Back to app

Privacy Policy

Effective Date: January 1, 2026 · Last Updated: March 2026

1. Introduction

WidgetFlow (“we,” “us,” or “our”) is operated by Andrew Joseph Barron (“Owner”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit and use WidgetFlow at https://www.widgetflow.ai (the “Platform”).

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2. Information We Collect

Information You Provide Directly

  • Account information: Name, email address, and password when you register through Clerk authentication
  • Profile information: Any optional profile details you choose to provide
  • Content you create: Notes, journal entries, goals, tasks, documents, AI prompts, and other content created on the canvas
  • Communications: Messages sent to us via contact@widgetflow.ai or through the Platform

Information Collected Automatically

  • Usage data: Pages visited, features used, widgets created, canvas interactions, and session duration
  • Device and browser information: IP address, browser type and version, operating system, device identifiers
  • Log data: Server logs, error reports, and performance data
  • Cookies and tracking technologies: See our Cookie Policy for full details

Information from Third-Party Services

  • Authentication providers: If you sign in via Google or other OAuth providers through Clerk, we receive basic profile information (name, email, profile picture) as permitted by your settings with that provider
  • Payment processors: Stripe provides us with transaction confirmation and limited billing information. We do not store full payment card details

Sensitive Personal Information

We may collect the following categories of sensitive information through your use of AI features and journaling tools: personal reflections, goals, and challenges you choose to share with the AI system. You control what you share. We do not use this information for advertising purposes.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Platform
  • Process your account registration and manage authentication
  • Deliver AI-powered features including Three Brain persona responses, AI Chat, and AI Looper
  • Process payments and manage subscriptions through Stripe
  • Store and sync your canvas content, widgets, and documents
  • Send transactional emails (account confirmation, billing receipts) via SendGrid
  • Monitor platform performance and diagnose errors via Sentry
  • Respond to your requests and provide customer support
  • Improve and develop new features
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your personal information for targeted advertising.

4. How We Share Your Information

We may share your information with:

Service Providers (Data Processors):

  • Clerk — Authentication and user identity management
  • Stripe — Payment processing and subscription management
  • Neon (PostgreSQL) — Database hosting and storage
  • Vercel — Platform hosting and deployment infrastructure
  • xAI (Grok API) — AI inference for AI Chat, AI Looper, and Three Brain features
  • Cloudinary — Media and image storage and delivery
  • SendGrid — Transactional email delivery
  • Sentry — Error monitoring and performance tracking

All service providers are contractually bound to use your information only as directed by us and in accordance with this policy.

Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Platform. Specifically:

  • Account data: Retained for the life of your account plus 90 days after deletion
  • Canvas content and documents: Retained for the life of your account; deleted within 30 days of account deletion
  • AI conversation history: Retained for the life of your account; you may delete individual sessions at any time
  • Payment records: Retained for 7 years as required by financial regulations
  • Server logs and error data: Retained for 90 days

You may request deletion of your account and associated data at any time. See Section 9 for your rights.

6. Data Security

We implement reasonable technical and organizational security measures including:

  • HTTPS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Access controls limiting employee access to personal information
  • Regular security reviews

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Platform. See our full Cookie Policy for details on what we use and your options.

8. International Data Transfers

WidgetFlow is operated from the United States. All infrastructure (Vercel, Neon, Clerk, Stripe, xAI) is US-based. If you access the Platform from the European Union, United Kingdom, or other regions with data protection laws, your information will be transferred to and processed in the United States.

For transfers from the EU/EEA and UK, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the legal mechanism for transfer. Our third-party processors (Stripe, Clerk, etc.) maintain their own SCC compliance.

We do not maintain a physical EU or UK representative at this time.

9. Your Privacy Rights

All Users

You have the right to:

  • Access a copy of the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your account and personal data
  • Opt out of non-essential communications
  • Export your content and data

California Residents (CCPA/CPRA)

California residents have additional rights:

  • Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to what is necessary to provide the service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise California rights, contact us at contact@widgetflow.ai. We will respond within 45 days.

EU/EEA and UK Residents (GDPR/UK GDPR)

If you are located in the EU/EEA or UK, you have the right to:

  • Access, rectify, or erase your personal data
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with your local supervisory authority

Our legal basis for processing is primarily contract performance (to provide the Platform) and legitimate interests (platform security and improvement). For AI features involving sensitive reflections, we rely on your explicit consent, which you may withdraw at any time.

10. Children’s Privacy

WidgetFlow is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a minor, we will delete it promptly. Contact us at contact@widgetflow.ai if you believe we have inadvertently collected information from a minor.

11. AI Features and Your Data

WidgetFlow includes AI-powered features (AI Chat, AI Looper, Three Brain) powered by the xAI Grok API. When you use these features:

  • Your prompts and conversation content are transmitted to xAI for inference
  • AI responses are generated by xAI’s models and returned to you
  • We store conversation history in our database to enable continuity and memory features
  • You may opt out of AI context features using the toggle controls within each AI widget
  • You may delete individual AI conversations from your account

Refer to xAI’s privacy policy for information on how they handle inference data.

12. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date and, for material changes, notify you via email or an in-app notice. Continued use of the Platform after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy questions, requests, or concerns:

Andrew Joseph Barron DBA WidgetFlow
Email: contact@widgetflow.ai
Website: https://www.widgetflow.ai
Temple, Texas, United States