← flow-graph.com
Privacy Policy
Effective: July 2026 · Contact: flowgraphhelp@gmail.com
The short version: FlowGraph is local-first. Your graphs, documents, and models live on
your device by default and never reach our servers unless you explicitly use a cloud feature
(sign-in, sync, sharing, cloud 3D translation). The free anonymous path never phones home.
What stays on your device
- Your vaults: every graph, card, edge, document, IFC model, run history, and setting — stored in your browser (or your own disk with the pip install).
- Your AI provider keys — stored locally, sent only to the provider you chose (Anthropic, OpenAI, Google, a local model, …). We never see, proxy, or resell your inference unless you explicitly configure our proxy.
- Everything you do without an account. No account is required for local work.
What we store if you create an account
- Your email address and display name (from the email you enter, or your Google/GitHub profile if you use one-click sign-in — we receive only basic profile info, never your contacts or repositories).
- Your plan, subscription state, and entitlement records.
- If you use sync/sharing (Team): the vaults you explicitly choose to sync or share, stored encrypted at rest with tenant isolation, plus an audit log of governed writes.
Payments
Payments are processed by Stripe. Card details never touch FlowGraph servers or code. We store only your Stripe customer/subscription identifiers.
Cloud 3D translations (Autodesk APS)
If you choose "View with APS (cloud)" for a Revit/Navisworks/DWG/DGN file, that file is sent to Autodesk's cloud for conversion — always behind an explicit consent step that says so. With your own Autodesk app, the traffic is between you and Autodesk. On our platform quota, we meter usage counts (not file contents).
Analytics & error reporting
- Hosted site only: cookieless, privacy-preserving page analytics (Cloudflare Web Analytics — no cookies, no cross-site tracking, no fingerprinting) and application error reports that never include your vault contents.
- The pip-installed server and CLI send nothing — no telemetry, no crash reports, no beacons. There is no phone-home code in the package. If opt-in crash reporting ever ships, it will be off by default and documented field-by-field here first.
What we never do
- Sell or share your data with advertisers. No ads, no data brokers.
- Train AI models on your content.
- Read your vaults. We structurally can't for local-only users; for synced vaults we access content only as needed to operate the service or as you direct (e.g., a share you create).
Data deletion
Local data: delete it yourself — it's yours, on your machine. Account data: email flowgraphhelp@gmail.com and we delete your account, plan records, and synced content within 30 days (billing records are retained as legally required).
Changes
If this policy changes materially we'll note it in the app's "What's new" and on this page. Questions: flowgraphhelp@gmail.com.