← Back to Home

Privacy Policy

Last updated: May 26, 2026

1. Information We Collect

ClipFlow is designed with a privacy-first approach. We collect the minimum amount of data necessary to provide our services:

• Account Information: Email address and encrypted password (PBKDF2-SHA256 hashed). If you use Google Sign-In, we store your Google account email and a unique Google user ID.
• Synced Content: Markdown files, text notes, and web clips you choose to sync across devices. All content is stored on Cloudflare's global edge network.
• Device Information: Device identifiers and last sync timestamps for managing your connected devices.
• Usage Data: Anonymous, aggregated metrics such as sync frequency and storage usage. We do not track individual user behavior.

2. How We Use Your Information

• To provide and maintain the ClipFlow sync service
• To authenticate your identity and secure your account
• To process subscription payments via Stripe
• To send service-related emails (verification codes, account notifications)
• To improve our service through aggregated analytics

3. Data Storage & Security

All data is stored on Cloudflare's global infrastructure, which is GDPR-compliant and SOC 2 Type II certified.

• Encryption in Transit: All data transfers use TLS 1.3 encryption
• Encryption at Rest: Private Mode encrypts file content with AES-256-GCM before upload
• Password Security: Passwords are hashed using PBKDF2-SHA256 with 100,000 iterations
• Zero-Knowledge Design: In Private Mode, only you hold the encryption key — we cannot read your encrypted content

4. Data Retention

• Active accounts: Data is retained as long as your account is active
• Account deletion: You can delete your account at any time. A 7-day cooling period applies, after which all data is permanently removed
• Verification codes: Email verification codes expire after 10 minutes and are deleted upon use

5. Third-Party Services

ClipFlow integrates with the following third-party services:

• Cloudflare: Infrastructure, data storage, and content delivery
• Stripe: Payment processing (PCI DSS compliant)
• Google: OAuth sign-in (we only receive your email and a unique ID)
• Resend: Transactional email delivery

These services have their own privacy policies and are contractually obligated to protect your data.

6. AI Features

ClipFlow may offer AI-powered features (e.g., smart tagging, content summarization). Key principles:

• Your data is never stored or used to train AI models
• AI processing is prompt-based only — data is processed in real-time and immediately discarded
• You can opt out of AI features at any time

7. Your Rights

Under GDPR, CCPA, and other applicable regulations, you have the right to:

• Access all personal data we hold about you
• Export your data at any time via the Dashboard
• Delete your account and all associated data
• Object to data processing and request restriction
• Data portability — export your content in standard formats

8. Cookies

ClipFlow uses minimal, essential cookies and local storage:

• Authentication tokens: JWT stored in localStorage for session management
• Language preference: Your selected language stored in localStorage
• No tracking cookies: We do not use analytics cookies, advertising cookies, or third-party trackers

9. Children's Privacy

ClipFlow is not intended for children under 13. We do not knowingly collect personal information from children.

10. International Data Transfers

Data is stored on Cloudflare's global edge network. While Cloudflare maintains data residency controls, your data may be processed in multiple jurisdictions. By using ClipFlow, you consent to such transfers.

11. Changes to This Policy

We may update this privacy policy periodically. Material changes will be notified via email or dashboard notification at least 30 days before taking effect.

12. Contact

For privacy-related inquiries or data requests, contact us at:

privacy@clipflow.one