Back to Flow+

Privacy Policy

Last updated: March 28, 2026

1. Introduction

Flow+ (“we,” “us,” or “our”) operates the website at joinflow.pro and its associated services. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your data.

By creating an account or using Flow+, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Data We Collect

We collect the following categories of personal data:

  • Account information — your name, email address, and password (hashed; we never store plaintext passwords).
  • Birth profile — your date of birth, time of birth, birth location (city/country), and gender. This data is essential for computing your BaZi (Four Pillars of Destiny) chart and Qi Men Dun Jia readings.
  • AI chat conversations — messages you send to and receive from the Master Xie feature, stored to provide context-aware guidance across sessions.
  • Imported AI history — if you choose to import conversations from external AI services (such as ChatGPT), we store that data to personalise your mentor experience.
  • Payment information — we do not store credit card numbers or bank details directly. All payment processing is handled by Stripe, which maintains its own PCI-DSS compliant systems. We store only your Stripe customer ID and subscription status.
  • Usage data — pages visited, features used, timestamps, and general interaction patterns to improve the service.

3. How We Use Your Data

Your personal data is used for the following purposes:

  • Chart computation — your birth date, time, location, and gender are used to calculate your BaZi chart, element balance, Ten Gods mapping, and daily Qi Men Dun Jia readings. These calculations are deterministic and performed on our servers.
  • AI personalisation — your birth profile, chart data, and conversation history are provided to our AI system so it can deliver personalised, context-aware guidance that improves over time.
  • Daily readings — your chart and preferences inform the daily energy scores, hourly forecasts, directional guidance, and activity evaluations you receive.
  • Account management — your email is used for authentication, password resets, subscription receipts, and critical service notifications.
  • Service improvement — aggregated, anonymised usage patterns help us improve features, fix issues, and understand how Flow+ is used.

4. Third-Party Services

We use the following third-party services to operate Flow+. Each processes data only as necessary to provide its function:

  • Supabase (database and authentication) — stores your account data, birth profile, chart computations, and AI conversation history. Data is hosted on Supabase’s cloud infrastructure with row-level security policies.
  • Stripe (payment processing) — processes subscription payments. Stripe receives your payment card details directly; we never see or store full card numbers. See Stripe’s Privacy Policy.
  • Anthropic (Claude) (AI analysis) — your chart data and conversation messages are sent to Anthropic’s Claude API to generate Master Xie responses and personalised readings. Anthropic does not use your data to train its models when accessed via their API. See Anthropic’s Privacy Policy.
  • Netlify (hosting) — serves the Flow+ web application. Netlify may process standard access logs (IP address, user agent, request timestamps).
  • Resend (transactional email) — sends password reset emails, subscription confirmations, and critical service notifications. Resend processes your email address and message content for delivery purposes only.

We do not sell, rent, or trade your personal data to any third party. Data is shared with the services above solely to operate Flow+.

5. Data Retention

  • Account data (name, email, birth profile) is retained for as long as your account exists. When you delete your account, this data is permanently removed within 30 days.
  • AI chat logs and imported history are retained for the lifetime of your account to power the memory feature of the Master Xie. You can request deletion of conversation history at any time without deleting your account.
  • Payment records are retained as required by applicable financial regulations (typically 7 years) even after account deletion.
  • Anonymised usage data may be retained indefinitely for analytics and service improvement.

6. Your Rights

You have the following rights regarding your personal data:

  • Access — you can request a copy of all personal data we hold about you, including your birth profile, chart data, and conversation history.
  • Deletion — you can delete your account at any time from your profile settings. You can also request deletion of specific data (such as AI chat history) by contacting us.
  • Export — you can request a machine-readable export of your personal data, including your BaZi chart, conversation history, and account information.
  • Correction — you can update your birth profile and account information at any time through the app settings.
  • Objection — you can object to specific data processing activities by contacting us. Note that objecting to essential processing (such as chart computation from birth data) may prevent us from providing the service.

To exercise any of these rights, contact us at support@joinflow.pro. We will respond within 30 days.

7. Cookies

Flow+ uses only essential cookies required for authentication. Specifically, we use Supabase authentication session cookies to keep you signed in across visits. These cookies are strictly necessary for the service to function and cannot be opted out of while using Flow+.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking or behavioural advertising.

8. Data Security

We implement reasonable technical and organisational measures to protect your personal data, including:

  • Encryption in transit (TLS/HTTPS for all connections).
  • Encryption at rest for database storage.
  • Row-level security policies ensuring users can only access their own data.
  • Hashed and salted passwords (never stored in plaintext).
  • Regular security reviews of our infrastructure and dependencies.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@joinflow.pro.

9. Children

Flow+ is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@joinflow.pro and we will promptly delete that data.

10. International Data Transfers

Your data may be processed and stored in jurisdictions outside your country of residence. Our third-party service providers (Supabase, Stripe, Anthropic, Netlify, Resend) operate infrastructure globally. By using Flow+, you consent to the transfer of your data to these jurisdictions. We ensure that all service providers maintain appropriate data protection standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the service. Your continued use of Flow+ after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: support@joinflow.pro

Website: joinflow.pro