Privacy Policy

Last updated: March 2025

1. Information We Collect

We collect information you provide directly:

  • Account information: Name, email address, and password when you create an account
  • Organization information: Agency name, organization slug, and configuration settings
  • Content: Scripts, media files, and other content you upload to the platform
  • Usage data: Actions taken within the platform (approvals, adjustments, scheduling)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send transactional emails (content notifications, invite links, password resets)
  • Detect and prevent security incidents and abuse
  • Respond to support requests
  • Analyze aggregate usage patterns to improve the product

We do not sell your personal information or use it for advertising purposes.

3. Data Storage and Security

Your data is stored on Supabase (PostgreSQL database) with row-level security policies ensuring each user can only access data within their authorized workspace. Files are stored on Cloudflare R2 with access controlled via time-limited presigned URLs.

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. However, no system is completely secure and we cannot guarantee absolute security.

4. Data Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except:

  • Service providers: Supabase (database), Cloudflare R2 (file storage), Resend (email delivery), Vercel (hosting), Sentry (error monitoring)
  • Legal requirements: If required by law or to protect our rights
  • Within your organization: Data is shared with other authorized members of your FLOWDOE workspace

5. Cookies and Tracking

We use essential session cookies to maintain your authenticated session. We do not use tracking cookies or third-party advertising cookies. We may use anonymized analytics to understand how the platform is used in aggregate.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your content data

To exercise these rights, contact us at support@flowdoe.app.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

8. Children's Privacy

FLOWDOE is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy questions or concerns, contact us at support@flowdoe.app.