Legal

Privacy Policy

Last updated: May 17, 2026

1. Who We Are

Ideaflow is a video idea generation tool based in California. We help creators come up with YouTube video ideas using AI — give us a niche, get back titles, hooks, outlines, and more.

This Privacy Policy explains what data we collect when you use Ideaflow, why we collect it, and how we keep it safe. We've tried to write this in plain English, because privacy policies shouldn't require a law degree.

2. What Data We Collect

We collect only what we need to run the service. Here's what that looks like:

Email address

Required to create and manage your account.

Display name

Optional. Only used to personalize your experience in the app.

Google sign-in data

When signing in with Google, we receive your name, email address, and profile picture from Google.

Usage data

How many idea generations you've used, which niches and topics you've entered, and general interaction patterns. We use this to improve the product.

YouTube channel data

If you use the channel analysis feature, we fetch your channel's recent video titles and descriptions via the YouTube Data API. This data is used only to generate your channel style profile and is not stored raw.

Channel style profile

An AI-generated analysis of your channel's tone, format, and themes, derived from your YouTube data and stored in your account.

Payment data

Processed entirely by Stripe. We never see or store your card number, CVV, or full billing details — Stripe handles all of that securely.

3. How We Collect It

We collect data in three ways:

  • When you create an account — you give us your email address directly.
  • When you use the tool — we log your generation count and the inputs you submit.
  • When you subscribe — Stripe collects and processes your payment information and shares a minimal confirmation with us (e.g. subscription status, plan type).

We don't buy data from third parties or collect data about you from other websites.

4. Why We Collect It

We use your data to:

  • Provide and operate the Ideaflow service
  • Manage your account and subscription tier
  • Enforce usage limits and unlock features based on your plan
  • Understand how people use the tool so we can make it better
  • Send important account updates (e.g. billing receipts, policy changes) — no marketing spam

We don't use your data to build advertising profiles or sell insights about you.

5. Data Sharing

We do not sell your personal data to third parties. Ever.

We share data only with the two infrastructure providers that power the service:

Supabase

Our database and authentication provider. Your account data and usage records are stored here. Supabase is SOC 2 compliant and used by thousands of production applications.

Stripe

Our payment processor. Stripe handles all subscription billing and stores your payment method. We only receive high-level subscription status — never your full card details.

YouTube Data API (Google)

Used to fetch channel video data for the channel analysis feature. Subject to Google's Privacy Policy and YouTube's Terms of Service.

That's the complete list. No analytics platforms, no ad networks, no data brokers.

6. Cookies

We use a minimal number of cookies — just what's needed to keep you logged in and maintain your session. No advertising cookies, no cross-site tracking, no third-party cookie networks.

If you clear your cookies, you'll be logged out. That's about the full extent of our cookie footprint.

7. Your Rights

You're in control of your data. You can:

  • Access the data we hold about you
  • Update your display name at any time from your profile page
  • Request a copy of your data
  • Ask us to delete your account and all associated data

To delete your account or make a data request, email us at support@ideaflow.one. We'll respond within 7 days.

8. Data Retention

We keep your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymized, aggregated usage statistics (with no link back to you) may be retained longer to help us improve the product.

Stripe may retain payment records for longer periods in accordance with their own legal obligations and policies.

9. Security

We take security seriously. Here's what we do to protect your data:

  • All data is stored securely via Supabase with industry-standard encryption at rest
  • All connections to Ideaflow use HTTPS — your data is encrypted in transit
  • Payments are handled entirely by Stripe, which is PCI-DSS Level 1 certified
  • We don't store passwords — authentication is handled securely via Supabase Auth

No system is perfectly secure, but we follow best practices and take the protection of your information seriously.

10. Children's Privacy

Ideaflow is not directed at children under 13. We don't knowingly collect personal data from anyone under 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that a child under 13 has created an account, we will delete the account and all associated data promptly. If you believe this has happened, please contact us at support@ideaflow.one.

11. California & CCPA Rights

If you're a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:

  • Right to know what personal data we collect and how it's used
  • Right to request deletion of your personal data
  • Right to opt out of the sale of personal data — though we don't sell your data, so this is already covered
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@ideaflow.one.

12. GDPR (European Users)

If you're based in the European Union or European Economic Area, GDPR gives you additional rights over your personal data. These include the right to access, rectify, erase, restrict processing of, and port your data.

Our legal basis for processing your data is the performance of a contract (providing you the service you signed up for) and legitimate interests (improving the product).

To submit a GDPR data request, email us at support@ideaflow.one. We'll respond within 30 days as required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a significant change — like collecting a new type of data or sharing it with new parties — we'll notify you by email or with a notice in the app before the change takes effect.

The "Last updated" date at the top of this page will always reflect when the policy was last revised. Continuing to use Ideaflow after a change means you accept the updated policy.

14. Contact Us

Have a question about this policy, want to request your data, or just want to say hi? We read every email — no bots, no auto-replies.

Also see our Terms of Service