Privacy Policy

Last updated: 2026

TongFlow is an open-source, local-first multi-modal AIGC studio (AGPL-3.0). When you self-host the project, the studio runs entirely on your own machine — workflows, materials, and uploads stay in a local SQLite file and on local disk. The notes below apply primarily to the optional hosted convenience version at app.tongflow.com.

If you self-host, no personal data is sent to us as the project authors. AI inference is performed through APIs you configure yourself (Modal for GPU workers, plus an LLM provider — OpenRouter, Google Gemini, OpenAI, or DeepSeek). Your relationship with those providers is governed by their own privacy policies.

1. Scope

This page describes data handling for the hosted version at app.tongflow.com. The open-source project itself does not collect data — when you run it locally or self-host it via Docker, the studio communicates only with the APIs whose tokens you configure in your own .env file.

Marketing analytics on this website (tongflow.com) are minimal and disclosed in section 5.

2. What the hosted version may process

If you use the hosted version, processing is limited to what's required to run the studio:

  • Account data: the email or third-party identity you sign in with.
  • Workflow data: nodes, prompts, and uploaded materials you place on the canvas, plus AI-generated outputs.
  • Operational logs: request timestamps and errors needed to keep the service running.

The hosted version's data-retention windows and account-deletion process will be documented here before billing is enabled. Until then, treat the hosted version as a preview.

3. Third parties that may process your data

To execute workflows, the studio (whether hosted or self-hosted) forwards inputs to the providers you choose:

  • Modal — GPU/CPU workers for transform plugins.
  • OpenRouter — text-generation routing (free or paid routes).
  • Google Gemini — text and multimodal handlers (where selected).
  • OpenAI — text-generation handlers (where selected).
  • DeepSeek — used by a small number of code paths.

Each provider's privacy policy governs how they handle the data you send them. We recommend reviewing them before piping sensitive material through the canvas.

4. Your data on a self-hosted install

When you run TongFlow with Docker or pnpm dev:

  • Workflows and materials live in data/tongflow.db (SQLite) and data/uploads/ on your filesystem.
  • There is no account system, no telemetry to the project authors, and no central file CDN required.
  • You hold the API tokens for Modal and any LLM providers; we never see them.

If you choose to publish or share content created with TongFlow, that is governed by the platforms you publish to, not by this policy.

5. This website (tongflow.com)

The marketing site you're reading uses Google Analytics 4 to count page visits and aggregate traffic sources. GA only loads after you click Accept on the cookie banner; if you Decline, no analytics cookie is set and no data is sent to Google. You can change your choice anytime via the Cookie preferences link in the footer.

No advertising cookies, no cross-site tracking, no third-party marketing pixels.

6. Your rights

For the hosted version, you can request access to or deletion of account data by emailing [email protected]. Where applicable (GDPR, CCPA/CPRA, PIPL, LGPD, APPI), the rights granted by your local law apply.

For the open-source self-hosted version, all data is in your possession — you can delete it directly by removing the local data/ directory.

7. Changes

This page will be updated as the hosted version reaches feature stability. The current version reflects v0.1.0 early-stage status: deliberately small, conservative, and limited to what we can actually guarantee.

8. Contact

Questions about privacy or this page: [email protected].