Skip to main content

🔒 Privacy Policy

Effective Date: March 15, 2026

FlowChat is engineered as a private-first AI workspace. This policy provides the technical and operational facts regarding how data is handled within the FlowChat ecosystem.

1. Data Sovereignty and Storage

The core principle of FlowChat is that your data remains under your exclusive control.

  • Infrastructure: FlowChat is designed to be deployed within your own secure perimeter (on-premises or private cloud).
  • Database Storage: All chat histories, Markdown notes, and document metadata are stored in your organization's designated database.
  • No Multi-Tenancy Co-mingling: Your data is isolated within your instance and is never co-mingled with data from other organizations.
  • Encryption: Data is encrypted at rest using AES-256 and in transit using TLS 1.3.

2. Model API Interactions (Third-Party Providers)

When you interact with AI models, FlowChat acts as a secure orchestrator.

  • Transmission: Prompts are sent directly from your instance to the selected model provider via encrypted channels.
  • No Intermediate Storage: FlowChat does not store a copy of your prompts on any central "FlowChat server" during transmission.
  • Training Opt-Out: FlowChat utilizes Enterprise-tier API configurations which, by default, prohibit the use of customer data for training global AI models.

3. Information We Collect (Facts)

FlowChat collects only the minimum technical data required for platform operation:

  • Authentication Data: Managed securely through Google OAuth or email and password. We store your unique user ID and email to manage workspace access.
  • Usage Metadata: For all users, the platform tracks token usage and costs. This data is sent to us to make sure that we can provide you with the best possible service. All your chats remain private and are not shared with us.

4. Absolute Exclusions (What We Never Do)

  • No Data Harvesting: We do not "phone home" with your conversation content, notes, or uploaded files.
  • No Employee Access: We have no technical means to view your private workspace data.
  • No Telemetry in Platform: The FlowChat platform itself (authenticated session) contains zero external telemetry, tracking, or analytics.
  • No Training: We never use, and have no access to use, your data for model training.

5. User Control and Portability

  • Multi-Format Export: You can export your data at any time in JSON, Markdown, or PDF formats.
  • Permanent Deletion: Deleting a chat or note initiates a hard delete in the database. No shadow copies or residual backups are maintained by the platform after a deletion is confirmed.
  • RBAC: Access is governed by fine-grained Role-Based Access Control to ensure only authorized personnel within your organization can view specific data.

For technical inquiries regarding our privacy architecture, please contact [email protected].