Privacy Policy

1. Introduction

Flow33, operated by Nitrotech Inc. (a Delaware corporation), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our AI-powered content generation platform. By using our service, you consent to the practices described in this policy. The data controller for your personal information is Nitrotech Inc., incorporated in Delaware, United States. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Information We Collect

We collect information you provide directly to us, information we gather automatically, and information from third-party sources:

• Account Information: Name, email address, hashed password, and profile information
• Content Data: Your prompts, workflow configurations, and generated content (images, videos, text). This data is stored securely and used only to provide services to you.
• Technical Data: IP address, browser type, device information, operating system, and usage analytics collected through cookies and similar technologies
• Communication Data: Support messages, feedback, feature requests, and correspondence with our team
• Payment Information: Credit card details, billing addresses, and transaction history. Payment data is processed securely by our payment provider (Stripe) and we do not store full credit card numbers.
• Usage Metrics: Credit consumption, API usage patterns, feature utilization, and workflow execution data

4. How We Use Your Information

We use your information to provide, improve, and protect our services:

• Provide AI content generation services, workflow execution, and platform functionality
• Process payments, manage credits, and handle billing through Stripe
• Improve platform performance, user experience, and service reliability (not AI model training)
• Provide customer support and respond to your inquiries
• Send service updates, security alerts, and promotional communications (you can opt out of marketing emails)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service

5. Information Sharing and Third-Party Services

We do not sell your personal information. We share your information only with trusted service providers who help us operate our platform:

Other Circumstances:

• When required by law, court order, or to respond to legal requests from authorities
• To protect our rights, property, or safety, or that of our users or the public
• In connection with a business transaction such as a merger, acquisition, or sale (you will be notified)
• With your explicit consent for specific purposes

6. Data Security

We implement comprehensive security measures to protect your information:

• TLS/SSL Encryption: All data transmission between your device and our servers is encrypted using industry-standard TLS
• Encrypted Storage: Data at rest is encrypted in our databases and file storage systems
• Access Controls: Strict role-based access controls limit who can access user data internally
• Authentication: Secure Firebase Authentication with support for email/password and social login
• Regular Security Audits: We conduct regular security reviews and updates to protect against vulnerabilities
• Secure Payment Processing: Payment data is handled by PCI-DSS compliant provider Stripe

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. Please use strong passwords and enable two-factor authentication when available.

7. Data Retention

We retain your information for specific periods based on the type of data and legal requirements:

• Account Data: Retained while your account is active and for 30 days after account deletion (to allow recovery)
• Generated Content: Retained while your account is active. Deleted 30 days after account deletion unless you choose to delete earlier.
• Payment Records: Retained for 7 years to comply with tax and financial regulations
• Usage Analytics: Anonymized usage data may be retained indefinitely for platform improvement
• Support Communications: Retained for 3 years to maintain support history and improve service quality

You may delete your account at any time from your settings. Upon deletion, we will permanently delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Privacy Rights

Depending on your location (especially if you're in the EU, UK, or California), you have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Deletion: Request deletion of your personal information (subject to legal exceptions)
• Right to Portability: Request a copy of your data in a structured, machine-readable format (JSON/CSV)
• Right to Object: Object to processing of your information for direct marketing or certain other purposes
• Right to Restrict Processing: Request limitation of how we process your information
• Right to Withdraw Consent: Withdraw consent for data processing where we rely on consent (e.g., marketing emails)

How to Exercise Your Rights: To exercise these rights, please email us at privacy@flow33.io. We will respond within 30 days (or as required by applicable law). You may need to verify your identity before we can fulfill your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, maintain sessions, and analyze platform usage. Here are the specific cookies we use:

• Essential Cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our platform to improve user experience (e.g., Google Analytics if enabled)
• Preference Cookies: Remember your settings, language preferences, and customization choices

You can control cookie settings through your browser preferences. Most browsers allow you to refuse cookies or delete existing ones. However, disabling essential cookies will prevent you from using core features of our platform. You can typically find cookie controls in your browser's settings under 'Privacy' or 'Security'.

10. Third-Party Services and Links

Our platform integrates with the following third-party services, each with their own privacy policies:

• Google Cloud Platform & Firebase (https://policies.google.com/privacy)
• Stripe Payment Processing (https://stripe.com/privacy)
• Google Vertex AI (https://cloud.google.com/terms/cloud-privacy-notice)
• Vercel Hosting (https://vercel.com/legal/privacy-policy)

Our platform may contain links to third-party websites or services (e.g., YouTube for video uploads). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. International Data Transfers

Flow33 is operated from the United States, and we use service providers located in various countries. Your information may be transferred to and processed in the United States and other countries that may have different data protection laws than your country of residence. We ensure appropriate safeguards are in place to protect your information during international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EU/EEA
• Compliance with Privacy Shield principles where applicable
• Use of service providers that comply with GDPR and other international data protection standards

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data we've collected, disclosed, or sold in the past 12 months
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Opt-Out: We do not sell personal information, but you can opt out if this changes
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, email privacy@flow33.io or call our support line. We will verify your identity and respond within 45 days as required by law.

13. Children's Privacy

Flow33 is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@flow33.io. If we become aware that we have collected information from a child under 18, we will take immediate steps to delete that information from our systems.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Sending an email to the address associated with your account
• Displaying a prominent notice on our platform or website
• Updating the 'Last Updated' date at the top of this policy

Your continued use of Flow33 after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically. If you do not agree to changes, you may close your account.