Privacy Policy

Last updated: March 31, 2026

Overview

planFlo is built with a privacy-first mindset. We collect only what's necessary to run the service, we don't sell your data, and we try to be transparent about everything we do with it.

1. Information We Collect

Account information (if you register):

  • Name and email address
  • Password (hashed — we never store plaintext passwords)
  • Plan type (Free, Pro, or Max)

Usage data:

  • Cards, drafts, and calendar events you create
  • AI chat messages you send (used to call the Claude API; not stored on our servers)
  • Memory entries you create (stored and processed by AI for summarization, following the same data handling practices as Notes and Chat)
  • App preferences (theme, layout settings)
  • Google Calendar events (read-only, only if you connect Google Calendar)

Technical data:

  • IP address and browser type (for security and abuse prevention)
  • Error logs (to diagnose and fix bugs)

For users without an account, all workspace data is stored exclusively in your browser's localStorage and never transmitted to our servers.

2. How We Use Your Information
  • To provide and improve the Service
  • To authenticate your account and protect against unauthorized access
  • To process payments (via Stripe — we never handle raw card numbers)
  • To send transactional emails (e.g., billing receipts, password resets)
  • To diagnose technical issues

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

3. AI and Your Prompts

When you use the AI chat assistant, your messages are sent to Anthropic's Claude API to generate a response. Anthropic's own privacy policy governs how they handle API data. planFlo does not store your AI prompts or responses on its own servers after the session ends.

4. Cookies and Local Storage

planFlo uses browser localStorage (not cookies) to persist your workspace data, theme preference, and session state on your device. This data stays on your device and is not transmitted to our servers unless you are signed in.

We do not use third-party tracking cookies or advertising pixels.

5. Third-Party Services
  • Anthropic (Claude API): Processes AI chat messages. Privacy policy →
  • Stripe: Handles payment processing for Pro and Max subscriptions. Privacy policy →
  • Supabase: Handles database storage and authentication. Privacy policy →
  • Google Calendar API: If you choose to connect Google Calendar, we read your calendar events (read-only) to display them in PlanFlo. We store an OAuth token securely on our server to maintain the connection. We do not modify, delete, or share your Google Calendar data. You can disconnect at any time from Account Settings. Privacy policy →
  • Vercel: Hosts the application. Privacy policy →
6. Your Rights

You have the right to:

  • Access your personal data — email us and we'll send you a copy
  • Correct inaccurate information via your account page
  • Delete your account and all associated data (available in account settings)
  • Export your workspace data (coming soon)

To exercise any of these rights, contact us at hello@planflo.ai.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your data is removed within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely.

8. Security

We use industry-standard security practices: HTTPS everywhere, hashed passwords, and API key management via environment variables. However, no system is perfectly secure — please use a strong, unique password.

9. Children's Privacy

planFlo is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Contact

Privacy questions or concerns? Contact us at hello@planflo.ai.