Back to home

Privacy Policy

Last updated: March 26, 2026

This Privacy Policy describes how CesaFlow ("we," "us," or "our") collects, uses, and protects information when you use the CesaFlow platform, APIs, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of information when you register for and use CesaFlow:

Account Information

  • Email address and organization name provided during registration
  • Password, which is cryptographically hashed using bcrypt before storage — we never store plaintext passwords
  • Subscription plan and billing status

Usage Data

  • Run history and execution metadata (timestamps, duration, status)
  • Token usage counts per run and per billing cycle — we track counts, not content
  • API call metadata (endpoint, model selected, response times)
  • Model and provider preferences configured in your workspace

Technical Data

  • IP address and approximate geolocation derived from it
  • Browser type, version, and operating system
  • Access timestamps and session duration
  • Referring URLs and pages visited within the Service

Payment Data

  • All payment processing is handled by Stripe, Inc.
  • CesaFlow does not receive, store, or have access to your full credit card number, CVV, or bank account details
  • We receive only a transaction confirmation, last four digits of the card, and billing address from Stripe for record-keeping

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery and account management: To create and maintain your account, authenticate sessions, and provide access to the platform
  • Usage tracking and plan enforcement: To measure token consumption, enforce plan-level rate limits, and generate billing reports
  • Platform improvement and analytics: To analyze aggregate usage patterns, identify performance bottlenecks, and prioritize feature development
  • Transactional communications: To send essential notifications such as run completion alerts, error reports, password reset confirmations, and billing receipts
  • Security monitoring and fraud prevention: To detect unauthorized access, prevent abuse, and protect the integrity of the Service
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

3. BYOM (Bring Your Own Model) Data Handling

CesaFlow's BYOM feature allows you to connect your own API keys from providers such as OpenAI, Anthropic, Google, and others. This section explains exactly how your keys and data are handled:

  • Encryption at rest: Your API keys are encrypted using AES-256-GCM before being written to our database. The encryption keys are managed separately from the application database.
  • Decryption in memory only: Keys are decrypted exclusively in server memory at the moment an API call is made and are never written to disk in plaintext or logged.
  • Data transit: CesaFlow calls AI providers on your behalf. This means your prompts and code pass through our servers en route to the provider. All transit is encrypted via TLS 1.2+.
  • No response storage: AI model responses are streamed directly to your client and are NOT stored on our servers after run completion.
  • Billing telemetry: We log token usage counts (input tokens, output tokens, model name) for billing and analytics. The actual content of prompts and responses is never persisted.

4. Data Retention

We apply the following retention policies to different categories of data:

  • Generated code and workspace files: Deleted after run completion unless a persistent workspace (project_id) is configured, in which case files are retained until the workspace is deleted
  • AI model responses: Not retained after streaming is complete — responses exist only in transit
  • Run metadata: Retained for the lifetime of your account for billing, analytics, and run history purposes
  • Audit and security logs: Retained for 90 days and then automatically purged
  • Account data: Retained until you request account deletion, at which point all associated data is permanently removed within 30 days

5. Data Sharing

We do NOT sell, rent, or trade your personal data to third parties. Data is shared only with the following service providers, strictly to operate the Service:

  • AI providers (OpenAI, Anthropic, Google, etc.): When you initiate a run, your prompts are sent to the provider you selected via your own API key. These transmissions are subject to each provider's privacy policy.
  • Stripe: Processes subscription payments and invoicing. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.
  • Cloudflare: Provides CDN, DDoS protection, and WAF services. Cloudflare may process request metadata (IP addresses, headers) as part of its security services.

Beyond these providers, we do not share your data with any third party unless required by law or with your explicit consent. We may disclose information if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights, or prevent fraud.

6. Security Measures

We implement multiple layers of security to protect your data. While no system is 100% secure, we follow industry best practices:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: API keys are encrypted with AES-256-GCM. Database backups are encrypted.
  • Password security: Passwords are hashed using bcrypt with a per-user salt, making them resistant to rainbow table and brute-force attacks
  • Network security: Cloudflare WAF and DDoS protection sit in front of all public endpoints
  • Data isolation: Organization-level data isolation ensures that one organization's data is never accessible to another
  • Access control: Role-based access control (RBAC) within organizations limits data access to authorized members
  • Session management: Authentication tokens expire automatically and are stored securely

For more details on our security architecture, visit our Security page.

7. Cookies and Local Storage

CesaFlow uses browser localStorage for session management, including authentication tokens, theme preferences, and language settings. We do not use third-party tracking cookies or advertising pixels. No data is shared with ad networks or analytics platforms that track users across websites.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: View your personal data at any time via the dashboard or by making an API request
  • Correction: Update inaccurate or incomplete information through your account settings
  • Deletion: Request permanent deletion of your account and all associated data. Upon deletion, all personal data, run history, API keys, and workspace files are removed within 30 days.
  • Data export: Export your run history, usage data, and account information in a machine-readable format
  • Opt out: Opt out of non-essential communications at any time via your notification preferences. Transactional emails (security alerts, billing) cannot be opted out of while you maintain an active account.

To exercise any of these rights, contact us at [email protected] or use the relevant options in your account settings. We will respond to requests within 30 days.

9. International Data Transfers

  • CesaFlow's primary servers are hosted in Europe (Germany)
  • When you use BYOM, your prompts may be processed in regions where your selected AI provider operates (e.g., United States for OpenAI). This processing is governed by the provider's privacy policy and your agreement with them.
  • Cloudflare may cache and route traffic through global edge nodes as part of its CDN and security services
  • Enterprise customers may request specific data residency configurations — contact us for details

10. Children's Privacy

CesaFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a user is under 18, we will promptly delete their account and all associated data. If you believe a minor has created an account, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via email to the address associated with your account at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the revised terms, you may delete your account at any time.

12. Contact

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact our privacy team: