Privacy Policy

1. Who We Are

RecallFlow ("we", "us") operates the website recallflow.uk and the RecallFlow application. We are the data controller for personal data processed through the Service. Contact us at support@recallflow.uk.

2. What Data We Collect

• Account data: Your email address and encrypted password, collected when you create an account.
• Memory content: Notes, text, and files you save to the Service.
• Usage data: How you interact with the Service (searches, memory access patterns) to improve resurfacing and search quality.
• Payment data: Processed by Stripe. We store only your Stripe customer ID and subscription status — never raw card details.

3. How We Use Your Data

• To provide and operate the Service
• To process your memories with AI (summarisation, tagging, semantic search)
• To send transactional emails (account confirmation, password reset)
• To process payments via Stripe
• To improve the Service and fix issues

We do not sell your data. We do not use your content for advertising.

4. AI Processing

When you save a memory, its content is sent to:

• Anthropic (Claude) — to generate summaries, tags, and search rankings. Governed by Anthropic's Privacy Policy.
• OpenAI — to generate vector embeddings for semantic search. Governed by OpenAI's Privacy Policy.

Your content is not used to train AI models by these providers under their API terms.

5. Third-Party Services

• Supabase — authentication and database storage (EU region).
• Stripe — payment processing. See Stripe's Privacy Policy.
• Vercel — application hosting.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, your memories and personal data are deleted within 30 days. Stripe may retain billing records as required by law.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Restrict or object to processing
• Data portability (receive your data in a machine-readable format)
• Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email support@recallflow.uk.

8. Cookies

We use only functional cookies required for authentication (session tokens). We do not use tracking or advertising cookies.

9. Security

Passwords are hashed and never stored in plain text. All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted.

10. Changes to This Policy

We will notify you by email of material changes to this policy. The date at the top of this page reflects the most recent update.

11. Contact

For any privacy-related questions, email support@recallflow.uk.