Privacy Policy

1. Introduction

EmergentFlow ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Email address
• Password (hashed, never stored in plain text)
• Google account ID (if using Google Sign-In)

2.2 Usage Data

We automatically collect:

• API usage statistics (token counts, request counts)
• Feature usage patterns
• Error logs for debugging
• Last active date

2.3 Flow Data

• Free users: Flows are stored in your browser's local storage. We do not have access to this data.
• Pro users: Flows saved to the cloud are stored in our database.
• Shared flows: Public flows are accessible to anyone with the link.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We receive only:

• Stripe customer ID
• Subscription status
• Payment confirmation

3. Information We Do NOT Collect

• Your API Keys: BYOK (Bring Your Own Key) credentials are stored only in your browser's local storage or cookies. They are never sent to or stored on our servers.
• AI Conversation Content: We do not log or store the content of your AI prompts or responses.
• Third-Party Credentials: Passwords for email, Twilio, or other integrations are stored locally in your browser.

4. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Process subscriptions and payments
• Enforce usage limits and prevent abuse
• Send important account notifications
• Improve our Service based on usage patterns
• Respond to support requests

5. Data Sharing

We do NOT sell your personal information. We may share data with:

5.1 Service Providers

• Stripe: Payment processing
• Google: Authentication (OAuth) and AI services
• Render.com: Hosting infrastructure
• Firebase: Community gallery storage

5.2 Legal Requirements

We may disclose information if required by law or to protect our rights, safety, or property.

6. Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data in transit
• Password hashing using secure algorithms
• Database access controls and monitoring
• Regular security updates

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

• Account data: Retained while your account is active
• Flow data: Retained until you delete it or your account
• Usage logs: Retained for up to 90 days
• Deleted accounts: Data purged within 30 days of deletion

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your flows as JSON files
• Opt-out: Unsubscribe from non-essential emails

To exercise these rights, contact us at support@emergentflow.io

9. Cookies

We use essential cookies for:

• Authentication and session management
• Storing your preferences and settings
• Storing BYOK API keys (your browser only)

We do not use third-party tracking cookies or advertising cookies.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us.

11. International Users

Our servers are located in the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Your continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or requests:

support@emergentflow.io