Privacy Policy

Last updated: February 9, 2026

1. Introduction

ClearFlow AI Inc. ("ClearFlow," "we," "us," or "our") operates the ClearFlow platform, including the Creator, Educator, Executive, and Marketing platforms, the AI Chief of Staff console, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe.

Voice Data

If you use voice features (FlowSpeak, Voice-to-Content, AI Receptionist), we process voice recordings for transcription and synthesis. Voice data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM). Voice biometric data (Voice DNA) is stored as an irreversible hash and never as raw audio.

Usage Data

We collect information about how you use ClearFlow, including FlowCoin consumption, feature usage patterns, and performance metrics to improve our services.

Financial Data (Executive Platform)

If you connect financial accounts through Plaid or Belvo, we access transaction data and account balances as authorized by you. We do not store banking credentials.

3. How We Use Your Information

  • Providing, maintaining, and improving our services
  • Processing transactions and managing subscriptions
  • Voice processing, transcription, and content generation
  • Content safety and moderation (FlowGuard)
  • Customer support and communication
  • Analytics and service optimization
  • Compliance with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Stripe (payments), Supabase (database), ElevenLabs and Deepgram (voice), Anthropic (AI processing), Plaid/Belvo (banking)
  • Legal requirements: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

5. GDPR Rights (EU Users)

If you are in the European Economic Area, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict processing, data portability, and object to processing. To exercise these rights, contact us at privacy@clearflowai.ca.

6. CCPA Rights (California Users)

California residents have the right to: know what personal information is collected, request deletion, opt-out of sale (we do not sell data), and non-discrimination for exercising rights.

7. FERPA Compliance (Education)

Our Educator Platform is designed to comply with the Family Educational Rights and Privacy Act (FERPA). Student educational records are protected with role-based access controls, audit logging, and encryption. Educational institutions maintain ownership of student data.

8. HIPAA Awareness (Wellness)

Features involving health and wellness data (FlowWell, Lumora) are designed with health data safeguards. While ClearFlow is not a covered entity under HIPAA, we apply HIPAA-aligned practices for any health-related data processing.

9. Data Security

  • AES-256-GCM encryption for data at rest
  • TLS 1.3 for all data in transit
  • SOC 2 preparation in progress
  • FlowGuard content safety monitoring
  • Role-based access controls
  • Regular security audits and penetration testing

10. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove personal data within 30 days, except where retention is required by law. Voice recordings used for transcription are automatically deleted after processing unless you explicitly save them.

11. Contact Us

For privacy inquiries, data requests, or complaints:

ClearFlow AI Inc.
Email: privacy@clearflowai.ca
Website: clearflowstudio.com