Flows CV Logo
Legal

Privacy Policy

Last updated: January 2, 2026

Flows CV ("Flows," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at flows.cv and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Email address, password, and username when you create an account.
  • Profile Information: Name, job title, biography, location, profile photo, and personal website.
  • Portfolio Content: Projects, work experience, education history, skills, social links, blog posts, and any other content you add to your portfolio.
  • Resume Data: Information extracted from uploaded resumes or imported from LinkedIn profiles.
  • Communications: Messages you send through our contact forms or customer support channels.
  • Job Application Materials: Resumes, cover letters, and other materials you create or store on the platform.

1.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

  • Device Information: Browser type, operating system, device type, and unique device identifiers.
  • Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths.
  • Location Information: Approximate geographic location based on IP address (country and city).
  • Log Data: IP addresses, access times, referring URLs, and error logs.

1.3 Tracking Links and Analytics

If you create tracking links to share your portfolio, we collect detailed analytics about visitors who access your portfolio through those links:

  • Visitor Analytics: View counts, unique visitors, time spent on portfolio, and projects viewed.
  • Session Information: Browser, device, operating system, and referrer URL of visitors.
  • Geographic Data: Visitor country and city based on IP address.
  • Session Recordings: We use rrweb technology to record visitor sessions on your portfolio, allowing you to replay how visitors interact with your content. These recordings capture mouse movements, clicks, scrolls, and page interactions but do not capture keystrokes in input fields or sensitive data.

1.4 AI and Machine Learning Data

We use AI features to enhance your experience:

  • AI Chat: When visitors use the AI chat feature on your portfolio, their questions and the generated responses are processed.
  • Vector Embeddings: We create mathematical representations (embeddings) of your portfolio content to power AI-driven features like semantic search and personalized job matching.
  • Content Enhancement: When you use AI writing assistance, your content is processed to generate suggestions.
  • Job Matching: Your skills, experience, and preferences are analyzed to match you with relevant job opportunities.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account and portfolio
  • Process and display your portfolio content to visitors
  • Provide tracking analytics for your shared links
  • Power AI features including content suggestions, chat, and job matching
  • Send you notifications about portfolio activity, new job matches, and access requests
  • Send transactional emails (password resets, account confirmations)
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve our Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Third-Party Services

We use trusted third-party services to operate our platform. These services may process your data according to their own privacy policies:

Supabase

Database hosting and authentication. Stores your account data, portfolio content, and application data securely with PostgreSQL and Row Level Security.

View Supabase Privacy Policy →

Microsoft Azure OpenAI

Powers our AI features including content generation, job matching analysis, and the AI chat assistant. Your content is processed to generate AI responses but is not used to train AI models.

View Microsoft Privacy Statement →

PostHog

Product analytics to understand how users interact with our Service. Helps us improve features and fix issues. We may use feature flags to test new functionality.

View PostHog Privacy Policy →

Resend

Email delivery service for transactional emails (notifications, password resets, shortlist alerts). Processes email addresses and message content.

View Resend Privacy Policy →

Vercel

Hosts and serves our website. Processes requests and may log access data for security and performance monitoring.

View Vercel Privacy Policy →

Firecrawl

Web scraping service used for importing portfolio content and extracting job posting information. Processes URLs and publicly available web content you choose to import.

View Firecrawl Privacy Policy →

Parallel

AI research platform used to gather company information, funding data, and business insights for our job discovery features. Helps enrich job listings with relevant company context.

View Parallel Privacy Policy →

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication, session management, and core functionality.
  • Analytics Cookies: Help us understand how you use our Service (via PostHog).
  • Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Public Portfolio: Your portfolio content is publicly visible at your chosen URL unless you enable password protection.
  • Service Providers: We share data with third-party services as described in Section 3 to operate our platform.
  • Job Matching: With your consent, your profile information may be shared with employers or recruiters for job matching purposes.
  • Legal Requirements: We may disclose your information if required by law, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.
  • Protection of Rights: To protect the rights, property, or safety of Flows, our users, or others.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Row Level Security (RLS) policies in our database
  • Regular security audits and monitoring
  • Access controls and authentication requirements
  • Secure password hashing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

  • Account Data: Retained until you delete your account.
  • Portfolio Content: Retained until you delete specific content or your account.
  • Tracking Analytics: Session data and analytics are retained for up to 2 years.
  • Session Recordings: Retained for up to 90 days.
  • Log Data: Retained for up to 30 days for debugging purposes.

After account deletion, we may retain certain information as required by law or for legitimate business purposes (such as fraud prevention).

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information.
  • Data Portability: Request a copy of your data in a portable format.
  • Opt-out: Opt out of marketing communications at any time.

8.2 For European Users (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Right to object to processing based on legitimate interests
  • Right to restrict processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

8.3 For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@flows.cv.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@flows.cv, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy, including using Standard Contractual Clauses approved by the European Commission where applicable.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@flows.cv

Website: flows.cv/contact