Privacy Policy

v1.0Last updated: January 27, 2026Effective: January 27, 2026
Privacy at a glance

Encrypted by default

Credentials are encrypted with AES-256, and all traffic uses TLS.

No data sales

We never sell personal information or share it for advertising.

You stay in control

Disconnect integrations or delete your account anytime.

Information we collectSecurity & storageData sharingYour rightsContact

1. Introduction

Welcome to ChatToFlow ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workflow automation platform and related services (collectively, the "Service").

By accessing or using ChatToFlow, you agree to this Privacy Policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials when you register via email, Google, or GitHub OAuth.
  • Payment Information: Billing details processed through our payment provider (Polar/Stripe). We do not store complete credit card numbers.
  • Workflow Data: Workflows you create, including node configurations, triggers, and execution logic.
  • Credentials: API keys and OAuth tokens for third-party integrations (stored encrypted).
  • Content: Messages, files, and data processed through your workflows.

2.2 Information Collected Automatically

  • Usage Data: Workflow execution counts, feature usage, and interaction patterns.
  • Device Information: Browser type, IP address, device identifiers, and operating system.
  • Log Data: Error logs, performance metrics, and debugging information.
  • Cookies: Session management and preference storage.

2.3 Information from Third-Party Integrations

When you connect third-party services, we receive:

  • OAuth tokens and refresh tokens
  • Data necessary to execute your workflows (e.g., emails, messages, files, calendar events, tasks)
  • User identifiers from connected platforms

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Execute workflows, process integrations, and deliver automation features.
  • Authenticate Users: Manage accounts via Better Auth with Google and GitHub OAuth.
  • Process Payments: Handle subscriptions through Polar.
  • Improve the Service: Analyze usage patterns, fix bugs, and develop new features.
  • Communicate: Send service updates, security alerts, and (with consent) marketing communications.
  • Ensure Security: Detect fraud, prevent abuse, and protect user data.
  • Provide Support: Respond to inquiries and troubleshoot issues.

4. Third-Party Services and Integrations

ChatToFlow integrates with numerous third-party services. When you use these integrations, your data may be processed by:

Integration transparency

We only request the permissions required to run the workflows you configure.

Review before connecting

You'll always see the data scope and can revoke access anytime.

AI Providers

  • OpenAI (GPT models, DALL-E)
  • Anthropic (Claude models)
  • Google (Gemini models)
  • Groq
  • HuggingFace
  • OpenRouter

Communication Platforms

  • Telegram
  • Discord
  • Slack
  • Zalo
  • WhatsApp
  • Instagram (Meta Graph API)
  • Gmail
  • Outlook

Productivity Tools

  • Google Workspace (Drive, Gmail, Calendar, Docs, Sheets)
  • Notion
  • Todoist
  • Trello
  • GitHub

Infrastructure Services

  • Vercel (hosting and blob storage)
  • Neon (PostgreSQL database)
  • Inngest (workflow execution)
  • Sentry (error monitoring)

Important: Each third-party service has its own privacy policy. We encourage you to review their policies. We are not responsible for third-party privacy practices.

5. Data Storage and Security

Security highlights

AES-256 encryption for credentials
TLS for all data in transit
Access controls with Better Auth

5.1 Encryption

  • Credentials at Rest: All API keys and OAuth tokens are encrypted using AES-256 encryption (via Cryptr library) before storage.
  • Data in Transit: All communications use TLS/HTTPS encryption.
  • Database: Hosted on Neon PostgreSQL with SSL/TLS connections.

5.2 Security Measures

  • Encrypted credential storage
  • OAuth 2.0 for third-party authentication
  • Regular security audits
  • Access controls and authentication via Better Auth
  • Error monitoring via Sentry

5.3 Data Retention

  • Account Data: Retained while your account is active and for a reasonable period after deletion.
  • Workflow Execution Logs: Retained for 30 days unless otherwise specified.
  • Credentials: Deleted when you remove the integration or delete your account.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data:

  • With Your Consent: When you explicitly authorize sharing.
  • To Execute Workflows: Data is transmitted to third-party services as configured in your workflows.
  • Service Providers: With vendors who assist in providing the Service (hosting, analytics, payment processing).
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with mergers, acquisitions, or asset sales.
  • Safety: To protect the rights, safety, and property of ChatToFlow, users, or others.

7. Your Rights and Choices

Depending on your jurisdiction, you may have rights including:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate information.
  • Deletion: Request deletion of your account and data.
  • Portability: Export your workflows and data.
  • Opt-Out: Unsubscribe from marketing communications.
  • Revoke Consent: Disconnect third-party integrations at any time.

To exercise these rights, contact us at chattoflow.ai@gmail.com.

8. Cookies and Tracking

We use cookies for:

  • Essential Functions: Authentication and session management (e.g., theme preferences stored as "chatoflow-theme").
  • Analytics: Understanding usage patterns (if applicable).

You can control cookies through your browser settings, though this may affect Service functionality.

9. Children's Privacy

ChatToFlow is not intended for users under 16 years of age. We do not knowingly collect information from children. If you believe a child has provided us data, please contact us.

10. International Data Transfers

Your data may be processed in countries other than your own, including the United States and countries where our service providers are located. We ensure appropriate safeguards are in place for international transfers.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

Version history and significant changes will be reflected in the version number at the top of this document.

12. Contact Us

For privacy inquiries or to exercise your rights:

13. Additional Disclosures

For California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt out of sales (we do not sell data).

For EU/EEA Residents (GDPR)

Our legal bases for processing include: contract performance, legitimate interests, consent, and legal compliance. You may lodge complaints with your local data protection authority.