Privacy Policy

1. Information We Collect

Personal Information

When you register for ComponentFlow, we collect:

• Account Information: Name, email address, and password
• Profile Information: Company name, role, and professional details
• Contact Information: When you contact us for support or inquiries

Usage Information

We automatically collect information about how you use our service:

• Platform Usage: Features used, projects created, time spent on platform
• Technical Information: IP address, browser type, device information
• Performance Data: Error logs, performance metrics, API usage

Design and Content Data

ComponentFlow processes your design files and content:

• Figma Files: Design data imported via Figma API
• Component Models: Templates and structures you create
• Content Fragments: Text, images, and media you upload
• Code and CSS: Custom styles and templates

2. How We Use Your Information

Service Provision

• Process and analyze your Figma designs using AI
• Generate component models and content fragments
• Provide real-time collaboration features
• Host and deploy your websites

Account Management

• Authenticate and authorize access to your account
• Process billing and subscription management
• Provide customer support and technical assistance
• Send important service notifications

Improvement and Analytics

• Analyze usage patterns to improve our platform
• Monitor performance and system reliability
• Develop new features and capabilities
• Conduct security monitoring and fraud prevention

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in these limited circumstances:

Team Collaboration

When you invite team members to your projects, relevant project data is shared with invited users according to their assigned permissions.

Service Providers

We work with trusted third-party providers who assist us in operating our platform:

• Cloud Infrastructure: Vercel, AWS for hosting and storage
• AI Services: Anthropic Claude for design analysis
• Payment Processing: Stripe for billing and subscriptions
• Analytics: Privacy-focused analytics providers

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights and safety.

4. Data Security

Technical Safeguards

• Encryption: All data transmitted and stored is encrypted using industry-standard methods
• Access Controls: Role-based permissions and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Audits: Security assessments and vulnerability testing

Data Isolation

• Row Level Security (RLS) ensures data isolation between users and organizations
• Environment separation between Development and Production data
• Secure API endpoints with authentication and authorization

5. Data Retention

We retain your information only as long as necessary:

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data retained for 12 months after last login
• Deleted Accounts: Data permanently deleted within 30 days
• Legal Requirements: Some data may be retained longer if required by law

6. Your Rights

Access and Control

You have the right to:

• Access: Request a copy of your personal data
• Update: Correct inaccurate or incomplete information
• Delete: Request deletion of your account and data
• Export: Download your projects and content
• Restrict: Limit how we process your information

Data Portability

You can export your component models, content fragments, and project data in standard formats at any time through your account settings.

7. Cookies and Tracking

ComponentFlow uses essential cookies and similar technologies:

• Essential Cookies: Required for platform functionality and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand platform usage (anonymized)

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

8. International Data Transfers

ComponentFlow operates globally and may transfer data internationally:

• Primary data centers located in the United States and Europe
• Data transfers comply with applicable privacy laws
• Appropriate safeguards ensure data protection during transfers

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify you of material changes via email or platform notification
• Post the updated policy with the revision date
• Provide 30 days notice for significant changes