Privacy Policy

Last updated: October 2025

Introduction

Junbi LLC ("we," "us," or "our") operates flowviz.io and provides two distinct services:

• FlowViz Gallery: A free community platform where users can upload and share attack flow visualizations
• Managed Hosting: Custom enterprise hosting solutions for FlowViz deployments

This Privacy Policy explains how we collect, use, and protect your information when you use our website and services. FlowViz open-source software itself is self-hosted and sends no data to us.

Information We Collect

Website Visitors

When you browse our website, we collect:

• Basic analytics information (page views, site usage patterns, session duration)
• Browser type and device information
• Referring websites and navigation patterns
• IP address and approximate geographic location
• Cookies and similar tracking technologies (via Google Analytics)

Gallery Users (Registered Accounts)

When you create an account and use the gallery, we collect:

• Authentication Data: Email address, display name, Firebase User ID (UID), authentication method (email/password or Google OAuth)
• Upload Metadata: Flow titles, descriptions, upload timestamps, visibility settings (public/private), anonymous posting preferences
• Flow Files: The .flowviz files you upload, including all content within those files (nodes, edges, MITRE ATT&CK mappings, descriptions)
• Activity Data: Flows you've bookmarked, liked, or viewed
• IP Address: For security and abuse prevention

Anonymous Posting: When you choose to post anonymously, your username is hidden from the public gallery, but we still store your User ID internally to associate the upload with your account. You can manage and delete your anonymous uploads from "My Uploads."

Managed Hosting Customers

For enterprise customers using our Managed Hosting service, data collection, processing, and privacy terms are defined in separate service agreements and Data Processing Agreements (DPAs) with each customer. These agreements specify:

• What data is collected and how it is processed
• Data retention and deletion policies
• Security measures and compliance requirements
• Customer data ownership and export rights
• Third-party data processors and subcontractors

This Privacy Policy does not govern Managed Hosting data processing. Managed Hosting customers should refer to their individual service agreements for privacy terms.

How We Use Your Information

We use the information we collect to:

• Provide and maintain our website and gallery service
• Authenticate users and protect accounts from unauthorized access
• Store and display flow visualizations in the public gallery
• Allow users to manage their uploads, bookmarks, and account settings
• Monitor and analyze usage patterns to improve our services
• Detect, prevent, and address technical issues and security threats
• Respond to support requests and communicate with users
• Comply with legal obligations and enforce our Terms of Service

For Managed Hosting customers, data usage is specified in individual service agreements.

Data Sharing and Third Parties

We share your information with the following third parties:

Service Providers

• Google Firebase: Authentication, database storage (Firestore), and file storage. Firebase is our primary data processor and is governed by Google's privacy policies.
• Vercel: Website hosting and content delivery network.
• Google Analytics: Website analytics and usage tracking. You can opt out using browser extensions or Google Analytics opt-out tools.

Public Gallery Sharing

When you upload a flow to the gallery with public visibility, the following information becomes publicly accessible:

• Flow title and description
• The complete .flowviz file contents
• Your username (unless you choose anonymous posting)
• Upload date
• View count, like count, and public comments (if implemented)

By uploading public flows, you consent to this public sharing. Only upload information you are comfortable making publicly available to the cybersecurity community.

Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• Comply with legal process or respond to lawful requests
• Enforce our Terms of Service or Content Policy
• Protect the rights, property, or safety of Junbi LLC, our users, or the public
• Detect or prevent fraud, security breaches, or technical issues

Data Retention and Deletion

Active Data: We retain your account information and uploads for as long as your account is active and you choose to keep your content in the gallery.

Deletion: When you delete a flow or close your account, we delete the associated data immediately from our active systems. However:

• Backups may retain data for a brief period (typically less than 30 days) before being overwritten
• Anonymized analytics data may be retained indefinitely
• We may retain minimal information if required by law or to prevent abuse
• Public flows that others have downloaded cannot be removed from their systems

Your Privacy Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update your account information (display name, email) through your account settings
• Deletion: Delete your flows from "My Uploads" or close your account entirely
• Data Portability: Export your flows as .flowviz files from the gallery
• Opt-Out: Opt out of Google Analytics tracking using browser settings or opt-out tools
• Withdraw Consent: Close your account to stop further data processing

To exercise these rights or request your data, contact us at admin@junbitech.com.

Security

We take reasonable measures to protect your information:

• All data transmission uses HTTPS encryption
• Authentication is handled by Firebase with industry-standard security practices
• Passwords are hashed and never stored in plaintext
• User IDs are anonymized internally and not exposed publicly
• Regular security monitoring for unauthorized access

However, no method of transmission or storage is 100% secure. Use the gallery at your own risk and never upload classified, confidential, or sensitive information.

Open Source Software

FlowViz open-source software is available on GitHub under the MIT License. When you download and self-host FlowViz:

• You run the software on your own infrastructure
• Your data stays completely private and under your control
• No information is sent to Junbi LLC or any third party
• You are responsible for securing your own deployment

This Privacy Policy applies only to our website and hosted services, not to self-hosted installations of the open-source software.

Children's Privacy (COPPA Compliance)

FlowViz services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at admin@junbitech.com and we will delete such information.

International Data Transfers

FlowViz is operated from the United States. Our service providers (Firebase, Vercel, Google Analytics) may process and store your data in the United States or other countries. By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), Google Firebase complies with the EU-U.S. Data Privacy Framework and provides appropriate safeguards for international data transfers.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at admin@junbitech.com.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access, rectification, erasure, and data portability
• Right to restrict or object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

Our legal basis for processing your information: (1) Consent when you create an account and upload content, (2) Contract performance when providing managed hosting services, (3) Legitimate interests for analytics and security.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact:

Junbi LLC
Email: admin@junbitech.com
Website: flowviz.io