Cookie Policy | FlowChart AI – Smart AI Tool to Create Beautiful Flowcharts

Last updated: June 23, 2025

Introduction

This Cookie Policy explains how FlowChart AI, a service operated by Chaowen Tan ("we," "our," or "us") uses cookies and similar technologies on our website and services. We are committed to being transparent about our cookie practices and complying with applicable privacy laws, including the EU ePrivacy Directive, GDPR, CCPA, and other international regulations.

By continuing to use our website, you consent to our use of cookies as described in this policy, except where your consent is specifically required for non-essential cookies.

What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work more efficiently and provide a better user experience. Cookies can be set by the website you are visiting ("first-party cookies") or by third-party services used by that website ("third-party cookies").

Types of Cookies by Duration

Session Cookies: Temporary cookies that are deleted when you close your browser
Persistent Cookies: Cookies that remain on your device for a specified period or until manually deleted

Types of Cookies by Purpose

Strictly Necessary: Essential for the website to function properly
Functional: Enhance functionality and personalization
Performance/Analytics: Help us understand how visitors use our website
Marketing/Advertising: Used to deliver relevant advertisements

Strictly Necessary Cookies

These cookies are essential for our website to function properly and cannot be switched off. They are usually set in response to actions you take, such as logging in or filling out forms.

Cookie Name	Purpose	Duration	Set By
`better-auth.session_token`	Maintains your login session	Session	Our Website
`better-auth.csrf_token`	Protects against cross-site request forgery attacks	Session	Our Website
`__Secure-authjs.session-token`	Alternative session management	Session	Our Website
`__Host-authjs.csrf-token`	CSRF protection for authentication	Session	Our Website
`next-i18n-cookie`	Remembers your language preference	1 year	Our Website
`cookie-consent`	Remembers your cookie preferences	1 year	Our Website

Third-Party Authentication Cookies

These cookies are set by third-party authentication providers when you choose to log in using their services.

Cookie Name	Purpose	Duration	Set By
`__Secure-1PSID`	Google authentication and security	2 years	Google
`__Secure-3PSID`	Google authentication across domains	2 years	Google
`HSID`	Google security and authentication	2 years	Google
`SSID`	Google security identifier	2 years	Google
`APISID`	Google API authentication	2 years	Google
`SAPISID`	Secure Google API authentication	2 years	Google

Google's Privacy Policy: https://policies.google.com/privacy Data Location: United States and other Google data centers globally Legal Basis: Necessary for contract performance (login service)

Cookie Name	Purpose	Duration	Set By
`_gh_sess`	GitHub session management	Session	GitHub
`logged_in`	GitHub login status	1 year	GitHub
`dotcom_user`	GitHub user identification	1 year	GitHub
`_device_id`	GitHub device identification	1 year	GitHub

GitHub's Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement Data Location: United States Legal Basis: Necessary for contract performance (login service)

Payment Processing Cookies (Creem)

These cookies are used to securely process payments and manage billing through our Merchant of Record.

Cookie Name	Purpose	Duration	Set By
`creem_session`	Secure payment session management	30 minutes	Creem
`creem_customer_id`	Customer identification for billing	1 year	Creem
`creem_checkout_state`	Maintains checkout process state	Session	Creem
`creem_csrf`	Payment security protection	Session	Creem

Creem's Privacy Policy: https://creem.io/privacy Data Location: Singapore, Estonia Legal Basis: Necessary for contract performance (payment processing)

These cookies enable enhanced functionality and personalization but are not strictly necessary.

Cookie Name	Purpose	Duration	Set By
`theme_preference`	Remembers your dark/light mode choice	1 year	Our Website
`canvas_settings`	Saves your canvas and drawing preferences	1 year	Our Website
`user_preferences`	Stores various user preference settings	1 year	Our Website
`feature_flags`	Manages feature availability for your account	Session	Our Website
`ai_chat_history`	Maintains AI conversation context	Session	Our Website

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Cookie Name	Purpose	Duration	Set By
`plausible_ignore`	Excludes your visits from analytics (if opted out)	Permanent	Plausible
`_pa_session`	Tracks page views and user interactions	24 hours	Our Analytics
`_pa_user`	Anonymous user identification for analytics	1 year	Our Analytics

Analytics Provider: Self-hosted Plausible Analytics Data Location: Our controlled infrastructure Privacy Features: No personal data collection, no cross-site tracking Legal Basis: Legitimate interest (with opt-out option)

These cookies are used when you interact with our AI-powered flowchart generation features.

Cookie Name	Purpose	Duration	Set By
`ai_session_state`	Maintains AI conversation context	Session	Our Website
`ai_usage_tracking`	Tracks AI feature usage for billing	30 days	Our Website
`openrouter_session`	API session management for AI services	Session	OpenRouter
`flowchart_autosave`	Automatically saves your work in progress	Session	Our Website

Third-Party AI Service:

OpenRouter: https://openrouter.ai/privacy

Data Location: United States Legal Basis: Consent (for AI feature usage)

Hosting and Infrastructure Cookies

These cookies are set by our hosting provider for performance and security.

Cookie Name	Purpose	Duration	Set By
`__vercel_live`	Vercel deployment and performance tracking	Session	Vercel
`_vercel_jwt`	Vercel security and authentication	Session	Vercel

Hosting Provider: Vercel Privacy Policy: https://vercel.com/legal/privacy-policy Data Location: Global edge network Legal Basis: Necessary for service provision

Email Service Cookies (Optional)

These cookies are used if you opt-in to email communications.

Cookie Name	Purpose	Duration	Set By
`resend_tracking`	Email delivery and open tracking	30 days	Resend
`email_preferences`	Your email communication preferences	1 year	Our Website

Email Provider: Resend Privacy Policy: https://resend.com/privacy Data Location: United States Legal Basis: Consent (for email communications)

Strictly Necessary Cookies: No consent required, but we inform you about their use.

Non-Essential Cookies: We obtain your consent through:

Cookie Banner: Displayed on your first visit with clear options
Granular Control: You can accept/reject different cookie categories
Informed Choice: Clear information about each cookie type before consent

You have several options to manage cookies:

Visit our Cookie Settings page: https://flowchartai.org/cookie-settings
Toggle different cookie categories on/off
View detailed information about each cookie
Save your preferences instantly

2. Browser Settings

Chrome: Settings > Privacy and Security > Cookies and other site data Firefox: Settings > Privacy & Security > Cookies and Site Data Safari: Preferences > Privacy > Manage Website Data Edge: Settings > Cookies and site permissions > Cookies and site data

3. Third-Party Opt-Outs

Google: https://adssettings.google.com/
GitHub: Account Settings > Privacy
Creem: Contact Creem support for opt-out options
OpenRouter: Manage through your OpenRouter account settings

You can withdraw your consent at any time by:

Updating Preferences: Use our Cookie Settings page
Clearing Cookies: Delete cookies through your browser
Contacting Us: Email support@flowchartai.org
Re-visiting Banner: Clear your consent cookie to see the banner again

Important: Withdrawing consent may affect website functionality and your user experience, particularly for AI features and canvas functionality.

International Compliance

We obtain explicit consent for non-essential cookies
You can withdraw consent at any time
We provide detailed information about each cookie
We respect your right to object to cookie processing

Similar to EU requirements with additional UK-specific considerations
You can complain to the ICO about cookie practices
We follow ICO guidance on cookie consent

California (CCPA/CPRA)

Some cookies may be considered "personal information"
You have the right to opt-out of the "sale" of personal information
We do not discriminate based on your privacy choices
Note: We do not sell personal information to third parties

Other Jurisdictions

We comply with applicable cookie and privacy laws in all jurisdictions where we operate, including Canada (PIPEDA), Brazil (LGPD), and Australia (Privacy Act).

We implement appropriate security measures for cookies:

Technical Safeguards

Secure Flag: Sensitive cookies are only transmitted over HTTPS
HttpOnly Flag: Prevents client-side script access to sensitive cookies
SameSite Attribute: Protects against cross-site request forgery
Encryption: Sensitive cookie data is encrypted

Data Protection

Minimal Data: We only store necessary information in cookies
Regular Cleanup: Expired cookies are automatically removed
Access Controls: Strict controls on who can access cookie data
Monitoring: Regular security audits of cookie practices

We may update our Cookie Policy from time to time. We will notify you of any changes by posting the new Cookie Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Cookie Policy, please contact us:

Email: support@flowchartai.org
Website: https://flowchartai.org
Service Operator: Chaowen Tan

For specific questions about third-party cookies, please refer to the respective privacy policies of our service providers.