Privacy

Privacy policy

Last updated: April 21, 2026

Flung is a mobile voice capture app that turns memos into tasks, notes, events, or reminders. This page describes precisely what Flung collects, who that data is shared with, how long it's kept, and how to exercise your rights.

Data controller

Flung is operated by Julien Aguer. For any privacy-related question, contact hello@flung.app.

What Flung collects

Audio and transcription

  • Audio: your voice is sent to our API only for the duration of the transcription. Audio is never stored (neither on your device after sending, nor on our servers).
  • Transcription: the transcribed text is stored in our database to allow consultation of your history and recovery in case of routing error. These transcriptions are tied to your user identifier and don't leave it.

Intents and routed contents

  • The detected intent type (task, note, event…), the title and structured content extracted from your memo are stored so the app can display your history and allow undoing an action.
  • If you've connected an external tool (Todoist, Notion, Google Calendar, Microsoft To Do, OneNote, Outlook Calendar, Apple Reminders), the intent content is sent to that tool according to your destination choices.

Account and authentication

  • Flung allows usage without an account (anonymous session tied to your device).
  • If you create an account via Sign in with Apple or Sign in with Google, we receive an opaque identifier and, if you authorize it, your email. We never receive any password.

OAuth tokens for connected tools

  • When you connect an external tool, we store an access or refresh token issued by that tool. This token is encrypted (AES-256-GCM) before being saved.
  • This token is only used to execute actions you trigger from Flung. It can be revoked at any time from the app settings or the connected tool's dashboard.

Technical data

Minimal technical logs (durations, error codes, anonymized identifiers) are generated to ensure service reliability. No full voice content or transcription is logged.

Sub-processors

Flung relies on the following providers. Each one receives only the minimum data necessary for its function:

  • Groq (United States) — audio transcription (Whisper) and text classification (Llama). Receives audio during transcription and text during classification.
  • Anthropic (United States) — text classification (Claude) as a fallback if Groq is unavailable. Receives only the transcribed text.
  • Supabase (EU hosting) — authentication, session management, encrypted OAuth token storage, and user preferences.
  • Cloudflare (global infrastructure, including the EU) — hosting of the API and database (D1) where transcriptions and intents are stored.
  • Apple / Google — native authentication (Sign in with Apple, Sign in with Google) when you choose to create an account.
  • Third-party tools you connect — Todoist, Notion, Google Calendar, Microsoft To Do, OneNote, Outlook Calendar. Each receives only the contents you explicitly send to them.

Some of these sub-processors are located outside the European Union. Transfers are governed by the European Commission's standard contractual clauses or equivalent mechanisms.

Security

  • All communications between the app and our servers are encrypted in transit (TLS).
  • OAuth tokens are encrypted at rest with AES-256-GCM before storage.
  • Authentication relies on JWT tokens signed with ECDSA P-256 and verified on every request.
  • Each user's data is isolated from others by a unique identifier verified server-side.

Retention

  • Audio: not retained.
  • Transcriptions, intents, OAuth tokens, preferences: kept as long as your account exists. Deleted immediately if you delete your account from the app (Settings → Privacy → Delete my account).
  • Technical logs: kept up to 30 days for diagnostics and abuse prevention.

Your rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Access and portability — obtain a copy of your data.
  • Rectification — have inaccurate data corrected.
  • Erasure — delete your account and all associated data. Directly from the app, or by email to hello@flung.app.
  • Objection and restriction — object to certain processing.
  • Complaint — file a complaint with the CNIL (cnil.fr) if you believe your rights aren't being respected.

Google Calendar

Flung's use of data received via Google Calendar APIs complies with the Google API Services User Data Policy, including Limited Use requirements. Google access is only used to create or read events that you explicitly request in Flung, and is never used for advertising purposes or resold.

Changes

This policy may evolve. The last update date is shown at the top of this page. Significant changes will be notified within the app.

Contact

To exercise your rights or for any question: hello@flung.app.

Back to flung.app