Privacy Policy
Effective May 21, 2026
WriteFlow is developed and operated by Juraj Gajdos, an independent developer based in the European Union ("I," "me," or "my"). This Privacy Policy explains how I collect, use, and protect your information when you use WriteFlow on iPhone, iPad, or Mac, including the keyboard extension on iOS / iPadOS and the standalone app on macOS (collectively, the "Service").
This policy applies to all users worldwide and covers both distribution channels: WriteFlow on the App Store (iOS / iPadOS) and WriteFlow for Mac as a direct download from this website.
1. Information I collect
1.1 Text input data
When you use an AI feature (Rewrite, Translate, Generate, or custom tiles), the text in your current text field is temporarily sent to a secure server for AI processing. This text is:
- Transmitted over HTTPS with TLS 1.2 or higher
- Processed in real time to generate AI suggestions
- Not stored, logged, or retained on any server after processing is complete
- Not used to train AI models
This applies identically on iOS, iPadOS, and macOS.
1.2 User preferences (device-local)
The following preferences are stored locally on your device:
- Theme selection (light, dark, system)
- Tile configuration and custom presets
- Favorite prompts
- Haptic feedback preference (iOS only)
- iCloud sync preference
- Privacy consent status
These never leave your device unless you enable iCloud Sync
(see 1.5). On iOS / iPadOS this data lives in the App Group
container shared between the host app and the keyboard extension.
On macOS it lives in standard UserDefaults.
1.3 Account information (when you sign in)
WriteFlow lets you sign in to use your Pro subscription on multiple devices. Sign-in is optional — the app works without an account, subject to the free-tier limit.
When you sign in, I collect and store:
- A Supabase user ID (an opaque UUID)
- The email address linked to your sign-in identity (whether you signed in with Apple, Google, or email)
- The timestamp of your sign-in
- The identity provider you used (Apple, Google, or email OTP)
This data is stored at Supabase (see Section 4). You can delete your WriteFlow account at any time by emailing starsync.dev@outlook.com.
1.4 Subscription information
If you purchase a WriteFlow Pro subscription, the following data is collected by the relevant payment processor and shared with RevenueCat (my entitlement-management provider):
- Subscription tier (Monthly, Six Months, or Yearly)
- Purchase status (active, expired, in grace period)
- Purchase and renewal timestamps
- Receipt or transaction identifier (no card details)
On iOS / iPadOS, payment is processed by Apple through the App Store. On macOS, payment is processed by Stripe (acting as merchant of record via Stripe Managed Payments) through RevenueCat Web Billing.
Card numbers, billing addresses, and other payment-method details are handled exclusively by Apple or Stripe. I do not receive, store, or have any access to them.
1.5 iCloud data
If you enable iCloud Sync (in Settings), your tile presets, favorites, theme, and (on iOS) haptic preference are synced across your devices using Apple's iCloud Key-Value Storage. This data is governed by Apple's iCloud terms and privacy policy.
iCloud Sync uses your macOS or iOS Apple ID, which is independent from your WriteFlow sign-in. You can have one without the other.
1.6 Information I do NOT collect
- I do not collect keystrokes or typing patterns
- I do not collect passwords, credit card numbers, or other sensitive field data
- I do not collect contacts, photos, location, or device identifiers (beyond an anonymous device UUID used only for free-tier rate limiting)
- I do not use analytics, crash reporting, or tracking SDKs
- I do not collect any data when the keyboard or app is open without you triggering an AI feature
- I do not sell your personal information to anyone
2. Permissions
2.1 iOS / iPadOS — "Allow Full Access"
WriteFlow's keyboard extension requests "Allow Full Access" in iOS Settings. This permission is required solely to enable the keyboard to make network requests to the AI processing server. Without Full Access, AI features will not function and no data leaves your device.
With Full Access enabled:
- Text is only transmitted when you actively tap an AI tile
- The keyboard does not passively monitor or transmit what you type
- Network requests are made exclusively to the AI processing endpoint
2.2 macOS — Accessibility permission
WriteFlow on macOS requests Accessibility access (System Settings → Privacy & Security → Accessibility). This permission is required solely to read your currently selected text and replace it with the AI-rewritten version, which is the core function of the app.
With Accessibility access:
- Text is only read when you actively trigger an AI feature (e.g., the global keyboard shortcut)
- The app does not passively monitor or log what you type
- It does not record screen contents or interact with other applications beyond the read/replace gesture you initiate
You can revoke Accessibility access at any time in System Settings. The app will continue to launch but AI features will stop working.
3. How I use your information
Text submitted through AI features is used exclusively to:
- Generate rewritten, translated, or AI-composed text
- Return suggestions to your device in real time
Account information (1.3) is used to:
- Authenticate you on the device
- Sync your Pro subscription entitlement across your devices
Subscription information (1.4) is used to:
- Verify whether you have an active Pro subscription
- Enable Pro features when entitled
I do not use any of this data for advertising, profiling, or analytics.
4. Data sharing — sub-processors
I do not sell, rent, trade, or otherwise share your personal data with third parties for marketing, advertising, or profiling purposes.
To operate the Service I rely on a small number of sub-processors:
4.1 OpenAI — AI processing
- Provider: OpenAI, L.L.C. (San Francisco, CA, USA)
- Role: Generates the AI suggestion from your text
- Data sent: The text content you choose to process
- Storage: Processed in real time. With API usage, OpenAI does not use your data to train their models (per OpenAI's API data usage policy).
- Documentation: OpenAI Privacy Policy, API Data Usage Policy
4.2 Supabase — Backend infrastructure
- Provider: Supabase, Inc. (San Francisco, CA, USA)
- Role: Hosts the WriteFlow edge function that proxies AI requests to OpenAI, the user authentication system (Supabase Auth), and the database mirroring your subscription entitlement
- Data passing through: Your AI request text (held only transiently in memory while the request is forwarded to OpenAI — not logged or retained); your account information (1.3); your subscription entitlement state mirrored from RevenueCat
- Documentation: Supabase Privacy Policy
4.3 RevenueCat — Subscription management
- Provider: RevenueCat, Inc. (San Francisco, CA, USA)
- Role: Aggregates subscription state from Apple (App Store) and Stripe (RevenueCat Web Billing for macOS), surfaces a unified entitlement to the app, and notifies the backend on purchase events
- Data sent: Anonymized device or user identifier, transaction receipts, subscription tier, purchase/renewal timestamps. No card details.
- Documentation: RevenueCat Privacy Policy
4.4 Apple — App Store payments (iOS / iPadOS only)
- Provider: Apple, Inc. (Cupertino, CA, USA)
- Role: Processes subscription payments and acts as merchant of record for in-app purchases on iOS / iPadOS
- Data shared: Whatever the App Store transaction normally entails (App Store account ID, payment method, country). I do not receive any of this directly.
- Documentation: Apple Privacy Policy
4.5 Stripe — Web payments (macOS only)
- Provider: Stripe Payments Europe, Ltd. (Dublin, Ireland) / Stripe, Inc. (San Francisco, CA, USA)
- Role: Processes subscription payments for the macOS direct-download app via RevenueCat Web Billing. Stripe acts as merchant of record under Stripe Managed Payments, meaning Stripe is responsible for VAT / sales-tax collection and remittance.
- Data shared: Card details, billing email, country, and any other information you enter on the Stripe Checkout page. I never see your card number. Stripe shares only a transaction identifier and status with RevenueCat and my backend.
- Documentation: Stripe Privacy Policy
4.6 Resend — Transactional email
- Provider: Resend (Wilmington, DE, USA)
- Role: Delivers sign-in OTP emails (and any other transactional email Supabase sends on my behalf)
- Data sent: Your email address and the email body (containing the one-time code or magic link)
- Documentation: Resend Privacy Policy
4.7 Apple iCloud — Optional cross-device sync
- Provider: Apple, Inc.
- Role: Syncs your tile presets, favorites, and theme between your Apple devices when iCloud Sync is enabled
- Data shared: Tile configuration, custom prompts, theme preference
- Documentation: Apple iCloud Terms
4.8 Cloudflare — Website hosting and macOS auto-updates
- Provider: Cloudflare, Inc. (San Francisco, CA, USA)
- Role: Hosts writeflowapp.org and serves the macOS auto-update manifest (
appcast.xml) and DMG/ZIP artifacts to the Sparkle update framework inside the macOS app - Data exposed: Standard HTTP request metadata (IP address, User-Agent, timestamp) when your Mac checks for updates. Cloudflare may retain this in standard server logs.
- Documentation: Cloudflare Privacy Policy
No data is shared with any other third party.
5. Auto-updates (macOS only)
The macOS app uses the Sparkle update framework
to check for new versions and offer to install them. Periodically
(typically once per day on first launch), the app fetches
appcast.xml from
https://writeflowapp.org/dl/appcast.xml. This request
reveals to Cloudflare your IP address, User-Agent, and the fact
that you are running WriteFlow.
If a new version is available, Sparkle prompts you before downloading or installing anything. You can disable update checks in Settings.
The iOS / iPadOS app updates exclusively through Apple's App Store and does not include Sparkle.
6. Data retention
| Data | Where | Retention |
|---|---|---|
| Text submitted to AI features | OpenAI + Supabase Edge Function | Not retained. Discarded immediately after processing. |
| Account information (Supabase Auth) | Supabase | Until you delete your account. Email me to request deletion. |
| Subscription state | RevenueCat + Supabase | Until you delete your account, or per RevenueCat / Apple / Stripe statutory retention requirements (typically up to 7 years for tax/audit). |
| Email delivery logs | Resend | Per Resend's retention policy (typically 30 days). |
| Device-local preferences | Your device | Deleted when you uninstall, reset to defaults, or sign out. |
| iCloud-synced preferences | Apple iCloud | Per Apple's iCloud retention. Disable iCloud Sync to stop. |
| Web traffic / update check logs | Cloudflare | Per Cloudflare's standard log retention. |
7. Data security
I implement appropriate technical measures to protect your data:
- All network communication uses HTTPS with TLS 1.2 or higher
- No persistent server-side storage of your AI text. It exists in transient memory only during the request.
- App-level data on iOS is sandboxed within Apple's security model; on macOS it lives inside the app sandbox and is signed and notarized by Apple
- iCloud-synced data is encrypted by Apple in transit and at rest
- Supabase Auth credentials and API keys are managed via environment configuration; the iOS and macOS apps use a public anon key only
What this does and does not cover. Transit encryption protects your text from being intercepted on the network. It is not end-to-end encryption: the WriteFlow edge function and OpenAI's API briefly process your text as plaintext in memory to generate AI suggestions. No party other than you, my infrastructure, and OpenAI has access to the content, and none of it is persisted.
8. International data transfers
When you use an AI feature, your text is sent to servers operated by Supabase and OpenAI, both located in the United States. Account data sits at Supabase (US). Stripe payments are processed via Stripe's EU/US infrastructure; Apple App Store payments stay within Apple's infrastructure.
If you are located outside the United States (including within the European Economic Area), this constitutes an international data transfer. Such transfers are protected by:
- Encryption in transit (HTTPS with TLS 1.2 or higher)
- The contractual obligations of OpenAI, Supabase, RevenueCat, Stripe, Resend, and Cloudflare to protect your data under their terms of service
- Standard contractual clauses (where applicable) and other safeguards in accordance with GDPR Articles 44–49
9. Legal basis for processing (EEA / UK users)
Under the General Data Protection Regulation (GDPR), I process your data on the following legal bases:
- Consent (Art. 6(1)(a)) — for AI text processing. You provide explicit consent through the in-app privacy consent screen before any data processing occurs. You may withdraw consent at any time by disabling Full Access (iOS) or Accessibility access (macOS).
- Contract performance (Art. 6(1)(b)) — for processing your text through AI features and for delivering your subscription.
- Legitimate interest (Art. 6(1)(f)) — for free-tier rate limiting (using an anonymous device UUID to prevent abuse), and for delivering security-related transactional emails.
- Legal obligation (Art. 6(1)(c)) — for retention of subscription and payment records by Apple, Stripe, and RevenueCat where required by tax or commercial law.
10. Your privacy rights
10.1 All users
Regardless of where you are located, you can:
- Stop AI data processing at any time by disabling Full Access (iOS) or Accessibility access (macOS)
- Delete local data by uninstalling the app or using "Reset to Defaults" in Settings
- Disable iCloud Sync in the app's settings to stop cross-device syncing
- Delete your WriteFlow account by emailing starsync.dev@outlook.com. I will action the deletion within 30 days.
- Cancel your subscription at any time via your Apple ID Settings (iOS) or your RevenueCat billing portal (macOS)
- Contact me with any privacy-related questions or requests at starsync.dev@outlook.com
10.2 European Economic Area, UK, and Swiss users (GDPR / UK GDPR)
You additionally have the right to:
- Access: Request confirmation of whether your personal data is being processed and obtain a copy of it
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data
- Restrict processing: Request restriction of processing in certain circumstances
- Data portability: Request your data in a structured, machine-readable format
- Object: Object to processing of your personal data
- Withdraw consent: At any time, without affecting the lawfulness of prior processing
- Lodge a complaint: With a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement
10.3 California users (CCPA / CPRA)
California residents have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information collected
- Delete: Request deletion of your personal information
- Opt-out of sale: I do not sell personal information. No opt-out is necessary.
- Non-discrimination: You will not be discriminated against for exercising your privacy rights
Categories of personal information collected: Text input (only during active AI processing, not retained); account information (email, Supabase user ID); subscription metadata (no card details); device-local preferences (not transmitted); anonymous device UUID (rate limiting).
Categories of personal information sold: None.
Categories shared for cross-context behavioral advertising: None.
10.4 Brazilian users (LGPD)
Under the Lei Geral de Proteção de Dados (LGPD), you have rights of confirmation, access, correction, anonymization, portability, deletion, information about data sharing, and revocation of consent. Contact me to exercise any of these rights.
10.5 Other jurisdictions
If you are located in another jurisdiction with specific data protection rights, I will honor those rights to the extent required by applicable law. Contact me to exercise your rights.
11. Children's privacy
WriteFlow is not directed at children. The minimum age to use WriteFlow is:
- 16 years in the European Economic Area (in accordance with GDPR Article 8)
- 13 years in the United States (in accordance with COPPA)
- The minimum age required by local law in all other jurisdictions
I do not knowingly collect personal information from children under the applicable age. If you believe a child has provided personal data through the Service, please contact me and I will delete it promptly.
12. Do Not Track
WriteFlow does not track users across third-party websites or services. I do not respond to Do Not Track (DNT) browser signals because no tracking occurs.
13. Changes to this policy
I may update this Privacy Policy from time to time. Changes will be reflected by updating the effective date above. For significant changes, I will provide notice through the app. Continued use of WriteFlow after changes constitutes acceptance of the updated policy.
14. Data controller and contact
The data controller responsible for your personal data is:
Juraj Gajdos
Email: starsync.dev@outlook.com
Location: European Union
If you are in the EEA and wish to lodge a complaint, you may contact the data protection authority in your country of residence. A list of EEA data protection authorities is available at edpb.europa.eu.