Privacy Policy
Last updated: 9/1/2025
1. Who we are
FlowGenie is a personal project operated by Perry Ratcliff ("we", "us"). For any privacy questions, contact perryratcliff@gmail.com.
2. What this policy covers
This policy explains what we collect, how we use it, who we share it with, and your choices. It applies to the FlowGenie app and website.
3. Data we collect
We collect and process the following categories of data:
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Account | Name, email, profile image; OAuth account metadata | Create/manage your account; authentication | While account is active; deleted upon account deletion |
| Workspace | Workspace name, members, roles, invites | Collaborative access control and project organization | While workspace exists; deleted when you delete/leave as applicable |
| Flows | Flow name, configuration, backups, runs (request/response logs, timing) | Provide flow building/execution; debugging and reliability | While flow exists; execution logs retained as needed for debugging |
| Forms | Form config and submissions (answers JSON); visibility settings | Collect and manage submissions; analytics; spam prevention | While form exists; submissions retained until you delete the form/submissions |
| Files | File metadata (name, type, URL, key), storage location | Enable uploads for forms/flows/pages | While file remains in workspace; deleted when you delete the file |
| API keys | Plaintext workspace API key value and label | Authenticate API requests | While key is active; deleted when you revoke it |
| Billing | Stripe customer ID, subscription status, invoices (via Stripe) | Process payments and manage subscriptions | As required for tax/accounting; Stripe retains records per their policy |
| System logs | Server logs, error logs, performance metrics (via Axiom) | Security, debugging, service quality | Short-term operational retention; aggregated insights may persist |
| Emails | Magic link authentication emails (via Resend) | Authenticate users and provide account-related notices | As needed to deliver the email; logs retained by provider per their policy |
4. Sources and processors
We receive data directly from you and through integrations. We use the following processors:
- Hosting/CDN: Vercel
- Database: PlanetScale (MySQL/Prisma)
- Caching/Queues: Upstash Redis, Upstash QStash
- File uploads: UploadThing
- Payments: Stripe
- Email: Resend
- Authentication: NextAuth (GitHub, Discord, Email)
- Realtime: PartyKit
- Observability: Axiom
- AI Providers: OpenAI, Anthropic (via SDKs)
5. How we use data
- Provide, operate, and improve the Service
- Authenticate and secure accounts
- Process payments and manage subscriptions
- Provide support and communicate about the Service
- Prevent abuse and enforce Terms
- Analyze usage to improve reliability and performance
6. International transfers
Data may be processed in the United States and other locations where our processors operate. If you are in the EU/UK, we rely on appropriate safeguards (e.g., SCCs) provided by our processors for international transfers.
7. Your rights
Depending on your location, you may have rights to access, correct, delete, or export your data. To make a request, email perryratcliff@gmail.com. We will respond within 30 days where required by law.
8. Data retention
We retain data as described in the table above. You can delete forms, submissions, files, flows, API keys, and workspaces from within the app; related data will be deleted or anonymized accordingly. Backup copies and logs may persist for a limited period.
9. Children
The Service is not directed to children under 13 (or under 16 in the EU/UK), and we do not knowingly collect personal data from them.
10. Changes
We may update this policy from time to time. If changes are material, we will take reasonable steps to notify you (e.g., posting on the site or via email). Your continued use of the Service after changes become effective constitutes acceptance.