Privacy Policy
Last updated: 12 June 2026
Flok ("we", "us", "our") is operated by David Oh, based in New Zealand. This policy explains what information we collect, how we use it, and your rights under the New Zealand Privacy Act 2020.
What We Collect
Account information
- Your phone number (used to create and verify your account)
- Your name (as entered during onboarding)
- Your role in your flat (head tenant or flatmate)
Flat and billing data
- Flat name and invite codes
- Bills you create or are assigned to — including amounts, due dates, and categories
- Payment and split records between flatmates
- Nudge activity (when you remind a flatmate to pay)
Bank connection data (via Akahu)
If you choose to connect your bank account through Akahu, we access:
- Your bank account number and account name (to display where flatmates should pay)
- Incoming transaction data on the connected account — amount, date, description, and reference — used solely to automatically confirm payments made towards your bills and shears
Connecting your bank is optional. We never see or store your online banking login — that is handled entirely by Akahu. We do not store credit card numbers.
Usage data
- Basic app activity to help us improve the app
- Device type and OS version
How We Use It
- To provide the core features of the app (splitting bills, tracking balances, notifying flatmates)
- To send SMS verification codes when you sign in
- To send push notifications for bill reminders and nudges (only if you allow them)
- To improve the app based on how it's used
We do not sell your data to third parties. We do not use your data for advertising.
Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Twilio | SMS verification | twilio.com/legal/privacy |
| Expo | App infrastructure and push notifications | expo.dev/privacy |
| Akahu | Open banking — reads connected bank account & transactions (only if you connect a bank) | akahu.nz/privacy-notice |
Bank Connections (Akahu)
Akahu is New Zealand's open finance platform. We use Akahu to fetch transaction data from your connected bank account so Flok can automatically confirm when a bill or shear has been paid.
What access we request. Read-only access to the account you connect: its account details and incoming transactions. We request this under an enduring consent, meaning access continues on an ongoing basis until you revoke it — this is what lets Flok keep auto-confirming payments over time rather than asking you to reconnect for each bill.
How it benefits you. Without it, you mark every payment as paid by hand and your head tenant confirms it manually. With it, payments you receive (or make) are matched automatically using a unique reference, so balances settle without anyone tapping "confirm".
You're in control. Connecting a bank is optional, and you can revoke Flok's access at any time from Settings → Bank connection → Disconnect, which immediately revokes the consent with Akahu. We also revoke it automatically if you delete your account.
Data minimisation. In line with the Privacy Act 2020, we only retain Akahu-sourced data for as long as it is reasonably required to confirm payments, and delete it when it is no longer needed.
For a full plain-English overview of bank connections, see Connecting your bank.
Data Storage
Your data is stored securely on Supabase servers, which comply with industry-standard security practices. We retain your data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days. When you disconnect your bank, your Akahu access token is revoked and your stored bank-connection data is cleared.
Your Rights
Under the New Zealand Privacy Act 2020, you have the right to:
- Access the personal information we hold about you
- Request correction of any inaccurate information
- Ask us to delete your account and associated data
To exercise any of these rights, contact us at [email protected].
Children
Flok is not intended for users under the age of 13. We do not knowingly collect information from children.
Changes to This Policy
We may update this policy from time to time. We'll notify you of significant changes via the app. The "last updated" date at the top of this page will always reflect the most recent version.
Contact
Questions? Contact us at [email protected]