Back to home

Last updated: 2026-06-04

Privacy.

This is the honest version. It describes what Flowy actually collects and why — nothing more. If something here is unclear, email us (below) and we'll explain.

1. Analytics

We measure usage with a single first-party cookie called flowy_anon: a random UUID, set for 90 days and marked httpOnly. It lets us count anonymous page-view and usage events (catalog views, flow views, flow adds) so we know whether people actually read and run Flows. This is not based on your IP address and is not a browser fingerprint — it's just a random identifier in a cookie. Events are stored in our usage_events table and are not tied to your account.

2. Sign-in

You can sign in with a magic-link email or with GitHub OAuth. Authentication is handled by Supabase. We store your email address and, if you sign in with GitHub, your public GitHub username/handle. We use these to identify your account and attribute Flows you contribute — nothing more.

3. Newsletter

If you subscribe to product updates, we store your email address in our newsletter_signups table so we can send you those updates. You can unsubscribe at any time — reply to any email or contact us (below) and we'll remove you. We don't use your newsletter email for anything other than Flowy updates.

4. Processors

We rely on a small set of third-party services to run Flowy: Supabase (database, authentication, and file storage), GitHub (OAuth sign-in and reading the repos that back imported Flows), and our deployment host (which serves the site). These providers process data on our behalf so the product can function. We do not sell your personal data.

5. Contact

For data requests — access, correction, deletion, or any privacy question — email contact@flowy.sh.