Legal
Privacy Policy
Effective Date: June 1, 2026 · Last Updated: June 1, 2026
1. Who We Are
FlowFrame ("FlowFrame," "we," "us," or "our") is a software-as-a-service product owned and operated by FLOWFRAME LLC, a Michigan limited liability company. We provide an AI-powered workflow generation tool accessible at flowframeapp.com.
If you have any questions about this Privacy Policy, contact us at: elwoodcello@gmail.com
2. Information We Collect
We collect the minimum information necessary to provide FlowFrame's services:
- Account information: Your email address and a hashed (encrypted) version of your password when you create an account. We never store your password in plain text.
- Project data: The workflow names, descriptions, nodes, and edges you create inside FlowFrame. This content is yours.
- Usage data: Basic usage information such as when you logged in and how many AI messages you have sent today. We do not build detailed behavioral profiles.
- Payment information: We do not store credit card numbers or banking details. All payment processing is handled by Stripe, Inc., which is PCI-DSS Level 1 compliant. We store only your Stripe customer ID and subscription status.
- AI input: Text you send to the FlowFrame AI assistant is forwarded to Google's Gemini API to generate a response. We do not persistently store your AI conversation history on our servers beyond your active session.
3. How We Use Your Information
- To create and maintain your account
- To save and sync your workflow projects across sessions
- To process subscription payments through Stripe
- To send transactional emails (account verification, password reset) via Resend
- To enforce plan limits (free vs. Pro) and prevent abuse
- To improve the reliability and performance of FlowFrame
We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4.
4. Third-Party Services
FlowFrame uses the following trusted third-party services to operate:
- Stripe — payment processing and subscription management. Stripe's privacy policy applies to payment data: stripe.com/privacy
- Google Gemini API — AI response generation. Your AI messages are sent to Google's servers for processing. Google's terms apply: policies.google.com/privacy
- Resend — transactional email delivery (password resets, welcome emails)
- Render — cloud hosting and database storage. Your data resides on Render's servers located in the United States
We only share the minimum data required for each service to function. We do not sell or rent your data to any third party for marketing purposes.
5. Data Security
- All data is transmitted over HTTPS/TLS encryption
- Passwords are hashed using bcrypt before storage — they cannot be reversed or read by anyone, including us
- Authentication uses JSON Web Tokens (JWT) with expiration
- Your database is hosted on a private, non-publicly-accessible server
- API endpoints are rate-limited to prevent abuse
No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you by email as soon as reasonably practicable.
6. Data Retention
We retain your account information and project data for as long as your account is active. If you delete your account, all associated data — including your email address, hashed password, and all project data — is permanently deleted from our systems within 30 days. Stripe may retain transaction records as required by law.
7. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and all associated data. You can do this directly from your profile settings inside the app, or by emailing elwoodcello@gmail.com
- Portability: Export your workflow data at any time using the JSON export feature inside FlowFrame
- Objection: Object to certain uses of your data
To exercise any of these rights, contact us at elwoodcello@gmail.com. We will respond within 30 days.
8. Children's Privacy
FlowFrame is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at elwoodcello@gmail.com.
9. Cookies and Tracking
FlowFrame uses browser localStorage to store your authentication token and workflow data locally on your device. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. We do not track you across other websites.
10. International Users
FlowFrame is operated from the United States. If you access FlowFrame from outside the United States, your data will be transferred to and processed in the United States. By using FlowFrame, you consent to this transfer. We apply the same data protection standards to all users regardless of location.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will notify you by email. Continued use of FlowFrame after changes constitutes your acceptance of the updated policy.
12. Contact Us
For any privacy-related questions or requests: