Privacy Policy

Last updated: February 24, 2026

ClearFlow Inc. (“ClearFlow,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use the ClearFlow platform, including all associated websites, applications, services, and APIs (collectively, the “Service”). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Account Information

When you create a ClearFlow account, we collect your name, email address, and password. If you register through a third-party OAuth provider (such as Google or GitHub), we receive your name and email address from that provider. We may also collect your professional title, organization name, and platform preference (Creator, Educator, or Executive) during the onboarding process.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, FlowCoin consumption, session duration, timestamps of activity, API calls made, and error logs. This data helps us understand usage patterns, improve the Service, and troubleshoot technical issues.

Voice Data

If you use voice-powered features, we collect audio recordings for real-time transcription and speech synthesis. If you enable Voice DNA Authentication, we collect and store a voiceprint (biometric identifier) derived from your voice. Voice data used for transcription is processed in real time and is not retained after the session unless you explicitly save the output. Voiceprint data is stored in encrypted form for authentication purposes only.

Payment Data

Payment information, including credit card numbers and billing addresses, is collected and processed by our payment provider, Stripe. ClearFlow does not directly store your full credit card number or CVV. We retain your Stripe customer ID, subscription status, billing history, and invoice records for account management and compliance purposes.

Device and Browser Information

We collect standard technical data including your IP address, browser type and version, operating system, device type, screen resolution, language preference, and referring URL. This information is used for security monitoring, analytics, and optimizing the user experience.

2. How We Use Your Information

We use the information we collect for the following purposes: to provide, maintain, and improve the Service; to process payments, manage subscriptions, and administer FlowCoin credits; to authenticate your identity and secure your account; to personalize your experience and deliver relevant content and recommendations; to communicate with you about your account, billing, product updates, and support inquiries; to detect, prevent, and respond to fraud, abuse, and security incidents; and to comply with legal obligations and enforce our Terms of Service.

ClearFlow may use anonymized and aggregated usage data to improve our AI models and platform features. This data does not identify you personally. You may opt out of having your usage data included in AI model improvement by contacting privacy@clearflow.ai. The FlowGuard safety system processes content in real time to enforce our Acceptable Use Policy; this processing is automated and essential to the security of the Service.

3. Voice and Biometric Data

ClearFlow takes the protection of biometric data extremely seriously. Voiceprint data collected through the Voice DNA Authentication system is encrypted using AES-256-GCM before storage and is never stored in plaintext. Voiceprint data is used exclusively for the purpose of verifying your identity when you access the Service and for enabling personalized text-to-speech synthesis. We do not use voiceprint data for any other purpose, and we do not share it with any third party except as required to provide the authentication service itself.

Voiceprint data is retained for as long as your account remains active and the Voice DNA Authentication feature is enabled. You may disable Voice DNA Authentication at any time through your account settings, which will trigger the deletion of your voiceprint data within 30 days. You may also request immediate deletion of all voice and biometric data by contacting privacy@clearflow.ai. ClearFlow complies with applicable biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and the Washington Biometric Identifier law, where applicable.

4. Data Sharing

ClearFlow does not sell, rent, or trade your personal information to third parties. We share your data only in the following circumstances:

• Payment Processing: We share necessary billing information with Stripe to process payments, manage subscriptions, and prevent fraud. Stripe's privacy policy governs their use of this data.
• Data Storage and Authentication: We use Supabase (hosted in the ca-central-1 region) for data storage and user authentication. Data stored in Supabase is subject to their security practices and data processing agreement.
• AI Processing: When you use AI-powered features, your input data (text, voice, or other content) is sent to third-party AI providers — including Anthropic (Claude), OpenAI, ElevenLabs, and Deepgram — for processing. These providers process data according to their respective privacy policies and data processing agreements. ClearFlow selects providers that commit to not using customer data for model training.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ClearFlow, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5. Cookies and Tracking

ClearFlow uses cookies and similar technologies to operate and improve the Service. We use session cookies to maintain your authenticated state across pages and requests. We use preference cookies to remember your settings, theme selection, and language preferences. We may use analytics cookies to collect aggregated usage data for the purpose of understanding how the Service is used and identifying areas for improvement. We do not use third-party advertising cookies or engage in cross-site behavioral tracking. You can manage cookie preferences through your browser settings; however, disabling essential cookies may prevent you from using certain features of the Service.

6. Data Security

ClearFlow implements industry-standard security measures to protect your personal information. All data transmitted between your device and our servers is encrypted using TLS 1.3. Sensitive data at rest, including voiceprint data and authentication credentials, is encrypted using AES-256-GCM. We enforce strict access controls, audit logging, and monitoring across our infrastructure. Our platform undergoes regular security reviews and penetration testing. ClearFlow is actively pursuing SOC 2 Type II compliance, with certification expected in 2026. Despite our efforts, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. If you become aware of a security vulnerability or suspect unauthorized access to your account, please contact security@clearflow.ai immediately.

7. Data Retention

We retain your personal information for as long as your account is active and as needed to provide the Service. Account data, usage history, and billing records are retained for the duration of your active subscription. If you delete your account, we will purge your personal data within 30 days of the deletion request, except where retention is required by law (such as tax records and billing history, which may be retained for up to 7 years). Voice recordings used for real-time transcription are not retained after the session ends. Voiceprint data is deleted within 30 days of account deletion or upon explicit request. Anonymized and aggregated data that does not identify you may be retained indefinitely for analytics and service improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete personal data.
• Right to Deletion: You may request that we delete your personal data, subject to legal retention requirements.
• Right to Data Portability: You may request a machine-readable copy of your data for transfer to another service.
• Right to Opt Out: You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly.
• GDPR Rights: If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation, including the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority.
• CCPA Rights: If you are a California resident, you have the right to know what personal information is collected, the right to request deletion, the right to opt out of the sale of personal information (ClearFlow does not sell personal information), and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@clearflow.ai. We will respond to verified requests within 30 days, or within the timeframe required by applicable law.

9. Children's Privacy

The ClearFlow Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take immediate steps to delete that information and terminate the associated account. ClearFlow complies with the Children's Online Privacy Protection Act (COPPA) and similar laws in other jurisdictions. If you believe that a child under 18 has created an account or provided personal information to ClearFlow, please contact us immediately at privacy@clearflow.ai so that we can take appropriate action.

10. International Data Transfers

ClearFlow is headquartered in the United States. Your data may be processed and stored in the United States and Canada. Our primary database infrastructure is hosted by Supabase in the ca-central-1 (Canada Central) region. By using the Service, you acknowledge and consent to the transfer of your personal information to the United States and Canada, which may have data protection laws that differ from those in your jurisdiction. For users in the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transferred outside the EEA. We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

11. Changes to Privacy Policy

ClearFlow reserves the right to update this Privacy Policy at any time. When we make material changes, we will notify you by email at least 30 days before the changes take effect and will update the “Last updated” date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ClearFlow Inc.
Email: privacy@clearflow.ai

For security-related concerns, please contact: security@clearflow.ai