collect

  • Your email address (from Google)
  • Your Google account ID (opaque identifier)
  • Whether your email is verified
  • Bond details: nickname, bank, address, property type, ownership, loan amount, interest rate, term, payment, currency
  • Optional bond events: cost items, balance updates, payments
  • Saved scenarios linked to your bonds
  • Sign-in / export / deletion audit events

We don't

  • Your password — Google handles that
  • Your full bank account number — last 4 digits only
  • Your South African ID number
  • Any biometric data
  • Information about anyone other than yourself

Why we collect it

We use your data to identify your account, show you your bonds and scenarios, calculate amortisation, payoff and savings projections, send you transactional notifications about your account (sign-in alerts and similar — only when we add that capability), respond to your questions, and maintain a POPIA audit trail. We never use your data for any purpose other than these.

Who we share it with

Sub-processorWhat they doData location
GoogleAuthenticates your sign-in (Sign in with Google)Global
SupabaseStores your saved data (Postgres database)Frankfurt, Germany
Google Cloud RunRuns the applicationNetherlands
Firebase HostingServes the website (CDN)Google's global edge network

We don't give any of these providers permission to use your data for their own purposes. Each is bound by their own contractual obligations to us as data processors.

Cross-border transfers

Your personal information is processed and stored in the European Union (Germany and Netherlands). The EU's General Data Protection Regulation (GDPR) provides a level of protection comparable to POPIA, which the Information Regulator recognises as adequate for cross-border transfers under section 72 of POPIA. We chose EU infrastructure because Google Cloud's South African region (africa-south1) doesn't yet support our managed-database tier. We plan to migrate everything to South Africa once a paid user base supports the additional cost — this page will be updated when that happens.

Your Google profile photo (when set) is loaded directly from googleusercontent.com, Google's image CDN. We store the URL only — never the image bytes — and your browser fetches the photo from Google each time it renders. We send the request without a referrer so the path you're viewing on Cashflow Voyager isn't disclosed to Google's image CDN. This is a separate cross-border transfer from the Postgres storage above.

How long we keep it

  • While your account is active, we keep your data for as long as you have a Cashflow Voyager account.
  • If you delete your account, we keep your data for 30 days in case you change your mind, then permanently delete it.
  • The audit log is kept indefinitely with personal information minimised — only your account UUID is retained for legitimate compliance purposes.

Your rights

Per POPIA section 5, you have the right to:

  • Access — see the personal information we hold about you. Use Settings → Export my data to download it.
  • Correct — change anything that's inaccurate. Edit your bonds, scenarios, and profile in the app at any time.
  • Delete — wipe your account and data. Settings → Delete my account.
  • Object / withdraw consent — stop us from processing your data by deleting your account.
  • Complain — to us first via email, or to the Information Regulator at inforegulator.org.za.

Security

  • All data is encrypted in transit (TLS 1.3) and at rest (managed by Supabase and Google Cloud).
  • Authentication is handled by Google — we never see or store your password.
  • Sessions use HttpOnly, Secure, SameSite=Lax cookies.
  • We follow the principle of least privilege for database access.
  • Sensitive fields (your full bank account number, ID number) are never collected.

Cookies & tracking

We use one essential cookie: __session, an HttpOnly Secure cookie that stores a signed JWT identifying your sign-in. It expires when you sign out or after a set period of inactivity. We don't use third-party tracking cookies, advertising pixels, analytics that profile individual users, or browser fingerprinting. (Anonymous, aggregate analytics may be added in future. This page will be updated, and you'll be notified at sign-in.)

Children

Cashflow Voyager is not for users under 18. By signing in, you confirm that you are at least 18 years old.

Changes to this policy

If we change how we collect, use, share, or retain your personal information, we'll update this policy and notify you. Material changes will be flagged at sign-in.

Contact

Questions about your data, this policy, or POPIA?

  • Email: info@edwinstoltz.com
  • Information Officer: Edwin Stoltz
  • Information Regulator (SA) registration: 2026-012436