Legal
Effective date: March 22, 2026
FlowADHD ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, how it is stored, and the rights you have over your information when you use the FlowADHD application and website (collectively, the "Service").
By creating an account or using the Service, you acknowledge that you have read and understood this policy. If you do not agree, please do not use the Service.
Account information. When you register, we collect your email address and a securely hashed password. We never store passwords in plain text.
Task and productivity data. We store all content you create within the app: tasks, microtasks, notes, schedules, focus sessions, energy check-ins, brain dumps, recurring tasks, and list pad items. This data is linked to your account and is necessary to provide the core Service.
Usage data. We may collect anonymised, aggregated data about how features are used (e.g. which screens are visited, session duration). This data cannot identify you individually and is used only to improve the product.
Payment information. If you subscribe to FlowADHD Pro, payment is handled entirely by Stripe. We never receive or store your full card number, CVV, or bank details. We store only your Stripe customer ID and subscription status in our database.
Calendar data. If you connect an external calendar via an ICS link, we fetch that feed to display events alongside your tasks. We do not store the full contents of your calendar permanently; event data is re-fetched on demand.
Device and technical data. We may log IP addresses, browser type, and device identifiers for security and abuse-prevention purposes. This data is not shared with third parties for commercial purposes.
We use your data exclusively to operate and improve FlowADHD:
We do not use your data to serve advertisements. We do not build advertising profiles. We do not sell, rent, or otherwise commercially exploit your personal data.
Several features of FlowADHD — including AI scheduling, Brain Dump, Stuck Coach (hesitation coaching), microtask generation, and Tough Mode messages — transmit content from your tasks and notes to OpenAI's API for processing.
By using these AI features, you consent to the transmission of relevant task content to OpenAI. OpenAI processes this data under its own API terms and privacy policy. OpenAI does not use API-submitted data to train its models by default under its current API data usage policy.
We recommend you do not include sensitive personal information — such as passwords, financial account details, health records, or identifying information about third parties — in your task names or notes.
Your data is stored in Supabase, a managed PostgreSQL database platform. All data is encrypted in transit using TLS and encrypted at rest. We enforce Row Level Security (RLS) on all database tables, meaning your data is accessible only to requests authenticated as your account — other users and unauthenticated requests cannot access your data.
The Service is hosted on Vercel. Payment processing is handled by Stripe. Each provider maintains their own security standards and data processing agreements.
While we take reasonable and industry-standard precautions to protect your data, no system is completely secure. We cannot guarantee the absolute security of your information and are not responsible for unauthorised access resulting from circumstances beyond our reasonable control.
We will never sell, rent, trade, or otherwise transfer your personal data to third parties for commercial purposes. The only third parties who receive any of your data are service providers strictly necessary to operate the Service:
We may disclose your information if required by law, court order, or to protect the rights, property, or safety of FlowADHD, our users, or the public.
FlowADHD uses browser cookies solely to maintain your authenticated session with Supabase. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
We use your browser's localStorage to cache tasks and settings locally for faster loading. This data stays on your device and is never transmitted to third parties.
You have the following rights over your personal data:
To delete your account and all associated data, go to Settings → Account → Delete Account. Deletion is immediate and irreversible. If you have an active Pro subscription, please cancel it first to avoid further charges.
We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently purged from our systems within 30 days, except where we are required to retain certain records for legal or financial compliance (e.g. Stripe transaction records, which Stripe retains per their own retention policy).
FlowADHD is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at hello@flowadhd.com and we will promptly delete the account and associated data.
FlowADHD is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the app prior to the changes taking effect. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
For any questions, requests, or concerns about this Privacy Policy or your personal data, contact us at: