Privacy
Last updated 17 July 2026 · Flowitz is a product of Grandfield Media.
Every claim on this page names the mechanism that makes it true. If we can't point at the thing that enforces it, we don't claim it.
1.The claims map
Read this as a contract with the code. The left column is the promise; the right column is what enforces it.
Free tools run entirely in your browser. Your input is never uploaded.
Free transforms are client-side code (runsOn: "client"). They make zero network calls with your input, and a CI rule fails the build if one ever does.
We never log your file contents, and never send them to analytics.
Our logs, audit trail, and analytics record identifiers, timings, counts, and costs — the body of your file is never written to them. Support traces a run by its id, not by reading your data.
Studios process your upload on our servers, and send its parsed content to our AI provider.
A Studio run parses your file, then calls Anthropic through a single call site (generate()). This is the boundary where your content leaves our systems — see “Where your content goes” below.
Email addresses and phone numbers inside your artifacts are removed before generation.
The parsers redact email/phone patterns as they read your file, so redacted values are what reach the model. Business identifiers (order, material, partner numbers) are kept — they're the data the document is about.
Only your account can read your artifacts and kits.
Every row and every stored object is scoped to your account by database row-level security and account-prefixed storage paths — enforced by the database, not by application code remembering to check.
We don't store passwords.
Sign-in is a one-time code sent to your email. There is no password to store, leak, or reuse.
Deleting your account removes your work.
Deletion purges your projects, artifacts, kits, and stored objects, and anonymizes usage records. Billing records are kept — we're required to retain them.
Your credit history is auditable, by you.
Every credit movement is an append-only ledger row visible in your dashboard. Nothing is edited or deleted after the fact — corrections are new entries.
2.Where your content goes
This is the boundary worth being blunt about. Free tools: your data never leaves your browser — there is no upload to make.
Studios: you upload a file (or paste a payload). We parse it, and send the parsed content to Anthropic, our AI provider, to write your documents. Anthropic processes it under their API terms as our processor. We do not currently claim zero-retention at the provider; if that changes, this page changes with it — and not before.
Your uploaded file and the resulting kit are stored in our object storage, scoped to your account, so you can re-open and re-download them. Delete your account and they go.
3.What we collect
To run the service: your email address, the artifacts you upload, the kits we produce, and your credit ledger.
To keep it working: metadata about runs — which Studio, how long, what it cost, whether it failed, and the identifiers that let us trace one run end to end for support. Never the content itself.
Not collected: we don't track you across the web, and the free tools don't require an account, so anonymous use stays anonymous.
4.Processors
We use a small set of providers to run Flowitz: Anthropic (AI generation), Supabase (database, auth, storage), Vercel (hosting), and Resend (email). Each processes data only to deliver the service.
5.Your choices
You can export your work, change your email, withdraw marketing consent, revoke sessions, and delete your account from Settings. Deletion is immediate and not reversible.
Questions about your data: privacy@flowitz.com.