1. Information We Collect
CardFlow is local-first by default. We process the following information only when you choose to use the related feature:
- Account information: email address, display name, Sign in with Apple unique identifier, Apple private relay email, login session, and last active time. Email is used for sign-in, identity verification, password recovery or changes, sync-account ownership, and necessary service notices. Passwords are stored as secure hashes, never in plain text.
- Verification information: email code delivery records, send frequency, and minimal IP-based anti-abuse records.
- Writing and sync data: if you sign in to a CardFlow account and turn on account sync, cards, books, chapters, body text, writing-assistant structures, deletion markers, update timestamps, and object indexes may be synchronized to the CardFlow backend. This is your user-created content.
- Object storage metadata: when you sync images, attachments, or larger objects, we may store object keys, types, sizes, content types, storage status, and checksums to support quota, sync, and deletion.
- Purchase and subscription information: transaction identifiers, product type, expiration time, status, purchase time, and entitlement source returned by App Store or other supported payment channels. We never receive card numbers, payment passwords, or App Store account passwords.
- Support and diagnostics: we review logs, screenshots, or messages only when you voluntarily send them to us.
2. How We Use Information
- Create and maintain CardFlow accounts, including email sign-in, Apple sign-in, session management, and account security.
- Provide sync and recovery for cards, book structures, chapters, body text, and writing-assistant data.
- Verify subscriptions and lifetime purchases, and bind App Store entitlements to a CardFlow account when you choose to do so.
- Measure sync and object-storage usage to enforce per-account service limits.
- Handle support, troubleshooting, anti-abuse, service security, and necessary service notifications.
3. Access to and Protection of User-Created Content
We take the protection of user-created content seriously. For cards, books, chapters, body text, images, and attachments synchronized to the CardFlow backend, access within CardFlow product permissions is limited to the account owner and administrators with necessary backend privileges.
- The account owner can sign in, sync, view, export, or delete their own user-created content through the app.
- Administrator access is limited to necessary service operation, troubleshooting, sync recovery, object-storage management, account deletion or export requests, anti-abuse work, security audits, or legal requirements.
- Administrators will not view, browse, search, export, or share user-created content without a necessary service-related reason. When handling is required, we follow the minimum-necessary principle.
- Cloud server, object storage, and email providers supply infrastructure only. We do not authorize them to use user-created content for ads, profiling, training, or purposes unrelated to CardFlow service operation.
4. Storage, Sync, and Quotas
CardFlow supports both local/iCloud storage and CardFlow account sync:
- Local data: stored in your device sandbox and removable by deleting the app or clearing local data.
- iCloud data: if you enable iCloud sync, data is stored in Apple CloudKit private databases managed by Apple.
- CardFlow backend sync: after you sign in to a CardFlow account, JSON sync records and object-storage metadata you actively sync are stored by the CardFlow backend at cardflow.top.
If your account exceeds its sync quota, the backend rejects additional writes and asks you to clean up data or upgrade storage.
5. Third-Party Services
- Apple iCloud / CloudKit: used for iCloud sync and Apple-managed private database storage.
- Sign in with Apple: used to sign in to a CardFlow account with Apple ID.
- App Store: used for subscriptions, lifetime purchases, restore purchases, and Apple server notifications.
- Email providers: used to send registration, sign-in, and security verification codes.
- Cloud servers and object storage: used to run CardFlow account sync, object indexes, and necessary service infrastructure.
CardFlow does not include ad, cross-app tracking, or profiling SDKs.
6. Information Sharing
We do not sell your personal information. We share data only in these necessary situations:
- You choose to use Apple, email, payment, cloud, or storage providers for sign-in, purchase, verification, or sync.
- You voluntarily provide logs, screenshots, or account details for support.
- Disclosure is required by law, regulation, or necessary to protect users and service security.
Except for your authorization, necessary service provision, legal requirements, or protection of account and service security, we do not disclose your user-created content to third parties.
7. Your Choices and Rights
- You may skip CardFlow sign-in and use local data, iCloud, and App Store entitlements.
- You may sign out in the app. After sign-out, new data will not sync to that CardFlow account.
- You may turn off iCloud sync. iCloud data deletion and recovery are controlled through Apple system and iCloud settings.
- You may export your writing through in-app export or system sharing features.
- To correct, export, or delete CardFlow account data, use the account deletion page or email us.
8. Account Deletion
To delete a CardFlow account, email jeanie0213@163.com and include your CardFlow sign-in email or Apple private relay email. After identity verification, we will process account, session, sync-record, and object-storage metadata deletion.
Deleting a CardFlow account does not automatically refund purchases and does not delete your Apple ID, App Store order records, or iCloud private database data. Refunds must be handled through App Store or the relevant payment channel.
9. Children
CardFlow is designed for general creators and does not knowingly collect personal information from children. If you believe a child provided personal information without guardian consent, please contact us.
10. Updates
We may update this policy when product capabilities, legal requirements, or service providers change. Material changes will be announced through the app, website, or release notes.
11. Contact
For privacy, account, or data requests, email jeanie0213@163.com.