Privacy Policy

What we collect

• Account data: your email address and authentication tokens (via Supabase Auth).
• Flow data: the flows you build — nodes, edges, prompts, and run history.
• API keys: keys you connect (OpenAI, Anthropic, Slack, etc.) are encrypted at rest in our vault. They never appear in your browser after you save them.
• Usage metrics: run counts, errors, and anonymized product analytics (PostHog, opt-in only).

How we use it

• To run your flows when you click Run or when a schedule fires.
• To enforce free tier quotas and billing for paid plans.
• To diagnose errors and improve the product.

Your flow data is never used to train any AI model.

Third parties

We use these services to operate Flowra:

• Supabase — database, authentication, and encrypted key vault.
• Railway — backend hosting.
• Vercel — frontend hosting.
• Stripe — payment processing (when you subscribe).
• PostHog — product analytics (opt-in only).

When you run a flow, the content of that run is sent directly to the LLM provider whose API key you configured (OpenAI, Anthropic, Google, etc.) under their terms. We pass the request through without intercepting or storing the content beyond your own run history.

What we don't do

• We do not sell your data. To anyone. Ever.
• We do not use your flow content to train AI models.
• We do not read your stored API keys after encryption.

Your rights

You can export your flows, delete your account, or revoke any connected OAuth provider at any time from the settings page. Deletion is permanent.

Contact

Questions or concerns? Email markovstudiollc@gmail.com.