# Privacy Policy **Last updated: February 19, 2026** This Privacy Policy explains how Flowingto ("Flowingto", "we", "us", or "our") collects, uses, discloses, and retains information when you use our website (`flowingto.com`) and Chrome extension. ## Scope This policy applies to: - The Flowingto web application and related APIs - The Flowingto Chrome extension - Support and account communications with us ## Information We Collect We collect the following categories of information: - **Account and profile information:** Name, email address, profile image, authentication provider, and workspace membership details. - **Content you create or upload:** Screenshots, image assets, titles, annotations, comments, and flow diagrams. - **Authentication and session data:** Session and security cookies required to sign in and keep your account secure. - **Preferences and local settings:** Web and extension preferences stored on your device, including selected workspace/collection, capture size, theme, and locale. - **Support communications:** Information you provide when contacting us (for example, by email). ## Chrome Extension Permissions The Flowingto Chrome extension requests only the permissions needed to capture and upload screenshots: - **`activeTab`:** Accesses the active tab when you trigger a capture. - **`scripting`:** Runs scripts to measure page dimensions and control scrolling for full-page capture. - **`debugger`:** Temporarily attaches Chrome DevTools Protocol to emulate supported capture resolutions (for example, 1440x1024 and 1920x1080) and then detaches after capture. - **Host permission `https://flowingto.com/*`:** Allows authenticated API requests between the extension and Flowingto services. We do not use these permissions to sell personal information or to serve third-party advertising. ## How We Use Information We use information to: - Provide and operate the service - Authenticate users and manage account security - Save, process, and serve uploaded content - Support collaboration features inside workspaces - Provide customer support and service communications - Detect abuse, enforce terms, and comply with legal obligations ## How We Disclose Information We may disclose information in the following situations: - **Service providers (processors):** - Cloudflare R2 (file/object storage for uploaded assets) - Resend (transactional emails such as verification and account emails) - Google OAuth (identity provider when you choose Google sign-in) - **Workspace sharing:** Content is visible to users you collaborate with in the same workspace, based on your sharing and membership settings. - **Legal and safety reasons:** If required by law, legal process, or to protect rights, safety, and security. - **Business transfers:** In connection with a merger, financing, acquisition, reorganization, or sale of assets. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. ## Cookies and Local Storage We use cookies and local storage for essential functionality and preferences: - **Essential cookies:** Sign-in, session continuity, and security. - **Preference cookies:** Settings such as theme and language. - **Local storage:** Workspace/collection selections and extension capture preferences stored on your device. You can manage cookie settings in your browser, but disabling essential cookies may prevent core features from working. ## Data Retention We retain personal information for as long as needed to provide the service and for legitimate business or legal purposes. In general: - Account and workspace data are retained while your account is active. - You can delete content from the app. - You can request account deletion and associated data removal by contacting us. - Some data may remain in backups or logs for a limited period until routine deletion cycles complete. ## Your Privacy Rights Depending on where you live, you may have rights to: - Access the personal information we hold about you - Correct inaccurate personal information - Request deletion of personal information - Receive a portable copy of certain data - Object to or request restriction of certain processing To exercise rights, contact us at `hi@flowingto.com`. We may need to verify your identity before processing certain requests. We will respond within the time required by applicable law. ## International Transfers Flowingto is operated in the United States and may process data in the United States or other countries where our service providers operate. ## Children's Privacy Flowingto is not directed to children under 13, and we do not knowingly collect personal information from children under 13. ## Security We use reasonable technical and organizational safeguards to protect personal information. No method of transmission or storage is completely secure. ## Changes to This Policy We may update this policy from time to time. If we make material changes, we will update the "Last updated" date and, where required, provide additional notice. ## Contact If you have privacy questions or requests, contact us at `hi@flowingto.com`.