FlowSentric
Sign in Start Free Trial
ProductFeaturesUse casesServicesPricingFAQSign in Start Free Trial
Legal

Privacy Policy

Last updated: June 7, 2026

1. Who we are

FlowSentric is operated from Germany. Contact: hello@flowsentric.com. We are the data controller for your personal data under the EU General Data Protection Regulation (GDPR).

2. Data we collect

  • Account data: Name, email, password hash, profession (optional).
  • Usage data: Conversations, agent configs, workflows, uploaded files — all stored encrypted and tenant-isolated.
  • Technical data: IP address (hashed for sessions), browser user-agent, timestamps.
  • Payment data: Processed by Stripe. We never store full card numbers.
  • Contact & enquiry data: If you use our contact form, we process the name, email, company and message you submit (plus your IP address and browser, for spam protection) to respond to your enquiry. Legal basis: steps taken at your request prior to a contract and our legitimate interest in answering enquiries (GDPR Art. 6(1)(b) and (f)).

3. How we use your data

  • To provide and improve the FlowSentric platform.
  • To enforce plan limits, billing and security.
  • To communicate service updates (you can opt out).
  • We never sell your data or use it to train AI models.

4. AI model providers

When you use a third-party model (OpenAI, Anthropic, Google, etc.), your prompt is sent to that provider's API. Our PII masking layer removes sensitive data before it leaves FlowSentric. Each provider's own privacy policy applies to data they receive. You can pin requests to EU or US regions.

5. Data retention

  • Account data: retained while your account is active + 30 days after deletion request.
  • Conversations & files: retained per your plan's history settings; deletable at any time.
  • AI Sessions (Party): ephemeral — auto-deleted after expiry.
  • Logs & audit trail: retained per plan tier (7–365 days).

6. Your rights (GDPR Art. 15–22)

You have the right to access, rectify, erase, restrict processing, data portability and object to processing. To exercise any right, email hello@flowsentric.com. We respond within 30 days. You also have the right to lodge a complaint with your local data-protection supervisory authority (GDPR Art. 77).

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Secrets use Fernet encryption. Access is role-based with strict tenant isolation. We conduct regular security audits.

8. Cookies

This marketing website uses only essential cookies (theme preference, language choice) stored in localStorage. No tracking cookies, no analytics scripts. The application (app.flowsentric.com) uses a session cookie for authentication only.

9. Third-party processors

  • Stripe — payment processing (PCI-DSS compliant).
  • Microsoft 365 — transactional & contact-enquiry email delivery.
  • AI providers — as selected by you (OpenAI, Anthropic, Google, etc.). Where a provider processes data outside the EU/EEA, transfers rely on adequacy decisions or EU Standard Contractual Clauses; you can pin requests to EU regions.
  • Infrastructure — EU-based hosting.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect.

11. Contact

For privacy questions or to exercise your GDPR rights:
hello@flowsentric.com