Flow Third-Party Notices
Third-party materials, licenses, and attribution notices for Flow apps.
Last updated: May 23, 2026
1. Purpose
Flow apps may include open-source packages, macOS frameworks, update tooling, blocklists, audio assets, documentation, threat-intelligence feeds, or other third-party materials. Those materials remain subject to their own licenses, notices, and terms.
2. Open-Source Software
Flow apps may use open-source libraries for app updates, local databases, keyboard shortcuts, markdown processing, testing, packaging, and related app infrastructure. License notices are preserved in app bundles, source distributions, about screens, or repository notices where applicable.
3. Adieu Blocklists
Adieu may interoperate with community-maintained blocklists, hosts files, or similar third-party filtering sources. These sources are used for local filtering on the device you control and may change over time. Their licenses, availability, accuracy, and maintenance remain controlled by the source projects.
- EasyList: easylist.to/easylist/easylist.txt. Licensed by the EasyList repository under GPLv3-or-later or CC BY-SA 3.0-or-later unless otherwise noted. Attribution: The EasyList authors (easylist.to).
- EasyPrivacy: easylist.to/easylist/easyprivacy.txt. Licensed by the EasyList repository under GPLv3-or-later or CC BY-SA 3.0-or-later unless otherwise noted. Attribution: The EasyList authors (easylist.to).
- StevenBlack hosts: github.com/StevenBlack/hosts. Licensed under the MIT License. Copyright Steven Black and contributors.
4. Detour Link Protection Sources
Detour can download public phishing, malware, badware, and threat-intelligence feeds for local matching before a link opens. Clicked URLs are not sent to these source projects for scanning. Feed availability, accuracy, licensing, and maintenance remain controlled by each source project.
- Phishing Army: phishing.army/download/phishing_army_blocklist_extended.txt.
- PhishNet: phishnet.cc/feed.txt.
- OpenPhish Community: openphish.com/feed.txt.
- URLhaus Online URLs: urlhaus.abuse.ch/downloads/text_online/.
- URLhaus Hostfile: urlhaus.abuse.ch/downloads/hostfile/.
- Block List Project Phishing: blocklistproject.github.io/Lists/phishing.txt.
- Block List Project Malware: blocklistproject.github.io/Lists/malware.txt.
- Phishing Database Active Domains: Phishing.Database phishing-domains-ACTIVE.txt.
- Dandelion Sprout Anti-Malware: Dandelion Sprout's Anti-Malware List.
- PhishDestroy Active Domains: phishdestroy/destroylist active_domains.json.
Detour also uses a Chirripó-maintained protected-brand catalog for deterministic lookalike-domain warnings. That internal catalog is separate from public threat feeds and is used only to name a brand when the domain is similar to a known protected brand and is not one of its listed official domains.
Candidate sources tracked for review but not enabled by default include uBlock Badware Risks and HaGeZi Threat Intelligence.
5. Biwave Generated Audio
Biwave generates its ambient soundscapes locally in the app. It does not use an audio-provider API or bundled third-party music tracks.
6. Corrections
If you believe a required attribution or license notice is missing or inaccurate, email legal@chirripo.studio with the product name, material, source, and license details.