1. Who operates CurrentFlow
CurrentFlow is operated by Kenshu Dieguez in Virginia, United States. Questions or privacy requests can be sent to support@currentflow.org.
2. Our approach
CurrentFlow is designed to do most of its work on your Mac. We do not sell personal information, serve advertising, or use your calendar and task information to build advertising profiles.
3. Information processed by the website
The public website does not offer user accounts, collect newsletter signups, or install advertising or analytics trackers. Like most hosted websites, our hosting and security provider may process standard request information such as IP address, browser type, requested page, and request time to deliver the site, prevent abuse, and maintain reliability.
If you email support, we receive the address and information you choose to include. We use it to answer your request and maintain appropriate support records.
4. Information processed by the macOS app
Notion
When you connect Notion, you choose the workspace pages available to CurrentFlow. The app reads and updates the task and Work Session fields needed to create, balance, and maintain your schedule. This can include task names, status, due dates, estimates, work-session dates, durations, and the relationships between those records.
Google Calendar
CurrentFlow requests the narrow Google Calendar free/busy permission. It receives occupied time ranges for calendars you select. It does not request or use event titles, descriptions, locations, attendees, or attachments.
CurrentFlow's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Local settings and logs
Scheduling preferences, selected data-source identifiers, connection state, and operational health records are kept on your Mac. CurrentFlow is designed to redact credentials and sensitive identifiers from its diagnostic logs.
5. Credentials and authorization
Notion and Google authorization tokens are stored locally in macOS Keychain. CurrentFlow does not place these credentials in its ordinary configuration files or diagnostic exports.
Notion's authorization flow uses a service at api.currentflow.org so the Notion client secret is never shipped inside the desktop app. That service creates a short-lived authorization session, encrypts the authorization result, and permits a single redemption by the requesting app. Sessions expire after approximately ten minutes and are removed after redemption or expiration cleanup.
The service retains a random installation identifier, a one-way hash of its installation credential, and creation, last-seen, and revocation timestamps. It does not store your Notion workspace content. Tokens pass through the service when you request refresh or revocation but are not stored there as part of the installation record.
6. How information is used
- To authenticate the connections you request.
- To calculate availability and create or update Work Sessions.
- To diagnose failures and protect the service against abuse.
- To respond when you contact support.
- To comply with applicable law and enforce our terms.
7. When information is shared
We use service providers only where needed to operate CurrentFlow, including Cloudflare for website and authorization-service delivery, Notion for the workspace connection, Google for Calendar authorization and free/busy data, and Apple for macOS platform services. Each provider processes information under its own terms and privacy commitments.
We may also disclose information when reasonably necessary to comply with law, protect users, investigate abuse, or defend legal rights. We do not sell or rent personal information.
8. Retention and deletion
Local credentials can be removed by disconnecting a service or using CurrentFlow's reset function. You can also revoke access from your Notion or Google account settings. Removing the app does not delete your Notion pages or Google Calendar data.
Support messages are retained as reasonably needed to resolve requests and maintain business records. Revoked installation records may retain non-secret identifiers and timestamps for security, fraud prevention, and audit purposes.
9. Security
We use safeguards intended to protect information, including HTTPS, short-lived authorization sessions, encryption for the one-time Notion handoff, one-way credential hashing, Keychain storage, and restricted diagnostic output. No method of storage or transmission can be guaranteed completely secure.
10. Your choices and rights
Depending on where you live, you may have rights to request access, correction, deletion, or information about the personal information we hold. Email support@currentflow.org to make a request. We may need to verify your identity before fulfilling it.
11. Children
CurrentFlow is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
12. International processing
CurrentFlow is operated from the United States. Information processed by our service providers may be handled in the United States and other countries where they operate.
13. Changes to this policy
We may update this policy as CurrentFlow develops. Material changes will be reflected by updating the effective date and, when appropriate, providing additional notice.