Skip to main content
flowfolio

Privacy Policy

Effective date: March 25, 2026

Flowfolio ("we," "us," or "our") operates the flowfolio web application. This Privacy Policy explains how we collect, use, and protect your information when you use our service, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Flowfolio is the data controller responsible for your personal data. If you have questions about how your data is processed, please contact us at support@flowfolio.app.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, optionally, a display name. If you sign up or log in with Google, we receive basic profile information (name and email) from your Google account.

Bookmark & Collection Data

We store the URLs you bookmark along with associated metadata including page titles, descriptions, categories, notes, screenshots, extracted design tokens, detected technology stacks, performance metrics, sitemap data, and media assets. This data is generated automatically from publicly available information on the pages you bookmark or entered by you directly.

Usage Data

With your consent, we use Vercel Analytics and Google Analytics to collect anonymous, aggregated usage data such as page views and general traffic patterns. This data does not include personal identifiers. Analytics are only loaded after you provide consent via our cookie consent banner.

Cookies & Local Storage

We use cookies and browser storage as described in the "Cookies & Consent" section below. We do not use advertising or tracking cookies.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by the GDPR:

  • Contract performance (Art. 6(1)(b)) — Processing necessary to provide the service you signed up for, including account management, bookmark storage, and collection features.
  • Consent (Art. 6(1)(a)) — For visitors in the EU/EEA and UK, analytics cookies and usage tracking are only enabled with your explicit consent, which you can withdraw at any time via the cookie preferences in our footer. For visitors outside these regions, analytics are enabled by default but can be opted out of at any time through the same cookie preferences.
  • Legitimate interest (Art. 6(1)(f)) — Maintaining the security and integrity of our service, and sending essential transactional emails (e.g. password resets, invitation notifications).

4. How We Use Your Information

  • To create and manage your account
  • To store, organize, and display your bookmarks and collections
  • To generate bookmark metadata (screenshots, design tokens, tech stack detection, performance scores, sitemap discovery, and media extraction) from publicly available web pages
  • To send transactional emails such as email verification, password reset links, and collection invitation notifications
  • To understand how the app is used and improve it (only with your consent)

5. Cookies & Consent

We use your approximate location (country), determined by your IP address via our hosting provider, to decide how cookie consent is handled. No precise geolocation data is collected or stored.

EU/EEA and UK visitors: A cookie consent banner is displayed on your first visit, allowing you to choose which cookie categories to enable before any optional cookies are set. Analytics are not loaded until you explicitly opt in.

Visitors outside the EU/EEA and UK: Analytics cookies are enabled by default. You will not see a consent banner, but you can opt out at any time by clicking "Cookie Preferences" in the page footer.

Regardless of your location, your preference is stored in your browser's local storage and can be changed at any time.

Essential Cookies

These cookies are required for the app to function. They include authentication session cookies managed by Supabase Auth, application preferences stored in local storage, and a country detection cookie used solely to determine whether to display the consent banner. These cannot be disabled.

Analytics Cookies (optional)

We use Vercel Analytics and Google Analytics to collect anonymous, aggregated usage data. For EU/EEA and UK visitors, these are not loaded until you explicitly opt in. For other visitors, these are loaded by default but can be disabled at any time. Withdrawing consent causes analytics scripts to stop loading on your next page visit.

6. Third-Party Services

We use the following third-party services to operate flowfolio:

  • Supabase — authentication, database, and data storage
  • Vercel — hosting and anonymous analytics (with consent)
  • Google Analytics — usage analytics (with consent)
  • Google OAuth — optional sign-in via your Google account
  • Google PageSpeed Insights API — fetching performance metrics for bookmarked pages
  • Stripe — payment processing for subscriptions
  • Resend — sending transactional emails (invitations and notifications)

Each third-party service processes data in accordance with their own privacy policies. We encourage you to review them. Where these services process data outside the European Economic Area (EEA), they do so under appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

7. International Data Transfers

Our third-party service providers may process your data in countries outside the EEA, including the United States. When such transfers occur, they are protected by appropriate safeguards including Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

8. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is shared only with the third-party service providers listed above as necessary to operate the service.

If you create a public collection or invite others to collaborate on a shared collection, the bookmarks in those collections will be visible to anyone with the link or to the invited members respectively.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data. Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS. Authentication sessions are managed securely through Supabase Auth.

10. Data Retention & Deletion

Your data is retained for as long as your account is active and as necessary to provide the service. You may delete individual bookmarks or collections at any time. If you wish to delete your account and all associated data, please contact us at the email below. We will process deletion requests within 30 days.

11. Your Rights Under the GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can request that we correct inaccurate or incomplete data.
  • Right to erasure — You can request that we delete your personal data.
  • Right to restrict processing — You can request that we limit how we use your data.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing based on legitimate interests.
  • Right to withdraw consent — You can withdraw consent for analytics at any time via Cookie Preferences in the footer, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@flowfolio.app. We will respond to your request within 30 days.

12. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

13. Children's Privacy

Flowfolio is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. If the changes are significant, we may also notify you via email.

15. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at support@flowfolio.app.