Privacy Policy

FlowMind provides an AI assistant that connects to your own n8n instance to help you build, run and manage automation workflows. This policy explains what we collect, why, and the choices you have. FlowMind is built around a simple principle: your automation data and credentials stay on your infrastructure, not ours.

• Account information — your email address, authentication identifiers and plan status, created when you sign in.
• Usage data — message counts and basic activity needed to enforce plan limits and keep the service reliable.
• Content you provide — the messages and instructions you send to the AI, stored so your conversations persist between sessions.
• Payment information — handled entirely by Stripe. We never see or store your card details; we only keep a customer reference and subscription status.

FlowMind connects to the n8n instance and AI providers you configure using credentials you supply. Those credentials are used to operate on your behalf, and your workflow data lives on your own server — it does not pass through FlowMind for storage. You remain in control of, and responsible for, the systems you connect.

We use the information above to authenticate you, provide and improve the service, enforce usage limits, process subscriptions, prevent abuse, and keep the service running. We do not sell your personal data.

We rely on a small set of trusted processors to run FlowMind: Supabase (authentication and database), Stripe (payments), Vercel (hosting), and the AI providers you choose to enable (such as Anthropic, OpenAI or Google). Each processes data only as needed to deliver their part of the service.

We keep account and conversation data for as long as your account is active. When your account is deleted, we remove the associated data, except where we must retain limited records to meet legal or accounting obligations.

Depending on where you live, you may have the right to access, correct, export or delete your personal data, and to object to or restrict certain processing. You can manage and delete much of your data directly from your account.

We use industry-standard measures to protect your data, including encryption in transit and access controls. No system is perfectly secure, so we encourage you to use strong, unique credentials for the services you connect.

We use only the cookies necessary to keep you signed in and to operate the service. We do not use advertising or cross-site tracking cookies.

We may update this policy as the product evolves. When we make material changes, we will update the date above and, where appropriate, notify you.