Privacy policy
Updated 2026-07-07
This policy says what FlowPilots collects, why, and the controls you hold. The short version: your data stays yours, it is never sold, and no model is trained on it.
What FlowPilots collects
- Account basics: your name, email address, and a hashed password (or your Google identity, where Google sign-in is offered).
- What you create in the cockpit: organizations, workspaces, members, invitations.
- Session cookies that keep you signed in. There are no advertising trackers.
- Operational records: server logs and an audit trail of account actions.
- Error and product telemetry (Sentry, PostHog) when enabled for the deployment.
Connected tools
When you connect a tool, FlowPilots reads only what you authorize. Connectors are read-only wherever the job allows and request the narrowest scope that works. FlowPilots holds tokenized references issued by each provider, never your passwords and never full account or card numbers. Content read from a connected tool is treated as data, never as instructions, and no side-effectful action runs without your in-app approval. Disconnecting a tool purges what it ingested.
How data is protected
- Encrypted in transit and at rest.
- Isolated per organization at the database layer.
- Never sold, never shared for advertising, never used to train any model.
Your controls
- When you connect a tool, you can disconnect it in one click and its ingested data is purged.
- Write to support@flowpilots.io to export your data or have your account deleted.
Changes and contact
Changes are posted at this address. Questions and requests go to support@flowpilots.io.