Privacy Policy

1. Introduction

FlashFlow AI (“we,” “us,” or “Company”) operates flashflowai.com and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using FlashFlow AI you consent to the practices described here.

2. Information We Collect

Information You Provide

• Account data — name, email address, password
• Product information you input for script generation
• Audience personas and customer archetypes you create
• Scripts, winners, and other content you save
• Payment details (processed securely by Stripe; we never store card numbers)
• Support messages, feedback, and survey responses

Information Collected Automatically

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, session duration, and referring URLs
• Cookies and similar tracking technologies (see Section 6)
• Usage metrics — scripts generated, transcriptions run, videos created

3. How We Use Your Information

• Provide, operate, and improve the Service
• Process transactions and send invoices via Stripe
• Personalize your experience (e.g., AI recommendations)
• Send service announcements, product updates, and onboarding emails
• Respond to support requests
• Analyze usage patterns to improve features and performance
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations
• Send marketing communications (only with your opt-in consent)

4. Third-Party Services

We share data only as necessary to operate the Service. We do not sell your personal information. The third-party services we use include:

• Stripe — payment processing. Stripe receives your billing details and is governed by Stripe’s Privacy Policy.
• Supabase — database hosting and authentication. Data is stored in Supabase’s SOC 2-compliant infrastructure.
• TikTok API — video importing, transcription, and performance data retrieval. We access only the data you authorize.
• Anthropic & OpenAI — AI model providers used for script generation. Prompts may include your product data; outputs are returned to you and not used to train third-party models.
• Vercel — application hosting and edge delivery.
• Google Analytics / Meta Pixel / TikTok Pixel — anonymized website analytics and ad-campaign measurement.

We may also disclose information when required by law, in response to valid legal process, or to protect our rights, property, or safety.

4b. Connected Platform Accounts

When you connect third-party accounts (such as TikTok, TikTok Shop, or other platforms), we access only the data and permissions you explicitly authorize during the connection flow.

• OAuth tokens and API credentials are encrypted at rest and in transit
• Access tokens are used solely to provide the features you requested (e.g., draft export, analytics retrieval, product sync)
• You may disconnect any linked account at any time from your settings, which revokes our access
• We do not access connected accounts beyond the scopes you authorized

4c. Uploaded Media & Generated Content

Media you upload (images, videos, audio) and content generated through the Service (scripts, video renders, voiceovers) are stored securely and associated with your account. This content is used only to provide the Service to you. Upon account deletion, uploaded media and generated content are permanently removed per our data retention policy.

5. Data Security

• All data in transit encrypted with TLS 1.2+
• Passwords hashed with bcrypt
• Row-level security (RLS) enforced at the database layer
• API keys stored with one-way hashing
• Regular dependency audits and security patches

No system is perfectly secure. We take commercially reasonable steps to protect your data but cannot guarantee absolute security.

6. Cookies & Tracking

We use cookies and similar technologies to:

• Essential cookies — maintain your login session and CSRF protection
• Analytics cookies — Google Analytics for aggregated usage data
• Advertising cookies — Meta Pixel and TikTok Pixel to measure ad performance
• Preference cookies — remember your settings (dark mode, sidebar state)

You can disable non-essential cookies in your browser settings. Disabling essential cookies may prevent you from logging in.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update or correct inaccurate information
• Deletion — request deletion of your account and associated data
• Portability — export your data in a machine-readable format
• Opt-out — unsubscribe from marketing emails at any time
• Restriction — request that we limit processing of your data

GDPR (EU/EEA): We process data based on consent and legitimate business interests. You may lodge a complaint with your local data protection authority.

CCPA (California): You have the right to know, delete, and opt out of the sale of personal information. FlashFlow AI does not sell personal information.

To exercise any of these rights, email us at hello@flashflowai.com.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion:

• Account data is deleted within 30 days
• Generated scripts and saved content are permanently removed
• Anonymized, aggregated usage data may be retained for analytics
• Billing records are retained as required by tax and accounting laws (typically 7 years)

9. Children’s Privacy

FlashFlow AI is not intended for users under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 15 days before the changes take effect. Continued use after that date constitutes acceptance.

11. Contact Us

If you have questions or concerns about this Privacy Policy: