IdeaFlow

Privacy Policy

Last updated 24 May 2026

1. What we collect

  • Account data — email address, display name, and OAuth profile picture when you sign in with Google.
  • Idea content — titles, descriptions, chat messages, task notes, and phase summaries you create inside the app.
  • Usage data — counts of AI messages and ideas created, used for enforcing plan limits.
  • Push subscription tokens — encrypted device endpoints used to deliver follow-up reminders. We cannot read your device or other apps through these tokens.
  • Payment data — handled entirely by Paddle. We store only your Paddle customer ID and subscription status. We never see your full card number.

2. How we use your data

  • To operate and improve the coaching service.
  • To send follow-up push notifications you have explicitly enabled.
  • To enforce usage limits tied to your plan.
  • To process payments and manage your subscription.

We do not sell your data. We do not use your idea content to train AI models.

3. AI processing

Your idea content and coaching messages are sent to Anthropic's API to generate coaching responses. Anthropic processes this data under their Privacy Policy. We send the minimum context necessary (up to 1 500 tokens per request) and do not transmit your full idea history.

4. Data storage

Your data is stored in Supabase (hosted on AWS in the AP-Southeast-2 / Sydney region). All data at rest is encrypted by the hosting provider. All data in transit is encrypted with TLS.

Row-level security ensures each user can only read and write their own data. No employee can access your content without database-level access.

5. Your rights

  • Access — request a copy of all data we hold about you.
  • Deletion — request permanent deletion of your account and all associated data.
  • Export — export your ideas at any time from within the app.
  • Notifications — disable push notifications at any time from Settings.

To exercise these rights, email us at the address below.

6. Cookies

We use only essential session cookies set by Supabase Auth to keep you signed in. We do not use analytics cookies or third-party tracking.

7. Changes to this policy

Material changes will be communicated via email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

8. Contact

Questions or requests: contact-us@neosapiens.com