Privacy Policy
COTflow ("we", "our", "the service") is operated by Renaud Blaser, an individual based in Switzerland. This policy explains what data we collect, how we use it, and your rights regarding your personal information.
1. What data we collect
We collect only what is strictly necessary to operate the service:
- Account data: your email address and name, collected when you sign in via Clerk (our authentication provider). You may sign in using Google OAuth — in that case, Google shares only your email and display name with us.
- Payment data: billing information (card details, billing address) collected and processed exclusively by Lemon Squeezy, our payment processor. We never see or store your full card number.
- Usage data: we do not use analytics tools. We do not track page views, clicks, or user behavior. No cookies are set by COTflow beyond what Clerk requires for authentication sessions.
2. How we use your data
- To authenticate you and manage your access to the service
- To verify your subscription status and unlock paid features
- To send transactional emails (purchase confirmation, cancellation) via Lemon Squeezy
- We do not send marketing emails. We do not sell your data. We do not share your data with advertisers.
3. Third-party processors
COTflow relies on the following sub-processors, each with their own privacy policies:
- Clerk (authentication) — clerk.com/privacy
- Lemon Squeezy (payments & subscriptions) — lemonsqueezy.com/privacy
- Netlify (hosting) — netlify.com/privacy
- Groq (AI inference for contextual analysis) — queries contain only anonymized market data, no personal information — groq.com/privacy-policy
4. Data retention
Your account data is retained as long as your account exists. If you delete your account or request deletion, your data is removed from Clerk within 30 days. Payment records may be retained by Lemon Squeezy for legal and accounting purposes as required by applicable law.
5. Your rights (GDPR & Swiss nFADP)
If you are located in the European Union or Switzerland, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict processing of your data
- Receive your data in a portable format
To exercise any of these rights, contact us at hello@cotflow.app. We will respond within 30 days.
6. California residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information. We do not sell personal information. To submit a request, contact hello@cotflow.app.
7. Data security
All data is transmitted over HTTPS. Authentication tokens are managed by Clerk with industry-standard security practices. We do not store passwords. Payment data is handled entirely by Lemon Squeezy and never passes through our servers.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of the service after a policy update constitutes acceptance of the revised terms.
9. Contact
Questions about this privacy policy? Contact us at hello@cotflow.app.