Flowspace ("Flowspace", "we", "us", or "our") provides a cloud-based collaboration platform for teams. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the choices you have.

This policy applies to visitors of our marketing website, account holders, workspace members, and anyone who interacts with our support channels. It does not apply to third-party services you connect to Flowspace (such as GitHub or Slack), which are governed by their own privacy policies.

The information we collect depends on how you use Flowspace. We group it into the categories below.

Information you provide directly

• Account details — name, email address, profile photo, job title, and authentication credentials when you sign up via email or OAuth providers (e.g., GitHub).
• Workspace content — projects, tasks, comments, files, and messages you create or upload within your organization's workspace.
• Billing information — payment method and billing address processed by our payment provider; we do not store full card numbers on our servers.
• Support and contact submissions — information you include when contacting sales, support, or submitting our contact form.

Information collected automatically

• Usage data — features used, pages viewed, click patterns, session duration, and interaction events within the product.
• Device and log data — IP address, browser type, operating system, device identifiers, and timestamps for security and diagnostics.
• Cookies and similar technologies — see the Cookies section below for details.

Information from third parties

If you connect integrations (e.g., GitHub, Slack), we receive limited profile and activity data authorized by you through OAuth. We only request scopes necessary to provide the integration feature.

We use personal information for the following purposes:

1. Provide the Service — create and manage accounts, authenticate users, sync workspace data, and deliver core product functionality.
2. Communicate with you — send transactional emails (invites, password resets, billing receipts), product announcements, and respond to support requests.
3. Improve and develop — analyze aggregated usage to fix bugs, optimize performance, and prioritize new features.
4. Security and fraud prevention — detect abuse, investigate incidents, and protect the integrity of the platform.
5. Legal compliance — satisfy legal obligations, respond to lawful requests, and enforce our Terms of Service.

We process data based on contractual necessity (to provide the Service), legitimate interests (security and product improvement), consent (where required, such as marketing emails), and legal obligations.

We do not sell, rent, or trade your personal information. We share data only in the limited circumstances described below.

• Service providers — trusted vendors who assist with hosting (Vercel), content management (Sanity), email delivery, analytics, and payment processing. These providers are bound by data processing agreements and may only use data to perform services on our behalf.
• Within your organization — workspace admins and members can access content according to role-based permissions you configure.
• Business transfers — if Flowspace is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction with notice to affected users.
• Legal requirements — when required by law, subpoena, or to protect the rights, property, or safety of Flowspace, our users, or the public.

We retain personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Active accounts — data is retained for the life of the subscription or free account.
• Deleted accounts — workspace content is purged within 30 days of confirmed deletion; backups may persist for up to 90 days before being overwritten.
• Audit logs — security and access logs are retained for 12 months on Pro plans and 24 months on Enterprise plans.
• Billing records — retained for 7 years to comply with tax and accounting regulations.

You may request earlier deletion by contacting privacy@flowspace.dev. Some data may be retained where required by law.

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• TLS encryption for data in transit
• Encryption at rest for databases and file storage
• Role-based access controls and SSO support on eligible plans
• Regular vulnerability assessments and penetration testing
• Employee access limited on a need-to-know basis

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at security@flowspace.dev.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — update inaccurate or incomplete information in your account settings or by contacting us.
• Deletion — request deletion of your account and associated data, subject to legal retention requirements.
• Portability — export your workspace data in a machine-readable format.
• Objection and restriction — object to certain processing or request restricted use of your data.

For users in the European Economic Area and UK, you also have the right to lodge a complaint with your local data protection authority. California residents may have additional rights under the CCPA/CPRA, including the right to know and the right to opt out of certain data sharing (note: we do not sell personal information).

We use cookies and similar technologies to operate the Service and understand how our marketing site is used.

• Essential cookies — required for authentication, session management, and security. These cannot be disabled while using the product.
• Analytics cookies — help us measure traffic and usage patterns on our marketing pages. You may opt out via your browser settings.
• Preference cookies — remember settings such as theme (light/dark mode) and language.

Most browsers allow you to control cookies through settings. Disabling essential cookies may prevent you from signing in or using core features.

Flowspace is operated from the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our service providers operate.

Where required, we use Standard Contractual Clauses (SCCs) or equivalent mechanisms to ensure adequate protection for international data transfers from the EEA, UK, and Switzerland.

Flowspace is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify account holders via email or in-app notification at least 14 days before changes take effect
• For significant changes affecting how we use personal data, request renewed consent where required by law

Continued use of the Service after the effective date constitutes acceptance of the updated policy.