Skip to main content
FeaturesPricingLog inStart free →

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller is the operator identified in our Imprint.

2. Data We Collect

2.1 Website & Web App (flowplug.ai)

  • Email address and password upon registration
  • Payment data (processed by Stripe, Inc. — we do not store card details)
  • Uploaded product images and generated assets
  • Usage data: credit consumption, generation jobs, brand profiles

2.2 Chrome Extension

  • Product URLs, product titles, and image URLs from AliExpress product pages
  • Authentication tokens (stored locally in the extension via chrome.storage.local)

The extension only reads data from AliExpress product pages (aliexpress.com/item/*, aliexpress.us/item/*). No data is collected from any other websites.

3. Purpose of Data Processing

  • Providing and operating the Flowplug platform and Chrome Extension
  • Authentication and account management
  • Extracting product images for AI-powered image generation
  • Billing and credit management
  • Improving our service

4. Legal Basis

We process your data on the following legal grounds:

  • Contract performance — providing the service you signed up for, billing
  • Legitimate interest — security, fraud prevention, service improvement

For users in the European Economic Area (EEA), this corresponds to Art. 6(1)(b) and Art. 6(1)(f) GDPR.

5. Data Retention

  • Extraction data: 10 minutes in server memory, then automatically deleted
  • Auth tokens (Extension): Stored locally in the extension, deleted on logout
  • Account data: Until account deletion
  • Generated assets: Until deleted by the user or upon account deletion
  • Payment records: As required by applicable law

6. Third-Party Sharing

We do not sell personal data. We use the following service providers:

  • Supabase, Inc. — Hosting, authentication, database (EU data center)
  • Stripe, Inc. — Payment processing
  • Vercel, Inc. — Web hosting and serverless functions
  • OpenAI, Inc. / Google LLC — AI image generation (product image data only, no personal data)

Appropriate data processing agreements are in place with all service providers.

7. Cookies & Local Storage

  • Session cookie: Supabase auth session (strictly necessary, no consent required)
  • Locale cookie: Language preference (strictly necessary)
  • chrome.storage.local: Extension auth token (stored locally on the user's device only)

We do not use tracking cookies or third-party analytics services.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — restrict processing of your data
  • Portability — receive your data in a portable format
  • Objection — object to processing of your data

To exercise any of these rights, contact us at: support@flowplug.ai

9. Changes

We may update this privacy policy from time to time. The current version is always available at this URL.