Privacy Policy

Introduction

Flow Copilot is currently in beta. This policy covers all data practices during the beta period.

This Privacy Policy explains how Second Brain AI ("we", "us", or "our"), a company based in Romania, European Union, collects, uses, discloses, and safeguards your information when you use our website, mobile application, and related services (collectively, the "Services"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Services.

Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Services.

Personal Information

• Email address
• Name
• Onboarding survey responses (ADHD status, gender, referral source, intended use case)
• Any other information you choose to provide (e.g., in notes or questionnaires)

Automatically Collected Information

• Timestamps of activities
• Device information
• IP address
• Usage analytics events and interactions (PostHog, EU-hosted)
• Error and crash reports including session replays (Sentry, EU-hosted)
• Push notification tokens and device identifiers

Information You Grant Us Access To

• Audio and voice recordings — sent to your selected speech-to-text provider (Groq, OpenAI, or ElevenLabs) for transcription; not permanently stored
• Calendar data — Google Calendar events, times, locations, and attendees via OAuth
• Camera and photo library — for task breakdown; images are not stored beyond immediate use

How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our Services
• Managing authentication and accounts
• Processing voice input through AI for transcription, action parsing, and scheduling
• Syncing calendar events alongside tasks
• Sending push notifications for reminders
• Analyzing usage patterns and errors to improve our Services (PostHog and Sentry)
• Communicating changes or product updates

During the beta, we retain and analyze usage data to understand how Flow Copilot is used, identify bugs, and improve the product. We minimize personal data use wherever possible and will update this policy before general availability.

Our legal basis for processing your personal data under GDPR is your consent, contract performance, or our legitimate interests.

Data Storage and Security

We store your data using Convex as our backend and database provider, with local device storage (MMKV) for offline access. Our application is hosted on Vercel.

We implement appropriate technical and organizational measures to protect your personal data:

• Data encryption in transit and at rest
• Access controls and authentication
• Regular security audits
• Compliance with industry standards

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Third-Party Services

We use the following third-party services that may process your personal data:

• Clerk for authentication - Clerk Privacy Policy
• Convex for backend and database - Convex Privacy Policy
• ElevenLabs for speech-to-text (user-selectable) - ElevenLabs Privacy Policy
• Expo for push notifications - Expo Privacy Policy
• Google for calendar sync (OAuth) - Google Privacy Policy
• Groq for speech-to-text (user-selectable) - Groq Privacy Policy
• OpenAI for transcription and action parsing - OpenAI Privacy Policy
• PostHog for product analytics (EU-hosted) - PostHog Privacy Policy
• Sentry for error tracking and session replay (EU-hosted) - Sentry Privacy Policy
• Vercel for hosting - Vercel Privacy Policy

Your speech-to-text provider is user-selectable. PostHog and Sentry are EU-hosted. These providers have their own privacy policies, and we encourage you to review them.

Data Sharing and Disclosure

We will never sell your personal data.

We do not sell, rent, or trade your personal information to third parties for marketing purposes, and we never will. We may share your information with:

• Third-party service providers as mentioned above
• Legal authorities if required by law
• In connection with business transfers

Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

• Access your data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent

To exercise these rights, contact us at gm@theadhdcopilot.com. We will respond within one month.

Changes to This Policy

We may update this Privacy Policy from time to time, particularly as we transition from beta to general availability. We will notify you of any significant changes via email or in-app notification, and will always post the updated policy on this page with a revised "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:gm@theadhdcopilot.com.