Privacy Policy

Last updated: 2026-05-24 Effective: 2026-05-01

This Privacy Policy describes how Aron Brown d/b/a FlowLibs ("FlowLibs," "we," "us," or "our") collects, uses, and shares information when you visit or use flowlibs.com (the "Site") and the FlowLibs service (together, the "Service"). FlowLibs is a curated library of Power Automate cloud-flow and Power Platform patterns that you can browse, copy, download, comment on, and — with a paid plan — unlock in full. By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

1. Who we are

FlowLibs is operated by Aron Brown, a sole proprietor based in Tulsa, Oklahoma, United States. You can reach us at hello@flowlibs.com.

2. Information we collect

We only collect what we need to run the Service.

Information you provide directly

• Account information. You can create an account in one of two ways:
  • Email and password. When you sign up with an email address, we collect your full name, email address, and a password. Your password is handled and stored only in hashed form by our authentication provider, Supabase Auth — FlowLibs never sees or stores your plaintext password.
  • Google or GitHub sign-in (OAuth). When you choose "Continue with Google" or "Continue with GitHub," we receive your name, email address, the provider's account ID, and (where available) your profile image from that provider. We do not receive your Google or GitHub password.
• Profile and preferences. Anything you add to your profile, such as a display name and a profile picture (avatars are stored in a public storage bucket and shown next to your comments).
• Comments. Comments you post on flow detail pages. Comments are public — your display name and avatar are shown alongside them to anyone who views the page.
• Pattern interactions. Patterns and flows you copy or download. We record copy and download events (including the pattern identifier and, if you are signed in, your user ID) to power usage counts.
• Waitlist. If you join a waitlist, we collect the email address you submit.
• Payment information (Pro subscribers). Payments are processed by Stripe. FlowLibs never sees or stores your full card number, CVC, or bank details. From Stripe and the checkout you complete, we store a Stripe customer ID, a subscription ID, your subscription status and plan/price, the current period end date, and the billing name and email Stripe collected (used to send your receipt).
• Communications. If you email us or submit a form, we receive your message and contact details.

Information collected automatically

• Usage and product analytics. If you opt in via our cookie banner, we use PostHog to understand how the Service is used — pages viewed and funnel events such as sign-up started/completed, pattern viewed/copied, and checkout started/completed. Analytics do not load until you accept (see §5).
• Aggregate site analytics. We use Vercel Analytics, which is privacy-friendly and does not track you across other sites.
• Error and performance monitoring. We use Sentry to capture error and diagnostic data (such as error messages, stack traces, and limited request context) so we can find and fix problems.
• Spam protection. Some forms are protected by hCaptcha, which processes device and network signals to tell humans from bots.
• Log data. IP address, user agent, and timestamps, retained briefly for security, debugging, and rate limiting (for example, to limit comment spam) by us and our hosting providers (Vercel, Supabase).
• Cookies. See our Cookie Policy.

Information from third parties

• Google and GitHub (via OAuth sign-in, described above).
• Stripe (billing status and limited, non-card metadata).

We do not buy personal information from data brokers, and we do not use advertising networks that track you across sites.

3. How we use your information

We use your information to:

1. Provide and operate the Service — authenticate you, show you patterns and flows, record copies and downloads, and let you post comments.
2. Manage Free and Pro access and process subscriptions.
3. Send transactional email — account verification and password-reset messages, a welcome email, payment receipts, and subscription notices.
4. Improve the Service — fix bugs, understand which patterns and pages are useful, and prioritize the backlog.
5. Communicate with you about account notices, policy changes, and, if you opt in, product updates.
6. Protect the Service — detect abuse and spam, enforce our Terms, and meet legal obligations.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA).

4. When we share information

We share information only in the limited cases below.

Service providers who run the Service on our behalf, each bound by a data-processing or equivalent agreement:

• Supabase — authentication, database, and file storage.
• Vercel — hosting, edge delivery, and aggregate analytics.
• Stripe — payment processing and subscription management.
• Resend — transactional email delivery (also the SMTP provider behind our authentication emails).
• PostHog — product analytics, loaded only with your consent (data processed in the United States).
• Sentry — error and performance monitoring.
• hCaptcha (Intuition Machines, Inc.) — bot and spam protection on forms.
• Google and GitHub — OAuth sign-in.

Legal and safety. We may disclose information to comply with law, respond to lawful requests, or protect our rights, our users, or the public.

Business transfer. If we reorganize, sell, or transfer the business, your information may be transferred as part of that transaction. We will notify you, and any successor will be bound by this Policy or a materially similar one.

We do not share your information with advertisers.

5. Analytics and your choices

We run an opt-in model for analytics. On your first visit, a cookie banner asks whether to enable analytics. Nothing beyond strictly necessary cookies loads until you accept, and PostHog will not load or identify you unless you opt in. You can change your choice at any time using the Cookie settings link in the site footer. If your browser sends a Global Privacy Control (GPC) or Do Not Track signal, we honor it by disabling analytics for that session even if you previously accepted. For the full list of cookies and similar technologies we use, see our Cookie Policy.

6. Data retention

• Account data is kept while your account is active and for up to 90 days after deletion, unless a longer period is required by law.
• Comments remain visible until you or we delete them; deleting your account removes your comments.
• Billing records are retained for at least 7 years to satisfy US tax and accounting requirements.
• Analytics, error logs, and server logs are retained for up to 12 months.

7. Your choices and rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated information.
• Export a copy of your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where we rely on consent (for example, analytics).

California residents. The CCPA/CPRA gives you additional rights, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights. We do not sell or share personal information as defined by the CCPA. To exercise a right, email us at hello@flowlibs.com.

EU/UK/EEA residents. If you are in the EEA or UK, we rely on one of the following legal bases: (i) your consent (for example, analytics), (ii) performance of a contract with you, (iii) our legitimate interests in operating, securing, and improving the Service, and (iv) compliance with law. You have the right to lodge a complaint with your supervisory authority.

To make a request, email hello@flowlibs.com from the address associated with your account. We will respond within the timeframe required by applicable law (typically 30–45 days).

8. Security

We protect your information using industry-standard measures: HTTPS across the Site, encrypted database and storage via Supabase, passwords stored only in hashed form (and never seen by us), row-level security on user data, least-privilege access, and Stripe-managed payment handling. No system is perfectly secure — if we ever discover a material breach involving your personal information, we will notify you as required by law.

9. International transfers

FlowLibs is operated from the United States, and our providers (including PostHog) process data in the US. If you access the Service from outside the US, your information will be transferred to and processed in the US by us and our service providers. Where required, we rely on Standard Contractual Clauses or equivalent safeguards with our providers.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us information, email hello@flowlibs.com and we will delete it.

11. Third-party links

The Service may link to third-party sites (for example, Microsoft Learn, Power Platform docs, or GitHub). We are not responsible for the privacy practices of those sites.

12. Changes to this Policy

We may update this Policy as the Service evolves. If we make material changes, we will post the updated Policy here and update the "Last updated" date. For significant changes, we will also notify you by email or in-app notice before the changes take effect.

13. Contact us

Questions, requests, or complaints:

Aron Brown d/b/a FlowLibs Tulsa, Oklahoma, United States Email: hello@flowlibs.com