Skip to main content

Trust & Privacy

How we handle your data.

Plain answers about accounts, what we store, who can see it, and how to take it back. Last reviewed June 2026.

About this page

This page is maintained by the Creation Flow team to answer common security and privacy questions about the app. It describes app-visible controls and current practices. It is not a third-party certification or an independent audit report.

Some platform capabilities below are provided by Lovable Cloud, the hosting and database service that Creation Flow runs on. Where that's the case, we say so — and we describe what the platform handles versus what we and you, the customer, are each responsible for.

Accounts & authentication

  • Sign in with email + password or Google. Sessions are stored locally on your device.
  • Passwords are never visible to us — authentication is handled by the Lovable Cloud platform.
  • You can sign out from your profile at any time, which clears the local session immediately.

What we store

When you use Creation Flow with an account, we store:

  • Your email address and an optional display name.
  • Your selected pathway goals and your progress against them.
  • Your assessment results and scores.

We do not sell your data, and we don't share it with advertisers. We don't collect health information beyond what you explicitly enter into the app.

Who can see your data

  • Your records are scoped to your account by row-level security: only requests authenticated as you can read or modify your own rows.
  • A small number of Creation Flow operators may access data when troubleshooting a support request you've opened or investigating a security incident.
  • The Lovable Cloud platform provides the underlying database, authentication, and hosting infrastructure under their own security controls.

Retention & deletion

  • You can delete your goals and assessment entries from inside the app.
  • To delete your account and all associated data, email us at privacy@creationflow.org. We aim to complete deletion requests within 30 days.
  • Backups maintained by the hosting platform may retain deleted rows for a short additional period before being overwritten.

Shared responsibility

Lovable Cloud platform

Hosting, database, authentication primitives, encryption in transit, platform-level access controls.

Creation Flow (us)

Application code, row-level security policies, account management, support, deletion requests, this page.

You

Choosing a strong password, securing your device, being thoughtful about what personal information you enter.

Security & privacy contact

Found a security issue, have a privacy question, or want a copy of your data? Email privacy@creationflow.org. We respond within five business days.