Privacy Policy - IdeaFlow

📋 Key Summary

Data Collection

We collect your note content, metadata, and usage statistics

AI Processing

Using OpenAI/OpenRouter for tag generation and semantic analysis

Third-Party Services

Notion (sync), AssemblyAI (voice transcription)

Data Retention

Retained while account is active, fully deleted 30 days after deletion request

User Rights

Access, export, correct, delete (full GDPR rights)

Cookie Usage

Only essential session cookies, no third-party tracking

1. Data Collection

We collect the following types of information:

Account Information: Name, email address
Note Content: Text you create, voice recordings, images
Metadata: Creation time, modification time, tags
Usage Statistics: Feature usage frequency, AI processing count
Device Information: Browser type, operating system (anonymized)

2. AI Processing

IdeaFlow uses artificial intelligence technology to enhance your note-taking experience. Here's how we use AI:

Tag Generation: Analyzes note content to automatically generate relevant tags
Semantic Search: Generates vector embeddings to support intelligent search
Voice Transcription: Converts voice recordings to text
Relationship Discovery: Identifies connections between notes

⚠️ Important:You can revoke AI processing authorization at any time in Settings → Privacy. After revocation, new notes will no longer be processed by cloud AI.

3. Data Processors

We work with the following third-party service providers to process your data:

Provider	Purpose	Location	DPA
Supabase	Database Hosting	USA	View DPA
OpenRouter	AI Processing Gateway	USA	View DPA
OpenAI	Tag Generation, Semantic Analysis	USA	View DPA
AssemblyAI	Speech-to-Text	USA	View DPA
Notion	Note Synchronization	USA	View DPA
Cloudflare	CDN, R2 Storage	Global	View DPA

✅ All processors comply with the EU-US Data Privacy Framework. We only work with service providers who have signed a DPA (Data Processing Agreement).

4. Your Rights

Under GDPR and other applicable regulations, you have the following rights:

Right of Access: Obtain a copy of your data we hold
Right to Rectification: Correct inaccurate personal information
Right to Erasure: Request deletion of your personal data
Right to Portability: Export your data in a common format
Right to Object: Object to certain types of data processing
Right to Withdraw Consent: Withdraw consent previously given at any time

To exercise these rights, please visit Settings → Privacy & Security or email privacy@ideaflow.com.

5. Data Security

We take the following measures to protect your data:

Transport encryption (TLS 1.3)
Encryption at rest (AES-256)
End-to-end encryption option (Tier 2 encryption mode)
Regular security audits
Multi-factor authentication support
Strict access controls

6. Data Retention

Active Accounts: Data is retained while the account is active
Account Deletion: Fully deleted within 30 days after deletion request
AI Processing Logs: Retained for 90 days for billing and auditing
Backup Data: Automatically cleared during regular backup rotation

7. Policy Updates

We may update this Privacy Policy from time to time. For significant changes, we will:

Display an in-app notification
Send an email notification
Require you to re-confirm consent (for major changes)

8. Contact Us

If you have any questions about this Privacy Policy, please contact us:

📧 Email: privacy@ideaflow.com
🏢 Company: IdeaFlow, Inc.