Privacy Policy
Last updated: 25 May 2025
1. Introduction
Welcome to FlowTones (“we”, “our”, or “us”). We are committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at flowtones.app and our services. Please read this policy carefully.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
We collect the following categories of personal data:
- Account data: Your name and email address when you sign up via Google OAuth.
- Profile data: Your Google profile picture (avatar) displayed in the application.
- Subscription data: Payment and billing information processed by Stripe (we do not store card details directly).
- Usage data: Pages visited, features used, session duration, and audio mode preferences (anonymised where possible).
- Technical data: IP address, browser type, device type, and operating system for security and analytics purposes.
3. How We Use Your Data
We use your personal data to:
- Provide, operate, and maintain our services.
- Process your subscription payments and manage billing.
- Authenticate your identity and manage your account.
- Enforce free-tier session limits and premium access.
- Send transactional emails (e.g. subscription confirmations) where you have provided consent.
- Improve our services through aggregated, anonymised analytics.
- Comply with legal obligations.
4. Legal Basis for Processing
We process your personal data under the following legal bases (UK GDPR Art. 6):
- Contract: Processing necessary to perform the service you have subscribed to.
- Legitimate interests: Improving our services, preventing fraud, and ensuring security.
- Consent: Marketing communications and optional analytics (you may withdraw at any time).
- Legal obligation: Compliance with applicable laws and regulations.
5. Third-Party Services
We use the following trusted third-party services to operate FlowTones:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Authentication & database | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Vercel | Hosting & analytics | vercel.com/legal/privacy-policy |
| OAuth sign-in | policies.google.com/privacy | |
| Resend | Transactional email | resend.com/legal/privacy-policy |
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your data within 30 days, except where we are legally required to retain it (e.g. financial records must be retained for 7 years under UK law).
7. Cookies
We use essential cookies to maintain your session and authentication state. We may use analytics cookies (via Vercel Analytics) to understand usage patterns. You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the service.
8. Your Rights (UK GDPR)
Under UK GDPR, you have the right to:
- Access your personal data.
- Rectify inaccurate personal data.
- Erase your personal data (“right to be forgotten”).
- Restrict processing of your data.
- Data portability – receive your data in a machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at privacy@flowtones.app. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, or alteration. Data is transmitted over encrypted HTTPS connections and stored in Supabase's secure infrastructure.
10. International Transfers
Some of our third-party providers are based outside the UK/EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions).
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of FlowTones after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: