Privacy Policy

Last updated: March 2026

1. Introduction

FlowsKit ("we," "us," or "the Platform") operates the marketplace at flowskit.org. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website, services, and APIs. By accessing FlowsKit you agree to the practices described below.

2. Information We Collect

2.1 Account Information

When you create an account we collect your email address, display name, and profile avatar. Authentication is handled by Supabase Auth; we do not store raw passwords.

2.2 Seller Information

Sellers who connect a Solana wallet provide their public wallet address. We store this address to facilitate USDC payments. We never store private keys or seed phrases for seller wallets.

2.3 Purchase & Transaction Data

We record order history, listing interactions, and transaction amounts to process payments, calculate the 15% platform commission, and generate seller payouts.

2.4 Usage & Analytics Data

We automatically collect IP addresses, browser type, device identifiers, pages visited, and referral URLs. This data helps us improve the Platform and detect abuse.

2.5 Prompt Preview Data

When you use the live prompt preview feature, the prompt text you enter is sent to Anthropic's Claude API for processing. We do not permanently store preview inputs or outputs beyond the duration of the request.

3. How We Use Your Information

  • Provide, maintain, and improve FlowsKit services
  • Process purchases and distribute seller payouts via Solana/USDC
  • Send transactional emails (order confirmations, payout notifications)
  • Enforce our Terms of Service and prevent fraud or abuse
  • Comply with legal obligations
  • Generate aggregated, anonymized analytics to improve the marketplace

4. Third-Party Services

FlowsKit relies on the following third-party processors. Each operates under its own privacy policy:

  • Supabase — Authentication, database, and file storage.
    https://supabase.com/privacy
  • Solana — Blockchain network for USDC payment processing and seller payouts.
    https://solana.com/privacy-policy
  • Anthropic — AI model provider for live prompt previews (Claude API).
    https://anthropic.com/privacy
  • Vercel — Hosting and edge network.
    https://vercel.com/legal/privacy-policy

5. Cookies & Tracking

We use essential cookies to maintain your authentication session and remember preferences. We may use analytics cookies to understand how visitors interact with the Platform. You can disable non-essential cookies in your browser settings. Disabling essential cookies may prevent you from signing in.

  • Session cookies — Required for authentication (Supabase Auth tokens)
  • Preference cookies — Store UI settings such as theme preference
  • Analytics cookies — Anonymous usage metrics (if enabled)

6. Data Retention

We retain your account data for as long as your account is active. Transaction records are kept for a minimum of 7 years to comply with financial and tax regulations. If you delete your account, we remove personal data within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard measures including TLS encryption in transit, encrypted storage at rest, row-level security in our database, and regular access audits. Despite these measures, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights (GDPR & Global Privacy)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@flowskit.org. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our sub-processors.

10. Children's Privacy

FlowsKit is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform or sending an email to the address associated with your account. Continued use of FlowsKit after changes constitutes acceptance.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

privacy@flowskit.org