Privacy Policy

1. Introduction

Autoflowly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered app builder platform.

This policy applies to all information collected through our website, application, and related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and profile details
• Business Information: Company name, industry, business goals, and startup ideas
• Communication Data: Messages with AI agents, support tickets, and feedback
• Payment Information: Billing details, subscription plans (processed by secure third-party providers)
• User Content: Projects, documents, code, and other materials you create or upload

2.2 Information Collected Automatically

• Usage Data: Features used, AI interactions, time spent, and actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Analytics Data: Performance metrics, error reports, and usage patterns
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies

2.3 Information from Third Parties

• OAuth Providers: Profile information from Google, GitHub, or LinkedIn when you use social login
• Integration Partners: Data from connected services you authorize
• Public Sources: Publicly available business information to enhance our services

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Provide AI-powered MVP generation and recommendations
• Process transactions and manage subscriptions
• Generate insights and analytics for your business
• Enable collaboration and project management features

3.2 Service Improvement

• Analyze usage patterns to enhance features
• Train and improve AI models (using anonymized data)
• Develop new features and services
• Conduct research and analytics

3.3 Communication

• Send service updates and notifications
• Respond to support requests
• Provide marketing communications (with your consent)
• Send security alerts and account notifications

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in these circumstances:

4.1 Service Providers

We share data with trusted third-party providers who help us operate our Service:

• Cloud hosting providers
• Payment processors (Stripe)
• Analytics services (with anonymized data)
• Communication tools (email services, customer support)

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or security issues
• Enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with JWT and bcrypt password hashing
• Rate limiting and DDoS protection
• Regular security audits
• Kubernetes pod-level isolation for generated MVPs
• Incident response procedures

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to certain data processing
• Withdraw consent for optional data uses

6.2 Communication Preferences

You can manage your communication preferences by:

• Updating notification settings in your account
• Unsubscribing from marketing emails
• Adjusting cookie preferences in your browser

6.3 Account Deletion

You can request account deletion at any time. We will delete or anonymize your personal data, except where retention is required for legal or legitimate business purposes.

7. Data Retention

We retain your information based on the following criteria:

• Active Accounts: Data retained while account is active
• Deleted Accounts: Personal data deleted within 90 days
• Legal Requirements: Some data retained as required by law
• Anonymized Data: May be retained indefinitely for analytics
• Backups: Deleted from backups within 180 days

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard contractual clauses for EU data transfers
• Adequate data protection measures in all processing locations

9. GDPR Compliance (EU Users)

For users in the European Union, we comply with GDPR requirements:

9.1 Legal Basis for Processing

• Contract: Processing necessary to provide our services
• Consent: For optional features and marketing
• Legitimate Interests: For service improvement and security
• Legal Obligations: To comply with applicable laws

9.2 Additional Rights

EU users have additional rights including data portability, restriction of processing, and the right to lodge complaints with supervisory authorities.

10. California Privacy Rights (CCPA)

California residents have specific rights under the CCPA:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of data sales (we do not sell data)
• Right to non-discrimination for exercising privacy rights

11. Children's Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly.

12. AI and Machine Learning

Our AI system processes your data to generate MVPs and provide recommendations:

• AI processing occurs within secure, isolated environments
• We do not use your data to train models for other users
• You can request AI-generated content about your projects be deleted
• AI decisions can be reviewed by human support staff

13. Mobile App Permissions and Data Collection

Our Autoflowly mobile app requests specific permissions to provide enhanced functionality. Here's what each permission is used for:

13.1 Camera Permission (android.permission.CAMERA)

• Purpose: Used exclusively for scanning QR codes to quickly share and access your created MVPs
• Data Storage: We do not store any photos, videos, or camera data. All QR code scanning is processed locally on your device
• User Control: This permission is optional. You can deny camera access and still use all other app features without any limitations
• Privacy Protection: No visual data leaves your device through this permission

13.2 Internet Permission (android.permission.INTERNET)

• Purpose: Essential for communicating with our AI servers to generate MVPs and sync your projects
• Data Transmitted: Project descriptions, user authentication tokens, generated app code
• Security: All data transmission uses HTTPS encryption

13.3 Network State Permission (android.permission.ACCESS_NETWORK_STATE)

• Purpose: To check internet connectivity and provide offline functionality when needed
• Data Collected: Network connection status only (connected/disconnected)
• Privacy Impact: No personal or location data collected through this permission

13.4 Record Audio Permission (android.permission.RECORD_AUDIO)

• Purpose: Enables voice input for describing your app ideas to our AI assistant
• Data Processing: Audio is processed in real-time for speech-to-text conversion and not permanently stored
• User Control: Voice input is completely optional. Text input is always available as an alternative
• Data Retention: Voice data is not saved or transmitted to our servers

13.5 Wake Lock Permission (android.permission.WAKE_LOCK)

• Purpose: Prevents your device from sleeping during AI processing to ensure uninterrupted app generation
• Privacy Impact: This permission does not access or collect any personal data
• Battery Consideration: Used sparingly and only during active AI processing

13.6 Mobile App Data Collection Summary

Data We Collect Through the Mobile App:

• Account information (email, name, profile picture when you create an account)
• Project data (MVP descriptions, generated code, app configurations)
• Chat history with our AI assistant for app generation
• Usage analytics (features used, session duration, crash reports for improvement)
• Device information (model, OS version, app version for compatibility)

Data We DO NOT Collect:

• Photos or videos from your camera
• Audio recordings or voice data
• Location information
• Contact lists or phone numbers
• Text messages or call logs
• Other apps on your device

13.7 Third-Party AI Processing

When using our mobile app, your project descriptions may be processed by:

• OpenAI: For advanced AI-powered app generation (subject to OpenAI's privacy policy)
• Anthropic (Claude): For AI assistant functionality (subject to Anthropic's privacy policy)
• Data Protection: Your personal project data is not used to train these AI models
• Secure Transmission: All AI processing requests are encrypted and transmitted securely

13.8 Mobile App Security

We implement additional security measures for our mobile app:

• Local data encryption on your device
• Secure token-based authentication
• Automatic logout for inactive sessions
• Regular security updates through app stores
• Biometric authentication support (when available on your device)

13.9 Google Play Store Compliance

Our app complies with Google Play Store policies regarding:

• Transparent permission requests with clear explanations
• Minimal data collection necessary for app functionality
• Secure handling of sensitive permissions like camera and microphone
• User control over optional features and permissions
• Regular security audits and updates

13.10 Managing Mobile App Permissions

You can manage app permissions at any time:

• Android Settings: Go to Settings > Apps > Autoflowly > Permissions
• In-App Settings: Access permission controls within the app's settings menu
• Granular Control: Enable or disable individual permissions based on your preferences
• No Feature Loss: Core app functionality remains available even with restricted permissions

14. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy with a new "Last updated" date
• Sending email notifications for significant changes
• Displaying in-app notifications

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

We aim to respond to all privacy requests within 30 days.

16. Cookie Policy

We use cookies and similar technologies:

Types of Cookies

• Essential: Required for service functionality
• Analytics: Help us understand usage patterns
• Preferences: Remember your settings
• Marketing: Used for targeted advertising (with consent)

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.