Privacy Policy

Last updated: April 2026

This privacy policy applies to the Wordflow website (wordflow.app) and is provided in accordance with the EU General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for data processing on this website is:

Mark Olenberg
Sossenheimer Riedstraße 18
65936 Frankfurt am Main, Germany
contact@wordflow.cloud

2. What data we collect and why

2.1 Download link sign-ups

When you submit your email address to receive the compiled Wordflow app (.dmg), we collect:

  • Your email address
  • The date and time of sign-up
  • Your consent to receive the download link and occasional product updates

Purpose: To send you the compiled .dmg download link and occasional updates about Wordflow. You can also build the app yourself from source at any time — no sign-up required.
Legal basis: Art. 6(1)(a) GDPR — your explicit consent (opt-in checkbox).
Storage: Stored in a database on our server (Hostinger, EU). Email delivery is handled via Brevo (see section 3).
Retention: Until you unsubscribe or request deletion.

2.2 Feedback submissions

If you submit feedback via the website feedback form, we collect:

  • Your feedback message
  • Optionally: your name (if you choose to provide it)
  • Optionally: your email address (if you choose to provide it)
  • App version number (when submitted from within the app)

Purpose: To improve the product.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving the service.
Storage: Stored in a database on our server (Hostinger, EU) and optionally forwarded to our email address.
Retention: Until no longer needed for product development.

2.3 Data we do NOT collect

  • No cookies are set on this website
  • No analytics or tracking tools are used
  • No audio recordings — your voice data goes directly from your device to Groq's API via your own API key. Wordflow has no backend that processes your audio or transcriptions.

3. Third-party services

Brevo (email delivery)

We use Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France) to manage our email list and send confirmation emails. Your email address is transferred to and stored by Brevo.

Brevo's privacy policy: brevo.com/legal/privacypolicy

A data processing agreement (DPA) is in place with Brevo as required by Art. 28 GDPR.

Groq (in-app, not this website)

The Wordflow app uses the Groq API for transcription and text processing. This connection is established using your own Groq API key — no data passes through Wordflow's servers. Groq's privacy policy applies directly between you and Groq: groq.com/privacy-policy

Fonts & CSS

All fonts and stylesheets are self-hosted on our server. No requests are made to Google Fonts, CDN providers, or any other external service when you load this website.

4. Your rights under GDPR

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interest
  • Portability — receive your data in a machine-readable format

To exercise any of these rights, email us at contact@wordflow.cloud. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The responsible authority for Frankfurt am Main is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
datenschutz.hessen.de

5. Data security

We use technical and organisational measures to protect your data against unauthorised access, loss, or misuse. Our servers are hosted by Hostinger, which provides standard security measures for shared hosting environments.

6. Changes to this policy

We may update this privacy policy from time to time. The current version is always available at this URL. Material changes will be communicated via the email address you provided at sign-up.