Privacy Policy

Effective
Last updated
Application
com.flowroid
On this page
  1. Introduction
  2. Data controller
  3. Permissions & data
  4. Background location
  5. Data storage
  6. Embedded HTTP server
  7. HTTP Request action
  8. Third-party services
  9. Data sharing
  10. Retention & deletion
  11. Security
  12. Children
  13. Your rights
  14. Policy changes
  15. Contact

Introduction

Flowroid (“we”, “our”, or “the app”) is an Android automation platform. This Privacy Policy explains what data Flowroid accesses, how it is used, where it is stored, and your rights with respect to that data.

Core principle: Flowroid is designed to work entirely on your device. We do not operate remote servers that receive your personal data. The permissions the app requests are used solely to power automations you configure; data stays on your device unless you explicitly create an automation that sends it elsewhere.

Data Controller

The data controller is the individual developer of Flowroid:

Permissions and Data We Access

The following table lists every Android permission Flowroid may request, why it is needed, and where the resulting data goes.

PermissionPurposeOn device?
ACCESS_FINE_LOCATIONACCESS_COARSE_LOCATIONACCESS_BACKGROUND_LOCATIONGeofence triggers — detect when you enter or leave locations you define. Background location is required so geofences fire when the app is not in the foreground.Yes — coordinates are processed by Google Play Services on-device. Flowroid does not transmit your location.
BIND_NOTIFICATION_LISTENER_SERVICENotification triggers — run automations when a notification arrives from an app you select.Yes — notification title and body are evaluated in memory and are never written to disk.
READ_PHONE_STATEPhone-call trigger — detect incoming and outgoing call state (idle / ringing / active). Flowroid does not read the phone number.Yes
READ_CONTACTSCondition evaluation — optionally match a caller against your contacts (e.g., “run only if caller is in Contacts”). Contact data is evaluated locally and is never uploaded.Yes
READ_CALENDARCalendar event trigger — start an automation when a calendar event begins or ends.Yes — event data is evaluated locally and never transmitted.
INTERNETTwo uses: (a) user-created HTTP Request actions send data to endpoints you configure; (b) Google Play Billing for subscription purchases.Only data you explicitly configure to be sent (HTTP Request action). Billing handled by Google.
ACCESS_WIFI_STATECHANGE_WIFI_STATEWi-Fi triggers (connect/disconnect) and Wi-Fi toggle action.Yes
BLUETOOTH_CONNECTBluetooth device trigger and Bluetooth toggle action.Yes
NFCNFC tag trigger — detect NFC tags to start automations.Yes
ACCESS_NOTIFICATION_POLICYDo Not Disturb control action.Yes
MODIFY_AUDIO_SETTINGSVolume and ringer-mode actions.Yes
WRITE_SETTINGSSystem settings actions (screen brightness, screen timeout, auto-rotate).Yes
CALL_PHONEPhone-call action — opens the system dialer with a number pre-filled. Flowroid does not make calls directly; the user confirms in the system dialer.Yes
SCHEDULE_EXACT_ALARMScheduled (time-based) triggers using exact alarm delivery.Yes — no data transmitted.
RECEIVE_BOOT_COMPLETEDRestart the automation service after device reboot.Yes
FOREGROUND_SERVICEFOREGROUND_SERVICE_DATA_SYNCFOREGROUND_SERVICE_SPECIAL_USEFOREGROUND_SERVICE_LOCATIONKeep the automation service running reliably in the foreground.Yes — service metadata only.
POST_NOTIFICATIONSShow the persistent foreground-service notification and user-created notification actions.Yes
WAKE_LOCKPrevent the CPU from sleeping while time-sensitive actions execute.Yes
VIBRATEVibration action.Yes
BIND_DEVICE_ADMINDevice-admin actions (lock screen). The app requests Device Administrator status only if you enable a lock-screen automation.Yes
ACTIVITY_RECOGNITIONStep Counter trigger — fire a flow when your step count reaches a threshold you set (e.g., “at 10,000 steps”). The device’s hardware step-counter sensor is read only when you create such a flow.Yes — step counts are read from the on-device sensor and evaluated locally. Flowroid never stores, uploads, or shares step or other fitness data.
PACKAGE_USAGE_STATSApp-foreground trigger — start a flow when you open a specific app. Requires the “Usage access” special permission you grant in system settings.Yes — the currently-foreground package is evaluated locally and never transmitted.
QUERY_ALL_PACKAGESApp pickers — let you choose any installed app as the subject of a trigger (notification, app-open) or action (launch, stop). Used to populate the in-app app list.Yes — the installed-app list is shown only in the picker UI on your device and is never transmitted.
SYSTEM_ALERT_WINDOWDisplay-over-other-apps — used by actions that need to show content above other apps.Yes
KILL_BACKGROUND_PROCESSES“Stop app” action — ask Android to stop a background app you select.Yes

Background Location

Why we need background location

Flowroid’s geofence feature detects when you enter or leave areas you define on a map. Geofences must be monitored continuously — including when the app is not on screen — to fire reliably. This requires the ACCESS_BACKGROUND_LOCATION permission.

Background location is used exclusively to evaluate geofence boundary crossings via the Google Play Services Geofencing API. Flowroid does not log, store, or upload your GPS coordinates. Location data is processed entirely on-device by Google Play Services; Flowroid only receives a binary “entered” or “exited” event per geofence.

If you do not create any geofence triggers, you can decline this permission and the rest of the app will work normally.

Data Storage

Local database

All flows, variables, execution history, and app settings are stored in a Room (SQLite) database on your device’s internal storage. This data never leaves the device except when you use the export feature or configure an HTTP Request action to send it.

Secret variables

Variables you mark as “Secret” (e.g., API keys, passwords) are encrypted at rest using the Android Keystore (AES-256). Secret values are never displayed in logs or the execution history UI.

Crash reports

If Flowroid crashes, a local crash report is saved to files/crashes/ on your device. These reports contain the stack trace, app version, Android OS version, and device manufacturer/model. They do not contain notification content, location data, contact data, or any other personal information. Reports are capped at 10 files (oldest deleted automatically). Crash reports are never uploaded; you can view or delete them from the app’s log viewer.

Flow execution logs

When a flow runs, Flowroid writes a log entry that includes the flow name, trigger type, action results, and any error messages. Notification titles and bodies are deliberately excluded from log entries. Logs are stored locally and you can clear them at any time in Settings → Logs.

Embedded HTTP Server

Flowroid includes an optional local HTTP server (off by default) that allows external systems to trigger flows via REST API. By default, the server binds to 127.0.0.1 (loopback only) and is not reachable from other devices on the network. An explicit “Enable LAN access” setting expands the bind address to 0.0.0.0.

When the server is enabled, any HTTP requests received are processed locally. You are responsible for securing access (API key, network configuration). We recommend not enabling LAN access on untrusted networks.

User-Configured HTTP Requests

The HTTP Request action lets you send data to any URL you configure. You are fully in control of what data is sent and to which endpoint. Flowroid does not inspect, log, or intercept the content of these requests beyond what is necessary to execute them. You are responsible for the privacy implications of the endpoints you call.

Third-Party Services

ServicePurpose in FlowroidPrivacy policy
Google Play BillingIn-app subscription purchases (Flowroid Pro). Google handles payment processing; Flowroid receives only a purchase token and subscription status.Google Privacy Policy
Google Play Services — LocationGeofencing API for location-based triggers.Google Privacy Policy
Google Maps SDKMap picker for setting up geofence locations (Pro feature). Map tiles are loaded from Google’s servers; your precise location is not sent unless you explicitly search for it.Google Privacy Policy

Flowroid does not integrate any advertising SDKs, analytics SDKs, or external crash reporting services. There are no tracking pixels or telemetry calls to Flowroid’s own servers.

Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties, except:

  • Google Play Billing — purchase transactions are handled by Google. We receive only the subscription status and purchase token, not your payment details.
  • Legal obligations — if required by law, court order, or to protect the safety of any person.
  • User-initiated HTTP requests — data you send via the HTTP Request action goes to the endpoints you configure. This is entirely under your control.

Data Retention and Deletion

All data Flowroid creates (flows, variables, logs, crash reports) lives on your device. You can delete it at any time:

  • Flows and variables: delete individually within the app, or use Settings → Reset App Data to wipe everything.
  • Execution logs: Settings → Logs → Clear Logs.
  • Crash reports: Settings → Logs → Clear Crash Reports.
  • All app data: uninstalling Flowroid removes all locally stored data from your device.

Security

We apply the following security measures to protect your data:

  • Secret variables are encrypted using AES-256 via the Android Keystore. If Keystore initialisation fails, the app refuses to store secrets rather than falling back to plaintext.
  • The API server requires an API key by default.
  • The HTTP Request action maintains a blocklist against Server-Side Request Forgery (SSRF) attacks targeting loopback, link-local, and RFC 1918 private addresses.
  • Boot receivers and background services are not exported and cannot be invoked by third-party apps.

Children's Privacy

Flowroid is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data through the app, please contact us at the address below so we can take appropriate action.

Your Rights

Because Flowroid processes data locally on your device and does not transmit it to our servers, you already hold full control over your data. Specifically:

  • Access — view all flows, variables, and logs within the app.
  • Correction — edit or delete any flow or variable at any time.
  • Deletion — use the reset or uninstall options described in Section 10.
  • Portability — export your flows as JSON files via the import/export feature.

For questions or requests related to subscription purchase data (held by Google), please contact Google directly.

Changes to This Policy

We may update this Privacy Policy when the app’s data practices change. We will update the “Last updated” date at the top of this page. For significant changes, we will provide notice within the app. Your continued use of Flowroid after an update constitutes acceptance of the revised policy.

Contact

For privacy-related questions or requests, please contact:

Back to top