Privacy Policy

Last updated: January 4, 2026

At Flow, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services.

1. Information We Collect

1.1 Information You Provide

When you use Flow, you may provide us with the following information:

  • Account Information: If you choose to sign in with Google or GitHub, we receive your name, email address, and profile picture from these services.
  • Focus Data: Your focus goals, completed tasks, and notes that you enter into the extension.
  • Preferences: Your settings, including theme preferences, blocked site categories, timer durations, and widget configurations.
  • AI Provider API Keys: If you use the AI chat feature with cloud providers (ChatGPT, Claude, Gemini), your API keys are stored locally on your device and are never transmitted to our servers.
  • Chat Conversations: Your conversations with the AI assistant are stored locally on your device.

1.2 Information Collected Automatically

When you use Flow, we may automatically collect:

  • Usage Data: Focus session durations, daily statistics, and streak information to provide you with analytics.
  • Device Information: A randomly generated device identifier used solely for syncing your data across devices.
  • Technical Data: Browser type and extension version for troubleshooting and improving our service.

1.3 Tab Content for AI Context

When you use the AI chat feature and choose to "pin" a tab for context, the extension reads the text content of that webpage to provide to the AI assistant. This content:

  • Is stored locally on your device only
  • Is sent directly to your chosen AI provider (not to Flow servers)
  • Is only read when you explicitly pin a tab
  • Can be removed at any time by unpinning the tab

1.4 Information We Do NOT Collect

Flow does not collect:

  • Your browsing history
  • Content of websites you visit (unless you explicitly pin them for AI context)
  • Personal files or documents
  • Passwords or financial information
  • Your AI API keys (these stay on your device)
  • Your AI chat conversations (these stay on your device)
  • Location data beyond what's needed for weather (and only with your permission)

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Flow extension functionality
  • Sync your data across devices when you sign in
  • Display your focus statistics and streaks
  • Show weather information based on your location (with permission)
  • Display your Google Calendar events (with permission)
  • Improve and optimize our service
  • Respond to your requests or questions

3. Data Storage

3.1 Local Storage

Most of your data is stored locally on your device using Chrome's storage API. This includes your preferences, focus goals, tasks, notes, and statistics. This data remains on your device and is not transmitted to our servers unless you choose to sign in for cloud sync.

3.2 Cloud Storage

If you sign in with Google or GitHub, your data may be synced to our secure servers to enable cross-device synchronization. This data is encrypted in transit and stored securely.

4. Third-Party Services

Flow integrates with the following third-party services:

  • Google OAuth: For authentication and accessing Google Calendar with your permission.
  • GitHub OAuth: For authentication purposes.
  • Unsplash: For background images displayed in the extension.
  • Weather API: To display current weather based on your location.

4.1 AI Service Providers (Optional)

If you choose to use the AI chat feature, you may connect to the following AI providers using your own API keys:

  • Ollama: A local AI service that runs on your own computer. No data leaves your device.
  • OpenAI (ChatGPT): Cloud-based AI service. Your conversations are sent directly to OpenAI's servers.
  • Anthropic (Claude): Cloud-based AI service. Your conversations are sent directly to Anthropic's servers.
  • Google (Gemini): Cloud-based AI service. Your conversations are sent directly to Google's servers.

Important: When using cloud AI providers, your chat messages and any pinned tab content are sent directly from your browser to the AI provider. Flow does not proxy, store, or have access to these conversations. Each AI provider has its own privacy policy governing how they handle your data. Your API keys are stored locally on your device and are never transmitted to Flow servers.

Each of these services has its own privacy policy, and we encourage you to review them. We only request the minimum permissions necessary for the features you choose to use.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • With your consent
  • To comply with legal obligations
  • To protect our rights or the safety of users
  • With service providers who assist in operating our service (under strict confidentiality agreements)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • HTTPS encryption for all data transmission
  • Secure authentication using OAuth 2.0
  • Regular security audits and updates
  • Limited access to personal data by authorized personnel only

7. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Export: Export your data using the built-in export feature in Settings
  • Withdraw Consent: Disconnect Google or GitHub accounts at any time

To exercise these rights, you can use the settings within the extension or contact us directly.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

9. Your Responsibilities

By using Flow, you acknowledge and agree that:

  • You are solely responsible for the content you enter into Flow (todos, notes, focus goals)
  • You should not store sensitive, confidential, or personally identifiable information of others in Flow
  • You are responsible for maintaining the security of your own devices and accounts
  • You use the Service at your own risk and discretion
  • You are responsible for complying with any applicable laws in your jurisdiction
  • Any data you choose to sync to our servers is done voluntarily and at your own discretion

10. Data Accuracy and Backups

We do not guarantee the accuracy, completeness, or availability of your data. You are responsible for maintaining your own backups of any important information. We recommend using the export feature in Settings to periodically backup your data. We are not liable for any data loss.

11. Children's Privacy

Flow is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: