Back to Home

Privacy Policy

Last updated: June 2026

1. Information We Collect

We collect information to provide and improve CollabFlow. The types of information we collect include:

a) Information You Provide

  • Account information: When you create an account, we collect your email address, display name, username, and password (for email sign-up) or the profile information shared by your OAuth provider (Google or Twitch).
  • Profile details: Information you add to your creator profile, including bio, location, avatar, banner image, social media handles, portfolio links, niche tags, audience metrics, and availability status.
  • Content: Pitches you send or receive, collaboration workspace content (tasks, notes, milestones, assets), casting board posts, and messages exchanged with other users through our real-time messaging system.
  • Payment information: When you subscribe to CollabFlow Pro, your payment details are collected and processed directly by our payment processor, Paddle. We store your Paddle customer ID and subscription ID but do not store your credit card number, bank account details, or other financial payment credentials on our servers.
  • Feedback and communications: Any feedback, ratings, or support requests you submit through the platform.

b) Information Collected Automatically

  • Usage data: Features you interact with, pages you visit, profile views you generate, and how you use collaboration workspaces.
  • Profile analytics: We track profile view counts, pitch conversion rates, and engagement metrics to provide analytics features to creators.
  • Cookies and session data: We use essential cookies to manage your authentication session via Supabase. These cookies are required for the service to function and keep you securely logged in. We do not use advertising or third-party tracking cookies.
  • File metadata: When you upload assets to workspaces, we store the file name, size, type, and upload timestamp alongside the file itself.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the CollabFlow platform.
  • Process and manage your subscription and billing through Paddle.
  • Enable collaboration features including pitching, workspaces, real-time messaging, and casting boards.
  • Display your public creator profile to other users to facilitate discovery and collaboration.
  • Generate profile analytics and engagement metrics (for Pro subscribers).
  • Enforce subscription-tier limits (e.g., storage quotas, active collaboration caps).
  • Send you service-related notifications, including pitch responses, collaboration invitations, and system updates.
  • Detect, prevent, and address abuse, fraud, or technical issues.
  • Improve and develop new features for the platform.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Public profile: Your creator profile (username, display name, avatar, bio, niche tags, audience tier, and any information you choose to make public) is visible to other CollabFlow users and may be indexed by search engines.
  • Collaborators: When you accept a collaboration pitch or join a workspace, your profile information and workspace content are shared with the other collaborator(s) in that workspace.
  • Service providers: We use the following third-party services to operate CollabFlow:
    • Supabase — database hosting, authentication, file storage, and real-time messaging infrastructure.
    • Paddle — payment processing and subscription billing for CollabFlow Pro.
    • Google & Twitch — OAuth authentication providers for account sign-in.
    • Vercel — application hosting and deployment.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of CollabFlow, our users, or the public.

4. Cookies

CollabFlow uses strictly essential cookies to maintain your authenticated session. We do not use analytics cookies, advertising cookies, or third-party tracking cookies. The session cookies are set by Supabase and are required for the platform to function correctly.

5. Data Storage and Security

Your data is stored securely on Supabase-managed infrastructure. We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS) for all communications.
  • Row-Level Security (RLS) policies on our database to ensure users can only access data they are authorized to view.
  • Secure authentication token management via Supabase Auth.
  • Payment data processed and stored exclusively by Paddle under PCI DSS compliance — we never handle or store your payment credentials.

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide you with our services.

  • Account deletion: You can request account deletion from your profile settings. When you initiate deletion, your account is scheduled for permanent removal after a 30-day grace period. During this period, you can cancel the deletion by logging back in.
  • After deletion: Once the 30-day grace period expires, your account data, profile information, workspace content, and uploaded files are permanently deleted from our systems.
  • Retained data: We may retain anonymized or aggregated data that cannot identify you for analytics and service improvement. We may also retain certain information as required by law or for legitimate business purposes such as fraud prevention.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You can access and download your profile data at any time through your account settings.
  • Correction: You can update your profile information at any time through the platform.
  • Deletion: You can delete your account and associated data as described in Section 6.
  • Portability: You may request a copy of your personal data in a structured, commonly used format.
  • Objection: You may object to certain processing of your data where we rely on legitimate interests.

To exercise any of these rights, please contact us at privacy@collabflow.app.

8. Children's Privacy

CollabFlow is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of CollabFlow after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@collabflow.app.