Privacy Policy

Last updated: April 19, 2026

1. Introduction

OnlyFlow ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

This policy applies to all users of the OnlyFlow platform. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information you provide

  • Account information: Email address, name, password (hashed, never stored in plain text)
  • Organization information: Organization name
  • Payment information: Processed by Stripe. We do not store credit card numbers. We retain your Stripe customer ID for billing management.

2.2 Information collected automatically

  • Usage data: Pages visited, features used, actions taken within the platform
  • Device data: Browser type, operating system, IP address
  • Cookies: Authentication cookies required for the Service to function (see Section 7)

2.3 Content you upload

  • Media files: Images and videos you upload for publishing through the Service. These are stored on Cloudflare R2.
  • Social media account data: Usernames, follower counts, and engagement metrics for accounts managed through the Service

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, password reset, invoices)
  • Monitor and improve the Service
  • Respond to support requests
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising.

4. Third-Party Services

We share your data with the following third-party services, solely for the purpose of providing the Service:

ServicePurposeData shared
StripePayment processingEmail, payment method
SupabaseDatabase and authenticationAccount data, usage data
CloudflareFile storage and CDNUploaded media files
VercelHostingIP address, browser data

5. Data Retention

  • Active accounts: Your data is retained for the duration of your account.
  • After cancellation: Organization profile and settings are retained for 90 days. Device-related data (social accounts, tasks) is deleted upon device release.
  • After account deletion: All personal data is deleted within 90 days. Anonymized usage data may be retained for analytics.
  • Payment records: Retained as required by applicable tax and accounting laws.

6. Your Rights

You have the right to:

  • Access your personal data - request a copy of the data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data - request that we erase your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at info@onlyflow.io. We will respond within 30 days.

7. Cookies

We use the following cookies:

  • Authentication cookies (essential): Required to keep you logged in. These are session cookies managed by Supabase and cannot be disabled.
  • Active organization cookie (essential): Stores your currently selected workspace. Cannot be disabled.

We do not use advertising cookies or third-party tracking cookies.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Hashed passwords (never stored in plain text)
  • Row-Level Security (RLS) ensuring data isolation between organizations
  • Access controls with role-based permissions (owner, admin, member)
  • Regular security audits

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including Canada and the United States (through our third-party service providers). By using the Service, you consent to such transfers.

10. Children

The Service is not directed at children. We do not knowingly collect personal information from minors. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at:

OnlyFlow
Email: info@onlyflow.io

Terms of Service