FlowRead

Privacy Policy

Last updated: August 2025

Overview

FlowRead ("FlowRead", "we", "us", "our") provides tools to turn text into high‑quality audio with synchronized highlighting and learning features. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what we collect, how we use it, who we share it with, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

Data Controller: FlowRead

Address: FlowRead, 124 City Road, London, EC1V 2NX, United Kingdom

Contact: support@flowread.io

What data we collect

  • Account & communication data: Email address and communications if you contact us.
  • Waitlist data: Email submitted via LaunchList forms for priority access or updates.
  • Usage & analytics data: Pseudonymous product analytics events (e.g., page views, button clicks) and device information (browser, OS) collected via PostHog and Bento.
  • TTS processing data: Text you submit for conversion to speech and related metadata (e.g., voice selection, speed). We do not retain audio/text longer than necessary to deliver the feature or as configured by cache settings.
  • Technical data: IP address (processed transiently at the edge or by providers for security/abuse prevention), timestamps, error logs.

How we use your data (lawful bases)

  • Provide and improve the service (UK GDPR Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests): render TTS audio, highlight synchronization, measure performance, fix issues.
  • Analytics and product insights (Art. 6(1)(f) legitimate interests): understand feature usage to improve FlowRead. We avoid collecting unnecessary personal identifiers and honor do‑not‑track where supported.
  • Marketing communications / waitlist (Art. 6(1)(a) consent): send updates where you opted in (e.g., LaunchList). You may opt out at any time.
  • Security and fraud prevention (Art. 6(1)(f) legitimate interests; Art. 6(1)(c) legal obligation): protect our users and service.

Third‑party processors we use

We engage reputable vendors under data processing terms. Key providers currently include:

  • DeepInfra (TTS synthesis): processes text you submit to produce audio output.
  • OpenRouter (AI reasoning/models): processes prompts/content when AI features are invoked.
  • PostHog (web/product analytics; EU region): captures pseudonymous usage events; session recording is disabled in our current configuration.
  • Bento (analytics/events): captures product events and page views to understand engagement.
  • LaunchList (waitlist & email collection): stores emails you submit for priority access and sends confirmation/updates.

We may add or replace processors as we evolve. We require appropriate contractual and security safeguards.

International transfers

Your data may be processed outside the UK/EEA by our processors. Where transfers occur, we rely on appropriate safeguards such as the UK International Data Transfer Addendum (IDTA) and/or Standard Contractual Clauses (SCCs), plus additional technical and organizational measures (encryption in transit, access controls).

Retention

  • Waitlist emails: retained until you unsubscribe or the waitlist closes.
  • Analytics events: typically retained for up to 12–18 months (provider defaults) unless earlier deletion is requested or data is aggregated.
  • TTS content: processed transiently to deliver audio; we do not store user text/audio longer than needed to operate caching or troubleshoot issues.
  • Support communications: retained as long as necessary to resolve your request and for compliance.

Cookies and similar technologies

We use first‑party and provider SDKs to measure usage and reliability. Where required, we will present consent controls for non‑essential cookies/SDKs. You can also adjust your browser settings to limit cookies.

Your rights (UK GDPR)

  • Access your personal data
  • Rectification and erasure
  • Restriction or objection to processing (including analytics)
  • Data portability
  • Withdraw consent at any time (for marketing)
  • Lodge a complaint with the UK ICO: ico.org.uk

To exercise your rights, contact support@flowread.io. We may need to verify your identity before fulfilling a request.

Children’s privacy

FlowRead is not directed to children under 13. If you believe a child provided us personal data without appropriate consent, contact us and we will remove it.

Security

We use industry‑standard security measures, including encryption in transit, role‑based access, and monitoring. No method of transmission or storage is 100% secure; we continuously improve our safeguards.

Changes

We may update this policy to reflect changes in law or our services. We will post the updated version with a revised "Last updated" date. Significant changes may be communicated by email or site notice.

Contact

FlowRead, 124 City Road, London, EC1V 2NX — support@flowread.io