Privacy Policy
Effective May 3, 2026 · BioFlow is a product of Devino Solutions (14930398 Canada Inc.), Ottawa, ON, Canada.
This policy explains what data BioFlow (“we”, “us”) collects from creators and visitors, why we collect it, who we share it with, and how you can exercise your rights. We aim to keep it short and honest. If anything is unclear, email [email protected].
What we collect
- Account data. Email, display name, hashed password, and (if you sign in with Google or Apple) the OAuth identifier returned by those providers.
- Bio page content. Whatever you publish on your BioFlow page — handles, links, descriptions, themes, and any images or audio you upload.
- Usage analytics. Page views and interaction events captured by PostHog so we can improve the product. No third-party advertising trackers.
- Error and performance reports. If the app crashes or a request is slow, Sentry receives a stack trace and a small amount of context (URL, user id) to help us debug.
- Payment data. If you accept tips or sales, Stripe processes the charge and stores card and payout information on its own infrastructure. We only store transaction metadata (amount, status, application fee).
- Subscription state. If you upgrade to a paid plan, RevenueCat tracks the status of that subscription.
- Connected accounts. If you link a third-party service (Instagram, Shopify, TikTok, Calendly, Cal.com, Mailchimp), we store an encrypted access token to read on your behalf.
- Logs. We log IP address, user agent, and request path for short-term security, abuse prevention, and rate-limiting.
- Cookies. We use a first-party cookie to keep you signed in and a small local-storage entry for your theme preference. We do not use third-party advertising cookies.
How we use your data
- To run the service: render your bio page, process payments, deliver email.
- To debug crashes and improve performance.
- To understand which features are used so we can prioritise improvements.
- To detect abuse, fraud, and spam.
- To send transactional email (verification, password reset, payment receipts, replies to your support requests).
We do not sell your personal data, and we do not use it to train machine-learning models without explicit consent.
Who we share with
We share the minimum data required with the third parties listed below. Each operates under its own privacy policy:
- Stripe (payment processing) — stripe.com/privacy
- RevenueCat (subscription management) — revenuecat.com/privacy
- PostHog (product analytics) — posthog.com/privacy
- Sentry (error tracking, self-hosted on our infrastructure)
- Google (Sign in with Google) — policies.google.com/privacy
- Backblaze B2 (object storage for uploaded media)
- UseSend (transactional email, self-hosted on our infrastructure)
Where we store data
Application data is stored on infrastructure operated by Devino Solutions in the European Union and the United States. Backups are encrypted at rest. Stripe stores payment data in its own infrastructure under PCI-DSS controls.
How long we keep it
Account data is kept for the lifetime of your account and deleted within 30 days of account deletion. Anonymised analytics is retained for up to 24 months. Payment records are kept for 7 years to comply with tax law.
Your rights
You can request access, correction, export, or deletion of your data, or object to specific processing, at any time. Contact [email protected] and we will respond within 30 days.
Children
BioFlow is not directed at children under 13 (or under 16 in the EU/UK), and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.
Changes
We will update this page when our practices change. Material changes will be announced by email or in-app at least 14 days before they take effect.
Contact
Devino Solutions (14930398 Canada Inc.)
2149 Johnston Rd, Ottawa, ON K1G 5K1, Canada
Email: [email protected]