Privacy Policy

Account data: name, email address, and password (hashed) when you create an account. If you sign in with Google, we receive your name, email address, and profile picture from Google solely to create and identify your Flowly account.

Google Calendar data (optional, only if you connect Google Calendar): event titles, start/end times, and event IDs for events within the next 30 days. We do not access event descriptions, attendees, attachments, or any other calendar data beyond what is necessary for sync.

Usage data: tasks, time entries, projects, and settings you create within the Service.

Analytics data: anonymized usage patterns (pages visited, feature usage) to improve the Service. We do not sell your data to any third party.

We use your information solely to provide and maintain the Service. Specifically:

• Account data is used to authenticate you and operate your account
• Google Calendar data is used exclusively to sync events with your Flowly tasks (import events as tasks, push tasks as calendar events)
• Payment data is processed by PayPro Global to fulfill subscriptions
• Email address is used to send transactional emails (password resets, billing receipts, task reminders you opt into)

We do not use your data for advertising, targeted marketing, profiling, selling to data brokers, or training AI/ML models. Flowly's AI task suggestions operate on your own task data only and do not use any Google user data.

We do not sell, share, transfer, or disclose your Google user data (including Google account information and Google Calendar data) to any third party, except:

• As required by law or valid legal process
• To protect the rights, property, or safety of Flowly or its users

We do not transfer Google user data to third parties for advertising, analytics resale, credit scoring, or any purpose unrelated to providing the Flowly calendar sync feature.

Your data is stored on secure servers (AWS) with encryption at rest and in transit (TLS/HTTPS). We implement industry-standard security measures including bcrypt-hashed passwords, JWT authentication, and access controls. Google OAuth tokens are stored encrypted and used only to perform calendar sync on your behalf. We conduct regular security reviews of our infrastructure.

Flowly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

The use of information received from Google Calendar APIs is limited to:

• Providing the calendar sync feature directly to you
• Improving the calendar sync feature's reliability and performance

We do not use Google Calendar data to serve advertisements, build user profiles, train generalized AI or ML models, or for any purpose beyond operating the calendar sync feature you explicitly enabled. Google Calendar access is entirely optional. You can disconnect at any time from Settings, which immediately revokes our access and deletes all stored Google tokens.

Flowly uses Groq to power AI features such as smart task suggestions and AI-assisted task creation. When you use these features, the relevant task data (e.g. task titles and descriptions) is sent to Groq's API solely to generate a response and is not used for any other purpose.

• Groq does not store your data beyond the duration of the API request
• No Google user data is ever sent to Groq
• AI features are entirely optional and can be disabled in Settings

For more information, see Groq's Privacy Policy.

We use the following third-party services, each with their own privacy policy:

• Google OAuth — for authentication (sign in with Google)
• Google Calendar API — for optional calendar sync (user-initiated only)
• Groq — for AI-powered features (see section 6 above)
• PayPro Global — for payment processing
• AWS — for infrastructure and data storage

We share only the minimum data required for these services to function. No Google user data is shared with Groq, PayPro Global, or AWS beyond what is inherent in hosting our service.

We use essential cookies for authentication and session management only. We do not use advertising, tracking, or third-party analytics cookies.

Your account data and Google tokens are retained as long as your account is active. Google Calendar tokens are deleted immediately when you disconnect your calendar from Settings. When you delete your account, all associated data — including any stored Google tokens and synced calendar data — is permanently deleted within 30 days. You may request deletion of your data at any time by contacting us at max@flowly.run.

You have the right to: access your data, export your data (available in Settings), correct inaccurate data, and delete your account and all associated data including any Google user data we hold. To exercise these rights, use the Settings page or contact us at max@flowly.run.

The Service is not intended for users under 16. We do not knowingly collect data from children under 16.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

Privacy questions? Contact us at max@flowly.run.