Privacy Policy
Last updated: 1 March 2026
We built Florin to help you understand your pay. Privacy is core to that goal. This page explains, in plain language, what we access, how we use it, and how we keep it safe.
What Florin does
Florin calculates your pay entitlements under the Victorian Doctors in Training EBA. You can connect your Google Calendar, enter shifts manually, or upload a payslip PDF to compare against Florin's estimates. All processing happens on our server — nothing is shared with third parties except as described below.
Google Calendar access
When you connect your Google account, Florin requests the calendar.readonly scope —
read-only access to view event titles, start/end times, and recurrence in the calendars you authorise.
We cannot create, edit, or delete any calendar events.
Calendar data is used solely to calculate hours worked and produce your pay estimate.
It is processed in memory for the duration of your session and is never written to a database or shared with any third party.
Manual shift entry
If you use manual entry instead of Google Calendar, the shifts you enter are stored in our database linked to an anonymous session ID. No name, email, or Google account is associated with this data. You can clear your shifts at any time using the "Clear all shifts" button, which permanently deletes them.
Payslip upload
The payslip comparison feature is entirely optional. If you choose to use it, you upload a PDF payslip. That file is read into memory on our server, text is extracted from it, and the file is then immediately discarded — it is never written to disk or stored anywhere. The extracted text is then sent to OpenAI for analysis (see below).
AI processing (OpenAI)
To identify pay components in your payslip, Florin sends the extracted payslip text to OpenAI's GPT-4o-mini model. This only happens when you actively use the payslip comparison feature.
- Only the text extracted from your payslip is sent.
- OpenAI processes the request and returns a structured breakdown of pay components (ordinary pay, overtime, allowances, etc.).
- Florin does not store the payslip text or OpenAI's response after your result is displayed.
- OpenAI's use of data submitted via API is governed by OpenAI's API data usage policy. As of the date of this policy, OpenAI does not use API submissions to train its models.
Third-party services
Florin uses two external services:
- Google — OAuth 2.0 login and Calendar API (only when you choose to connect your calendar). Governed by Google's Privacy Policy.
- OpenAI — payslip text analysis (only when you choose to upload a payslip). Governed by OpenAI's API data usage policy.
We do not share your data with any other third parties, and we do not sell it or use it for advertising.
Data retention & deletion
- Google Calendar data: processed in memory only; cleared on logout, session expiry, or server restart.
- Manual shifts: stored in our database linked to your anonymous session ID; deleted immediately when you click "Clear all shifts", or when your session expires.
- Payslip PDFs: never stored; discarded immediately after text extraction.
- Payslip text sent to OpenAI: not retained by Florin after your result is shown; OpenAI's retention is governed by their API policy.
Data protection & security
- Read-only Calendar access: only
calendar.readonlyis requested; your calendar cannot be modified by Florin. - Server-side OAuth tokens: never stored in your browser; held in memory server-side and mapped to a secure random session ID.
- Secure cookies:
Secure(HTTPS-only),HttpOnly(not accessible to JavaScript), andSameSite=Lax. - CSRF protection: cryptographically secure random state values verified on return from Google OAuth.
- Transport security: all traffic between your browser, Florin, and external APIs is encrypted with TLS/HTTPS.
- Payslip validation: uploaded files are checked for PDF magic bytes and capped at 10 MB before any processing occurs.
Your control
- Revoke Google Calendar access anytime at Google Account → Security & permissions.
- Clear your manual shifts at any time using the "Clear all shifts" button.
- The payslip comparison feature is always opt-in — simply don't upload a payslip if you prefer not to use it.
- Questions? Email charliedixon49@gmail.com.
Compliance with Google API policies
Florin complies with the Google API Services User Data Policy, including the Limited Use requirements. We access, use, and retain Google user data only to provide the features described above. We do not transfer it to third parties except as necessary to provide the service, comply with law, or at your explicit direction.
Security incidents
If we become aware of a security incident affecting your information, we will notify affected users without undue delay and describe remediation steps.
Contact
For any privacy questions, email charliedixon49@gmail.com.