← SecFlow

Privacy Policy

Last updated: May 15, 2026

Overview

SecFlow ("we", "us") provides executive cybersecurity learning through the SecFlow web application at secflow.app. This Privacy Policy explains what we collect, how we use it, and the choices you have. It applies together with our Terms of Service. By using SecFlow, you agree to this policy.

Information we collect

  • Account data: email address, display name, and authentication identifiers when you create an account or sign in with Google or Apple through Amazon Cognito.
  • Learning progress: mission responses, streaks, preferences, achievements, and related readiness signals stored in your browser and, when you sign in with cloud sync enabled, in your account profile on our cloud provider.
  • Usage analytics: aggregated product events (for example onboarding completion, mission start or complete, audio playback, and sign-in completion) when Google Analytics 4 is enabled — see Analytics below.
  • Technical data: browser type, device characteristics, approximate region from IP address, and standard server logs used to operate and secure the service.

Local storage and cookies

SecFlow stores preferences, progress, and session state in your browser's local storage so you can use the product without an account. We may use essential cookies or similar technologies required for authentication and security. We do not use advertising cookies.

How we use information

We use your information to:

  • Deliver daily missions, briefings, readiness views, and features you request.
  • Authenticate you and sync progress across devices when cloud features are enabled.
  • Improve reliability, security, and product quality (including analytics).
  • Respond to support requests and meet legal obligations.

We do not sell your personal information.

Analytics

When configured, we use Google Analytics 4 with a measurement ID supplied through environment configuration (not hard-coded in the application). Events help us understand how executives use missions and audio features. You can limit tracking with browser privacy settings or extensions that block analytics scripts.

Service providers

We use Amazon Web Services (including Cognito for authentication and, when enabled, AppSync for profile and progress sync). Google and Apple process sign-in credentials according to their own policies when you choose those options. Audio briefings may be delivered from a content delivery network when enabled.

Retention

We retain account and progress data while your account is active. When you delete your account, we remove your Cognito identity and associated cloud records, subject to reasonable backup and legal retention periods. Data in your browser may remain until you clear site data.

Account deletion

Signed-in users can delete their account from Profile → Delete account. Deletion removes your authentication identity and ends your session. If automated deletion is unavailable, email support@secflow.app from your account email with the subject "Account deletion request".

Your rights

Depending on your location, you may have rights to access, correct, export, or delete personal data, or to object to certain processing. Contact support@secflow.app to exercise these rights. We will respond within a reasonable time.

Children

SecFlow is intended for working professionals. We do not knowingly collect personal information from children under 16.

Changes

We may update this policy. Material changes will be reflected by the "Last updated" date on this page. Continued use after changes constitutes acceptance of the revised policy.