Privacy Policy
Updated: June 30, 2026
FoxFlow is a browser extension, a desktop app and a website that help you generate frames (Google Flow or other image engines such as xAI/Grok), narrate them with ElevenLabs, assemble the project in CapCut, and optionally publish the result to your connected accounts. This policy comprehensively describes what user data we collect, how we use it, how we store it, and every party it is shared with.
1. Data we collect
- Account identity: the email address and basic profile from your Google account when you sign in with Google Sign-In. We never receive or store your Google password.
- Usage and plan data: number of generated frames, the rate-limit window, PRO status and expiry, your subscription identifier from our payment provider, per-project totals (frame and character counts), and account-lifecycle events (sign-up, opening the checkout page, payment, cancellation) with the dates of your first generated frame and last activity.
- Authentication tokens: a hash of the extension/desktop link token (we store the hash, not the token itself).
- Connected-account tokens (optional): if you connect a publishing account (e.g. YouTube), we collect the OAuth access and refresh tokens and your channel id and name, so we can upload on your behalf.
- Publication metadata (optional): if you schedule or publish a video, we store its title, description, status and the resulting public video URL.
- Diagnostic events: anonymous error telemetry (error code, frame index). No prompt or media content is included.
2. Data we do NOT collect
- Your ElevenLabs API key and your xAI / Grok API key stay on your device (in the extension's local storage, or encrypted with Windows DPAPI in the desktop app) and are never sent to our servers.
- Your generated images, audio and video files are produced and kept locally on your computer. They are not uploaded to our servers.
- The content of your prompts and scripts is not stored on our servers. (When you choose an image engine, the prompt is sent directly from your device to that engine — see Sharing below.)
3. How we use data
We use the data above to operate the service: signing you in, enforcing the daily frame limit, tracking PRO status, processing payment status, uploading to the accounts you connect, diagnosing errors, and understanding aggregate usage of the product. We may occasionally email you about important service or product updates; every such email includes a way to opt out, and you can also opt out by contacting support. We do not sell your data and do not use it for third-party advertising or profiling.
4. How we store and protect data
Server data is stored in our database (Neon/PostgreSQL) hosted on Fly.io. Connected-account OAuth tokens are encrypted at rest (Fernet). The website session is kept in an HttpOnly, Secure cookie; link tokens are stored only as SHA-256 hashes. On the desktop app, your link token and provider API keys are encrypted with Windows DPAPI on your own machine. Access to the server database is limited to the service operator.
5. Who we share data with
We share user data only with the following parties, and only the data needed for each to function:
- Google (Sign-In): authentication. We receive your email and basic profile; we do not send Google your prompts or media.
- Google Flow: when Flow is the selected image engine, your prompts are sent from your device/browser to Google Flow to generate frames.
- xAI (Grok): if you select the Grok engine, your prompts and your xAI API key are sent from your device directly to the xAI API to generate images.
- ElevenLabs: your script text and your ElevenLabs key are sent from your device to ElevenLabs to produce voiceover.
- YouTube / connected publishing accounts: if you connect an account, your video file plus its title and description are uploaded to that account using the OAuth token you authorized.
- Dodo Payments (payments): when you buy PRO, payment is processed by Dodo Payments as merchant of record. Your card details go directly to them and never reach us; we receive only your subscription status and identifier.
- Hosting providers (Fly.io, Neon, Cloudflare): they process and store the server data described above on our behalf as infrastructure providers.
We do not share user data with any party other than those listed here.
6. Data retention and deletion
We keep account, plan and connected-account data while your account is active. You can delete your account at any time: Settings → Account → Delete account in the dashboard. This cancels your PRO subscription, revokes your extension/desktop link, deletes your connected-account tokens, publishing history and project stats. We retain a minimal account record (your email address) to prevent free-tier abuse; email us below if you want that removed as well.
7. Policy changes
We may update this policy. Significant changes will be reflected in the date at the top of the page.
8. Contact
For privacy and data-deletion questions: [email protected].