CFAI (Cognitive Flow AI) is a real-time cognitive assistant that enhances thinking and decision-making.

Which platforms does CFAI support?

CFAI currently supports Windows, with future builds planned for macOS and Linux.

Privacy Policy

Last updated: May 21, 2026

1. Introduction

This Privacy Policy explains how Cognitive Flow AI ("CFAI", "we", "us", or "our") collects, uses, and protects your personal information when you use our Windows desktop application for meeting transcription and cognitive support.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect and Store

We collect and store the following information:

Email address — stored in plain text for account identification and communication
Password — hashed using Argon2id algorithm (irreversible, industry-standard security)
IP address and device information — for session management and security purposes
Anonymous interaction counts — only the type and number of interactions, never the content
Custom tags and prompts — any personalized settings you create within the app

Legal basis for processing: Account data (email, password) is processed on the basis of contract performance (Art. 6(1)(b) GDPR). Security data (IP, device info) is processed on the basis of legitimate interests (Art. 6(1)(f) GDPR). Payment data is processed on the basis of contract performance and managed by Stripe.

3. Data That Passes Through But Is NOT Stored

The following data is processed locally on your device and never stored on our servers:

Audio recordings — transcribed locally on your device using an on-device Whisper AI model. Audio is never sent to external servers for transcription.
Text transcriptions — generated entirely on-device and returned to you in real-time, not persisted on our infrastructure.
AI chat conversations — processed and returned to you, never saved server-side

Important: All audio and transcription data is managed locally on your device. External API calls are made exclusively over encrypted HTTPS connections. We never access, store, or analyze your audio or transcription content.

4. Third-Party Services

CFAI integrates with the following third-party services:

Anthropic (Claude) — for AI chat and cognitive inference (Pro users only), via encrypted HTTPS
Groq — for AI chat inference (Trial users), via encrypted HTTPS
Stripe — payment processing and subscription management. Stripe collects billing information directly and is subject to its own Privacy Policy
Railway — backend hosting infrastructure (EU region)
Neon — PostgreSQL database hosting

Each of these services has their own privacy policies. We encourage you to review them. All connections to external services are made exclusively over encrypted HTTPS — your data is never transmitted in plain text.

International Data Transfers: Anthropic and Groq are US-based services. Data transmitted to these services is protected under Standard Contractual Clauses (SCCs) approved by the European Commission. No audio or transcription data is ever transferred — only AI chat prompts and responses.

5. Data Security

We implement robust security measures to protect your data:

All traffic is encrypted using HTTPS/TLS
API keys are encrypted at rest using AES-GCM encryption
Passwords are hashed with Argon2id (not reversible)
Backend servers are hosted in the EU region
Regular security audits and updates

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Right to access — request a copy of your personal data
Right to rectification — correct inaccurate personal data
Right to erasure — request deletion of your account and all associated data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to certain types of processing
Right to withdraw consent — withdraw consent at any time

To exercise any of these rights, please contact us at support@cfai.io.

EU AI Act Compliance

CFAI is committed to transparency in its use of AI systems. In accordance with applicable provisions of the EU AI Act, we disclose that this application uses AI models for cognitive support and meeting assistance. These systems are not used for prohibited or high-risk purposes as defined under the Act.

7. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, all your data will be permanently removed within 30 days.

CFAI is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the application.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@cfai.io