Privacy Policy
This Privacy Policy describes how the Gold Price mobile application (the “app”, “we”, “us”), published by MetalFlow, handles information when you use the app.
- We do not sell, rent or share your data with advertisers.
- We do not run analytics or tracking SDKs.
- Your portfolio, alerts and settings stay only on your device.
- The only data that leaves the device is anonymous requests to the MetalFlow API used to fetch precious-metal prices.
1. Information the app processes
1.1 Stored locally on your device only
| Data | Where |
|---|---|
| Preferred currency, unit, language | AsyncStorage |
| Portfolio holdings (labels, weights) | AsyncStorage |
| Price alerts (target, direction) | AsyncStorage |
| Theme preference | AsyncStorage |
| MetalFlow API key or proxy URL / secret | expo-secure-store (OS keychain) |
This information never leaves your device and is erased if you uninstall the app or tap Settings → Clear app data.
1.2 Data sent over the network
To show live prices, the app makes HTTPS requests to the MetalFlow API (or, if you configured one, to your own Cloudflare Worker proxy). These requests contain:
- The metal symbol (e.g.
XAU) - The requested currency code (e.g.
USD) - The time range for historical charts
No personal identifier, no device ID, no IP-based tracking is added by the app. MetalFlow operates both the app and the API as a single data controller; requests are used solely to deliver the requested price data and are not joined to any user profile.
1.3 Push notifications
If you enable price alerts, the app schedules local
notifications using expo-notifications. These are
generated on your device; no notification payload is sent to an external
push service unless you explicitly enable it in a future release.
2. Permissions
| Permission | Why |
|---|---|
| Internet | Fetch live prices and historical data |
| Notifications | Deliver price alerts you set up |
| Secure Storage | Keep your API key out of plain storage |
3. Children
The app is not directed at children under 13 and does not knowingly collect data from them.
4. Your rights (GDPR / CCPA)
Because all personal data is stored locally, you can exercise your rights (access, rectify, delete) by using the in-app controls:
- Settings → Clear app data erases every piece of data the app has ever stored.
- Uninstalling the app has the same effect.
5. Security
- Secrets (API key, proxy secret) are stored in the OS-level secure keychain, not in plain JavaScript storage.
- Network traffic uses HTTPS.
- We recommend configuring the optional Cloudflare Worker proxy described in Settings so your API key is never shipped inside the app bundle.
6. Data safety disclosures (Google Play)
For Google Play's Data Safety form we declare:
- Data collected: none.
- Data shared with third parties: none.
- Data encrypted in transit: yes (HTTPS).
- You can request deletion: yes — via Settings → Clear app data or uninstall.
7. Changes
We may update this policy; the latest version always lives at https://gold.metalflowapi.com/privacy. Material changes are announced in the app's release notes.
8. Contact
Questions or requests: support@metalflowapi.com