TheFlow Privacy Policy
Last updated: October 6, 2025
Welcome to TheFlow. This Privacy Policy explains how we collect, use, and protect your information you provide directly to us when you use our music platform in the United States. This Privacy Policy is a part of our Terms.
This policy describes how we collect, process, retain, and disclose personal data about you when providing the Service to you, and our practices for using, maintaining, protecting, and disclosing that information.
If you are a California resident, please review our California Privacy Notice which supplements this policy.
Privacy at a Glance
How We Protect Your Privacy
You own and control your data
Full data export and deletion rights
Minimal data collection for features
Transparent about what we collect
What We Never Do
Never sell your personal information
No cross-site tracking or surveillance
No training AI on your private content
No sharing data by us for advertising off TheFlow
Table of Contents
1. What Information We Collect
1.1 Information You Provide
Account and profile information including but not limited to your name, email, username, profile details, preferences, your listening/content consumption activity on TheFlow, and other information you elect to provide as part of your profile and/or in any communications on the Service
Account activity including information about your subscription, transactions, and purchase/order history
Content and communications including but not limited to music, posts, messages, photographs, videos, audio recordings, and/or other materials you upload or share
Payment and transaction information when you make purchases or receive payments, including credit/debit card information, address and phone information, information about the payment services you use in connection with the services
Biometric Information such as face prints, iris or retina scan, and other such information collected at the time we verify you as a human upon creation of your account (provided that information is used by us solely to perform such verification process at that time)
Verification and identity information to confirm your account and prevent fraud
Some of the information identified above may be considered sensitive data under certain laws. If required under applicable law, we will collect and process sensitive personal data only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.
We also collect:
Statistics or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Services feature.
Technical information. Technical information includes information about your internet connection and usage details about your interactions with the Services, such as clickstream information to, through, and from our Services (including date and time), products that you view or search for; page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.
If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal information.
1.3 Information from Third Parties
Service providers that you engage with in connection with TheFlow including but not limited to payment processors and third party verification services
Connected platforms that you choose to link to your account (subject to their policies/terms over which we have no control)
Public sources for verification, safety, and fraud prevention purposes
2. How We Use Your Information
2.1 Provide and Improve Our Services
Deliver our platform offerings including but not limited to music streaming, social features, creator tools, and personalized recommendations, as well as any other content, features, information, or products made available through TheFlow
Fulfill and manage subscriptions, purchases, payments, etc.
Fulfill any other purpose for which you provide it
Provide you with notices
Process transactions and calculate creator earnings and payments
Personalize your experience based on your preferences and activity
Develop new features and improve existing features
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
Notify you when Service updates are available and about changes to any products or services we offer or provide though them
In any other way we may describe when you provide the information
For any other purpose with your consent
2.2 Safety, Security and Legal Compliance
Maintain platform security and prevent fraud, abuse, and violations
Verify accounts and prevent unauthorized access
Comply with legal obligations including copyright, tax, and regulatory requirements
Retain information to the extent necessary to comply with law, prosecute and/or defend claims
Enforce our terms and community standards
2.3 Communication and Support
Provide customer support and respond to your questions
Send important updates about your account, our services, and policy changes
Enable community features and facilitate connections between users
Maintain platform security and prevent fraud
3. Your Data, Your Control
3.1 You Own Your Data
Your music, audience data, and creative work belong to you, not us. You can export everything and take it with you if you leave (subject to limited retention rights/obligations reserved to the Cooperative).
3.2 Export Your Information
Download all your account data in standard formats
Get your listening history and music analytics
Export your music catalog with all metadata
Access your earnings and payment history
3.3 Privacy Controls
Listening privacy: Choose who sees what you listen to
Social settings: Make your profile public or private
Music sharing: Control who sees your playlists and activity
Following: Keep your following/followers list private if you want
Turn off social features: Use TheFlow just for listening if you prefer
3.4 Delete Your Account
Request complete account deletion anytime
We'll use commercially reasonable efforts to delete your personal data within 30 days
Some records kept for legal requirements (like tax documents)
5. Data Security
5.1 How We Protect Your Information
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. Our measures include:
Encryption and secure transmission of your data both in transit and at rest
Access controls and authentication to limit who can access your information
Regular security monitoring including but not limited to audits, testing, and threat detection
Secure infrastructure with industry-standard protections and safeguards
Employee training and policies to ensure proper handling of your information
However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Service. In particular, email, texts, and chats sent to or from the Service may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.
The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.
6. How Long We Keep Your Data
6.1 Data Retention Principles
We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Service, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, personal data will be deleted, destroyed, or deidentified. Retention periods vary based on the type of information and the purposes for which we use it.
6.2 General Retention Periods
Active accounts: Information retained while your account is active and as needed to provide services
Deleted accounts: Most personal data deleted within a reasonable timeframe, with some information retained as required by law (we may retain anonymized data beyond this period of time as well for a legitimate business purpose as permitted by law)
Legal and financial records: Retained as required by applicable laws and regulations
Technical and usage data: Retained for limited periods to improve our services, then deleted or anonymized
6.3 Specific Circumstances
We may retain information for longer periods when required by law, for safety and security purposes, to resolve disputes, or to comply with regulatory requirements. In some cases, we may also retain information in anonymized form for research and service improvement purposes.
7. Children's Privacy
7.1 Age Requirements
You must be at least 13 years old (or the minimum age in your country or region, whichever is higher) to use our services. Some features, including but not limited to monetization and certain creator tools, may require you to be older or have parental consent as required by applicable law. We never knowingly collect any information from children under 13. If you believe we have collected information from you (and you are under 13) or your child (who is under 13) please contact us immediately at legal@theflow.com.
7.2 Enhanced Protections for Teens
Users under 18 receive additional privacy protections, including but not limited to:
More restrictive default privacy settings to limit data collection and sharing
Enhanced content controls and filtering for age-appropriate experiences
Limited data use for personalization and advertising purposes
Parental consent requirements where required by applicable law
Restricted monetization features until appropriate age verification
7.3 If We Discover Underage Users
If we become aware that we have collected personal information from a child under the applicable minimum age without proper consent:
Immediate action: We will promptly suspend the account and cease data collection
Data deletion: We will delete the child's personal information within a reasonable timeframe
Process improvements: We will take steps to prevent similar situations in the future
Parental notification: We will notify parents or guardians when required by applicable law
If you are a child, or you are the parent/guardian of child, and believe we have improperly collected personal information from you, please contact us immediately at legal@theflow.com.
7.4 Parental Rights and Controls
Parents and guardians have rights regarding their children's information, including but not limited to the ability to review, request deletion of, or refuse further collection of their child's personal information, subject to applicable law.
8. Cookies & Tracking
8.1 How We Use Cookies and Similar Technologies
We use cookies, web beacons, pixels, and similar tracking technologies to provide and improve our services, including but not limited to:
Essential functions required for platform operation, security, and basic functionality
Analytics and performance to understand how our services are used and improve user experience
Personalization to customize content, recommendations, and platform features
Security and fraud prevention to protect your account and prevent unauthorized access
The technologies we use for this automatic data collection may include:
Cookies. A cookie is a small file placed on your device when you interact with the Services. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable to access certain features of the Services.
Web Beacons. Some parts of the Services [and our emails ]may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those parts or [opened an email ]and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).
8.2 Your Choices and Controls
You can control cookies and tracking technologies through various methods, including but not limited to:
Browser settings to block, delete, or manage cookies and similar technologies
Platform controls within your account settings for personalization and analytics
Opt-out mechanisms for non-essential tracking and data collection
Third-party tools that help manage online tracking and privacy
8.3 What We Don't Do
No cross-site tracking across other websites or services for advertising purposes
No third-party advertising networks or marketing cookies from external companies
No behavioral profiling sold to third parties for external advertising or data broker purposes
No unnecessary tracking beyond what's required to provide our Service and optimize your experience on TheFlow
8.4 Third-Party Technologies
Some third-party services we use may employ their own tracking technologies, subject to their own privacy policies and your choices with those providers. Be aware that if you choose to link third party accounts to TheFlow, such as certain payment processor accounts, social media accounts, or others chosen by you, we have no control over such third parties and how they collect and/or handle your information. You are encouraged to read their applicable privacy policies, terms of service, and other rule governing their products and services.
9. Third-Party Services
9.1 Who We Work With
Payment processing: Trolley and Stripe for secure payments
Human verification: Sumsub for one-time liveness detection
Cloud hosting: AWS and Google Cloud for secure storage
Customer support: Tools to help us assist you better
9.2 How This is Protected
Strict contracts: All partners have agreed with us in a contract to protect your data from processing beyond what is necessary to support the Service and your chosen use of TheFlow
Limited data sharing: Only share what's necessary for the Service
Regular audits: We reserve the right to check their security practices regularly
10. Your Privacy Rights
10.1 Your Choices and Controls
Depending on your state of residency, you may have certain rights related to your personal data, including:
Access and Data Portability. To the extent feasible, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request
Correction. You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.
Deletion. You may request that we delete personal data about you that we maintain, subject to certain exception under applicable law.
Opt Out of Using Personal Data for Targeted Advertising, Profiling, and Sales. You may request that we do not use your personal data for these purposes.
10.2 US Privacy Rights
If you live in certain US states, you may have additional rights under state privacy laws, including but not limited to the right to know about, delete, or correct your personal information. Contact us at legal@theflow.com to exercise these rights.
10.3 How to Make Changes
Account settings for most privacy controls and data management
Email us at legal@theflow.com for other requests
Response time we will reasonably respond as quickly as possible, and aim to respond within 90 days for formal requests, unless a shorter response time is required
No charge for reasonable requests
11. Changes to This Policy
We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the "last updated" date and posting the updated policy on the Service. We may email or otherwise communicate reminders about this policy, but you should check our Service periodically to see the current policy and any changes we have made to it. We may also send a summary or notice to you through other means you have provided to us for communications, but we are not obligated to.
12. Contact Us
12.1 All Privacy & Legal Questions
Email: legal@theflow.com
Expected Response time: we aim to respond within 90 days for rights requests asserted in good faith, unless a shorter response time is reuqired
We handle: Privacy questions, rights requests, legal matters, security issues directly related to our Service
We do not: Provide legal advice to you
12.2 Mail
TheFlow Cooperative, Inc.
ATTN: Legal/Privacy
675 Tiffany Court
Sunnyvale, CA 94087
12.3 General Support
Email: support@theflow.com
For: Account help, technical issues, platform questions
This Privacy Policy applies to all users of TheFlow's services in the United States.
Last Updated: November 6, 2025