Privacy Policy

Last updated: March 26, 2026

1. What we collect

FlowRelay collects work activity data from the integrations you explicitly connect (e.g., GitHub, Slack). We only access data that is necessary to provide context synthesis features. Specifically:

• GitHub: Commit messages, pull request titles and descriptions, issue titles. We do NOT access your source code.
• Slack: Messages in channels where FlowRelay is explicitly added. We do NOT access private DMs unless you opt in.
• Account data: Email address, name, and authentication tokens for connected services.

2. How we use your data

Your data is used exclusively to:

• Generate context summaries, handoff briefs, and team digests.
• Create vector embeddings for semantic search within your own workspace.
• Improve the relevance of AI-generated summaries for your team.

We do not use your data to train AI models. Your work data is never shared with third parties for advertising or any purpose other than providing the service.

3. AI processing

We use Google AI (Gemini) to generate summaries and analyses. When your data is sent to the AI model for processing:

• Only the minimum necessary context is sent (not your full history).
• Data is transmitted via encrypted connections.
• Google's API data usage policy applies — data sent via the API is not used to train their models.

4. Data storage and security

• All data is stored in Supabase (PostgreSQL) with Row Level Security enabled.
• Integration access tokens are encrypted at rest.
• All connections use TLS encryption.
• We do not store data longer than necessary — you can delete your data at any time.

5. Cookies

We use only essential cookies required for authentication and session management. We use Klaro as our consent management tool so you can review and manage cookie preferences at any time. We do not use third-party tracking or advertising cookies.

6. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Erase your data ("right to be forgotten").
• Port your data to another service.
• Object to processing.
• Withdraw consent at any time.

To exercise these rights, contact us at privacy@flowrelay.app.

7. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days.

8. Changes to this policy

We will notify you of material changes via email or in-app notification before they take effect.