Privacy Policy

1. Introduction

ThinkFlow AI, a product of AppOrigin Inc. ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit thinkflowai.us and use our AI-powered platform (the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect information you provide directly to us, including:

Account Information: When you create an account, we collect your name, email address, and authentication credentials provided through our OAuth login provider.

Usage Data: We automatically collect information about how you interact with the Service, including prompts you submit, designs you generate, projects you create, pages you visit, and features you use.

Payment Information: When you purchase a subscription or credits, payment is processed by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment data — only a Stripe customer ID and transaction metadata for billing records.

Device & Technical Data: We collect your IP address, browser type and version, operating system, referring URLs, device identifiers, and cookie data to operate and improve the Service.

Communications: If you contact us at [email protected] or by phone at +1 732-798-0333, we retain the content of your messages and our responses.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Process transactions and send related billing notifications
• Send administrative messages, service updates, and security alerts
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent transactions and abuse
• Comply with legal obligations and enforce our Terms of Service
• Personalize your experience and deliver content relevant to your usage

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Sharing of Information

We may share your information in the following circumstances:

Service Providers: We share data with trusted third-party vendors who assist us in operating the Service, including Stripe (payment processing), our cloud infrastructure provider (hosting and database), and our AI model provider (generation services). These parties are contractually bound to protect your data.

Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of ThinkFlow AI, our users, or others.

Business Transfers: If ThinkFlow AI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Service:

Session Cookies: Required to maintain your authenticated session. Deleted when you close your browser.

Preference Cookies: Store your settings (e.g., selected device frame, theme) so you do not need to re-enter them on each visit.

Analytics Cookies: Help us understand how visitors interact with the Service using aggregated, anonymized data.

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features. See our Cookie Policy at thinkflowai.us/cookies for full details.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• TLS/HTTPS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secure, isolated database environments with strict access controls
• Regular security audits and vulnerability assessments
• Principle of least privilege for internal data access

No method of transmission over the Internet is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected] or +1 732-798-0333.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service:

• Account data is retained until you delete your account or request deletion.
• Generated designs and projects are retained until you delete them or close your account.
• Payment records are retained for 7 years to comply with financial and tax regulations.
• Server logs are retained for up to 90 days for security and debugging purposes.

To request deletion of your account and associated data, email us at [email protected] or call +1 732-798-0333. We will process your request within 30 days, subject to legal retention obligations.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data ("right to be forgotten").
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to our processing of your data for certain purposes.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected] or +1 732-798-0333. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly. Contact us at [email protected] if you believe we have inadvertently collected such information.

10. International Data Transfers

ThinkFlow AI operates in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure your data is treated securely regardless of where it is processed.

11. Third-Party Links

The Service may contain links to third-party websites, products, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by ThinkFlow AI.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.