Your Numbers Simplified

    Cashflow Navigator

    A professional 12-month cashflow forecast for your business — without the spreadsheet headache.

    Complete a forecast in under an hour

    Privacy Policy — Cashflow Navigator™

    Effective 15 June 2026

    1. Who we are

    Cashflow Navigator™ is a product of Bossit, a New Zealand company. We are committed to protecting your personal information in accordance with the Privacy Act 2020 (NZ).

    Privacy enquiries: hello@bossit.nz

    2. What information we collect

    We collect only what is necessary to provide the forecasting tool and manage your account.

    • Account & authentication: Your email address, a securely hashed password (we never see or store your actual password — only a bcrypt hash), your user ID (a random unique identifier), sign-up and last sign-in timestamps, email confirmation status, and — if social login is enabled — your OAuth provider token. IP address and user-agent are captured in authentication logs by the hosting platform for security and audit purposes.
    • Profile: Your display name, email address (mirrored from your account for display), and the timestamp at which you accepted these Terms and Privacy Policy.
    • Account role: Your account role (standard user or admin).
    • Saved forecasts: The cashflow forecasts you build and save, including: business profile details (industry, business structure, staff count, GST registration status, revenue range, premises type, business age, vehicle use, NZ region, and a free-text description of what you sell); income streams (names and monthly amounts, seasonality); direct costs and expenses (names, monthly amounts, GST flags); assets and loans (purchases, financing terms, loan balances and repayments); capital movements, wishlist items, and goals; and calculated outputs (monthly cashflow, P&L, break-even analysis, and health metrics).
    • Discount codes: If you are issued a repurchase discount, we store the code, percentage, issue date, expiry date, and redemption date linked to your account.
    • Email delivery: When you choose to email yourself a report, your email address and the generated PDF or Excel report are transmitted via Resend (our email provider). The report content is transmitted to you and is not persistently stored by us after delivery.
    • Platform logs: Edge function, database, and authentication logs are retained by our hosting platform (Supabase) for operational and security purposes. These logs may include user IDs and IP addresses and are retained per Supabase's standard log retention policy.

    3. What we do not collect

    We do not collect or store: plaintext passwords · payment card details · bank account numbers or live bank-feed transactions · IRD numbers or NZBNs · customer or supplier personal data · any data from users who have not signed up · analytics or advertising trackers.

    No analytics or advertising trackers are installed in this app.

    4. How your forecast data is used

    Your saved forecast data is used solely to provide the Cashflow Navigator™ service to you. It is not shared with third parties for marketing, profiling, or advertising purposes.

    When you use AI-powered suggestions or insights within the app, a sanitised version of your business profile and income/expense category names is sent to the Lovable AI Gateway (powered by Google Gemini) to generate those suggestions. Your email address and personal identifiers are not included in these requests.

    5. Payments

    Cashflow Navigator™ currently uses a discount code system for repurchase pricing. Payment processing, if applicable, is handled by Stripe, a PCI DSS-compliant provider. Bossit does not store your card number, expiry date, or CVV. Stripe's own privacy policy applies to payment data: stripe.com/nz/privacy

    6. Third-party services

    • Supabase / Lovable Cloud — Account authentication, database storage, file storage, and edge functions. AWS infrastructure. supabase.com/privacy
    • Lovable AI Gateway (Google Gemini) — AI-generated forecast suggestions and insights (sanitised data only — no personal identifiers). US-based. lovable.dev/privacy
    • Resend — Transactional email delivery of reports. US-based. resend.com/privacy
    • Stripe — Payment processing (if applicable). US-based, PCI DSS compliant. stripe.com/nz/privacy

    Each provider's own privacy policy applies to data they process on our behalf. Some providers are US-based — by using Cashflow Navigator™ you acknowledge that certain data may be processed in the United States.

    7. Browser-side storage

    A session token is stored in your browser (via cookie or localStorage) by Supabase Auth so that you remain signed in between visits. This is strictly necessary for the app to function and is not used for tracking or advertising purposes.

    8. Where your data is stored

    Your data is stored on secure cloud infrastructure provided by Supabase, running on AWS servers. Supabase maintains industry-standard security practices including encryption at rest and in transit. Your saved forecasts are private to your account and are not accessible to other users.

    9. How long we keep your data

    We retain your account and forecast data for as long as your account is active. If you close your account or request deletion, we will remove your personal data within 30 days, except where we are required to retain certain records by law (e.g. financial transaction records).

    Platform-level logs are retained per Supabase's standard retention policy and are used solely for operational and security purposes.

    10. Your rights under the Privacy Act 2020

    Under the New Zealand Privacy Act 2020, you have the right to:

    • Access the personal information we hold about you
    • Correct any information that is inaccurate or out of date
    • Request deletion of your personal information (subject to legal retention requirements)
    • Ask how your information is being used

    To exercise any of these rights, contact us at hello@bossit.nz. We will respond within 20 working days as required by the Act.

    11. Data breaches

    In the event of a privacy breach that is likely to cause serious harm, we will notify affected users and the Office of the Privacy Commissioner (OPC) as required under the Privacy Act 2020.

    12. AI-generated content disclaimer

    Forecast insights and suggestions generated by AI within Cashflow Navigator™ are intended as a general guide only and do not constitute professional financial, accounting, legal, or tax advice. Always verify your forecasts with a qualified accountant or financial adviser before making business decisions.

    13. Contact & complaints

    If you have a privacy concern or complaint, please contact us first at hello@bossit.nz. If we are unable to resolve your concern, you may contact the Office of the Privacy Commissioner at privacy.org.nz.

    Bossit · hello@bossit.nz · Effective 15 June 2026