PinguFlow is designed to keep API work local unless you decide otherwise.

1. Scope

This Privacy Policy applies to the PinguFlow mobile application and this static promotional website. The website, as delivered in this repository, does not set cookies or include analytics scripts, ad pixels, or contact forms.

2. Information PinguFlow stores

PinguFlow stores workspace information directly on your device so the app can function. This may include saved requests, request URLs, headers, body content, test definitions, collections, folders, environments, app settings, and request history.

When you mark credentials or variable values as secret, PinguFlow stores those values separately using secure OS-backed storage rather than alongside the rest of the workspace data.

3. How PinguFlow uses information

PinguFlow uses locally stored information to let you compose, organize, execute, inspect, test, export, import, and clear API workspaces on your device. PinguFlow does not need an account to provide these core features in the current implementation.

4. When data leaves your device

PinguFlow sends network traffic only when you explicitly run a request. At that point, the target server or API provider will receive the request data needed to answer, which may include the URL, headers, query parameters, request body, authentication data, your IP address, and other technical information normally included in an internet request.

Those third-party services control their own privacy practices. PinguFlow does not control how an API provider stores, logs, or uses the requests you send to it.

5. Clipboard, exports, and imports

PinguFlow can copy workspace exports, debug logs, and response content to your device clipboard when you request that action. PinguFlow can also paste workspace JSON from your clipboard when you choose to import it.

Workspace exports intentionally strip secret-backed auth values and secret-backed environment values before export. Debug log exports are also intended to omit secrets.

Clipboard behavior is governed in part by your device operating system. Other apps or OS features may handle clipboard contents according to their own rules once you copy data there.

6. Third-party services and tracking

The current PinguFlow app implementation does not include built-in analytics SDKs, advertising SDKs, or user profiling systems. PinguFlow also does not sell personal information.

PinguFlow does rely on standard platform and framework components needed to run the app, including device operating system storage services and networking functionality.

7. Data retention and control

Data stored by PinguFlow remains on your device until you delete it, clear workspace data from within the app, overwrite it with an imported workspace, or uninstall the app.

PinguFlow includes controls to clear saved requests, collections, environments, history, and stored secrets from the device.

8. Security

PinguFlow is designed to store non-secret workspace data in local application storage and secret-backed values in secure OS-backed storage. No security measure is perfect, and you remain responsible for the APIs and credentials you choose to use with the app.

9. Children’s privacy

PinguFlow is not directed to children under 13 and is intended as a developer utility. If you believe a child has provided personal information through PinguFlow, stop using the affected data and contact the developer through the website below.

10. Changes to this policy

PinguFlow may update this Privacy Policy as the product changes. If future versions add accounts, cloud sync, analytics, support tooling, or other hosted services, this policy should be updated to reflect those changes before release.

11. Contact

PinguFlow is developed by Mary Sabio. For privacy questions, visit www.msaysabio.com.