Loading...

Privacy Policy

Last updated: January, 2025

1. How We Handle Your Data for Free Users

All of your data, including API keys, chat history, and chat messages, are stored locally on your browser using Local Storage and IndexedDB.

The entire app is a static website; we do not have a backend server that collects data.

When you send a message on NovaFlow.ai, your request is sent directly to OpenAI or other supported LLM API endpoints using your provided API key via HTTPS. No middle server intercepts the request.

For Anthropic models, requests are proxied through the NovaFlow proxy server as Anthropic does not support direct browser requests. The proxy does not log or store request data and purely forwards requests.

No external JavaScript runs on NovaFlow.ai.

2. How We Handle Your Data for Paid Users

Paid users follow the same privacy policy as free users, with the following additional details:

  • When you purchase a subscription, we store your email address and subscription details to verify your access.
  • When you log in, your browser communicates with our subscription server to verify and fetch subscription details.
  • We may send you emails regarding new features and updates; you can unsubscribe at any time.

3. Third-Party Services We Use

  • Vercel: Hosts our website.
  • Vercel Analytics: Collects anonymous visitor analytics.
  • Sentry: Captures anonymous crash logs and error reports.
  • Paddle: Processes payments; we do not store payment details.

4. NovaFlow Cloud

NovaFlow Cloud is an opt-in service for sharing chat conversations via publicly accessible links, as well as syncing and backing up chat history.

  • Chats shared via NovaFlow Cloud become publicly accessible but are prevented from search engine indexing.
  • We only store explicitly shared chats, not API keys or subscription details.
  • When enabling Sync and Backup, all chats, prompts, messages, and AI agents are encrypted and stored securely on AWS.
  • Cookies are used to maintain login sessions for syncing, expiring after 30 days of inactivity.

5. General Policies

Your privacy is important to us. We only collect data necessary to provide services, always with your consent.

We retain data only for as long as required and protect it with commercially acceptable security measures.

We do not share personally identifiable data publicly or with third parties, except when legally required.

Our site may link to external websites; we are not responsible for their content or policies.

You may refuse to provide personal information, though some services may not be available without it.

6. Contact Us

If you have questions about this policy, contact us at privacy@novaflow.ai.