← Back to home

Privacy Policy

Last updated: April 27, 2026

Who we are

ArabicFlow is operated by ArabicFlow admins, trading as ArabicFlow. For the personal data described in this notice, ArabicFlow admins acts as the data controller. You can reach us at support@arabicflow.app.

What we collect and why

  • Email address — to create your account, sign you in, recover your password, and send transactional emails (welcome, password reset, payment issues).
  • Annotation sessions — the Arabic passages you load, the highlights and notes you create, and the links between them. Stored so you can return to your work.
  • Account metadata — sign-up date, last sign-in, subscription status. Used to operate the service, enforce plan limits, and prevent abuse.
  • Billing data — when you subscribe, your name, email, billing address, and payment details are collected and processed by our payment provider (see "Who we share data with" below). We never see or store your card details.

We do not collect your IP address for tracking, sell behavioural profiles, or use third-party advertising trackers.

Legal basis for processing

We process your personal data on the following legal bases under the GDPR and equivalent laws:

  • Performance of a contract — to provide the ArabicFlow service to you (account, sessions, subscription management).
  • Legitimate interests — to keep the service secure, prevent abuse, debug issues, and improve product reliability.
  • Legal obligation — to retain billing and tax records as required by applicable law.
  • Consent — for any optional communications you opt into; you can withdraw consent at any time.

How it's stored

All data is stored in our managed Supabase backend, with row-level security so only you can read your own sessions. Connections are encrypted in transit (HTTPS). Backups are handled by Supabase under their standard security practices.

Who we share data with

We share data only with the following categories of recipients, and only what is strictly required:

  • Paddle.com Market Limited ("Paddle") — our payment processor and Merchant of Record. When you subscribe to Pro, Paddle collects and processes your billing and payment information to handle the sale, subscription management, payments, refunds, tax compliance, and invoicing. Paddle acts as an independent controller for the payment data it collects. See Paddle's Privacy Notice.
  • Supabase — our hosting and database provider, acting as a processor on our behalf to store account data and annotation sessions.
  • Email delivery providers — used as processors to send transactional emails (sign-up confirmation, password reset, billing notices).
  • Authorities or professional advisers — only where required by law or to establish or defend legal claims.

Your annotation content is never shared with anyone — not advertisers, not data brokers, not AI training pipelines.

Data retention

We keep your personal data only as long as needed for the purposes above:

  • Account and annotation data — kept for as long as your account is active. When you delete your account, your sessions and account data are removed immediately.
  • Billing and tax records — retained by us and by Paddle for up to 7 years to comply with accounting and tax law.
  • Transactional email logs — retained for up to 90 days for delivery troubleshooting and abuse prevention, then deleted or anonymised.
  • Backups — residual copies in encrypted backups are rotated out within 30 days of deletion.

Deleting your data

You can permanently delete your account and all your sessions from the Account page (Danger zone section). This is immediate and cannot be undone. If you can't access your account, email us at support@arabicflow.app and we'll handle the deletion manually.

Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, or to withdraw consent. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, email support@arabicflow.app. We aim to respond within one month.

Security

We use industry-standard technical and organisational measures to protect your data, including HTTPS in transit, encryption at rest by our infrastructure providers, row-level access controls in the database, and least-privilege access to operational secrets.

Cookies

We use a single essential cookie / local storage entry to keep you signed in. We do not use analytics cookies, advertising cookies, or third-party tracking cookies. Because only strictly necessary storage is used, no cookie consent banner is required under EU law.

Changes to this policy

If we make significant changes to how we handle your data, we'll let you know by email and update the date at the top of this page.

Privacy contact

For any privacy questions or requests, email support@arabicflow.app.

Terms of Service →Refund Policy →