Privacy Policy

We collect information in three ways: Information you provide directly: • Account details: name, email address, phone number, and password • Organization profile: company name, industry, country, and billing details • Support communications: messages, attachments, and feedback you send us • Flow content: the applications, menus, and conversation scripts you build on our platform Information collected automatically: • Device and browser data: IP address, browser type, operating system, and device identifiers • Usage data: pages visited, features used, session durations, and click patterns • Log data: server access logs, error reports, and performance metrics Information from third parties: • Authentication providers if you sign in via OAuth • Payment processors (we receive transaction confirmations, not full card details) • Telecom partners who may share USSD session metadata when you deploy flows

If you are located in the European Economic Area, UK, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases: • Contractual necessity: To provide the services you have signed up for, including account management, flow hosting, and billing • Legitimate interests: To improve the Platform, prevent fraud, ensure security, and communicate product updates — where these interests are not overridden by your privacy rights • Consent: For optional communications such as marketing newsletters — which you can withdraw at any time • Legal obligation: To comply with applicable laws, court orders, or regulatory requirements For users outside the EEA, we still apply equivalent data protection standards as described in this policy.

We use the information we collect to: • Operate and deliver the Platform, including authenticating your identity, processing payments, and hosting your flows • Improve and develop new features by analyzing usage patterns and performance data • Communicate with you about your account, including security alerts, billing notices, and product updates • Provide customer support and respond to inquiries • Enforce our Terms of Service and prevent fraudulent, abusive, or illegal activity • Comply with legal obligations and respond to lawful requests from authorities • Send optional marketing communications — only with your explicit consent, and you may unsubscribe at any time We do not use your flow content or end-user data for advertising, profiling, or sale to third parties.

We do not sell your personal data. We share data only in the following limited circumstances: Service providers: We engage vetted third-party providers for infrastructure hosting, payment processing, email delivery, analytics, and customer support. These providers are bound by data processing agreements and may only process data as instructed. Telecom and channel partners: When you deploy a flow over USSD, SMS, or another channel, session metadata is shared with the relevant telecom or messaging partner to route and deliver the interaction. Legal compliance: We may disclose data if required by law, court order, or governmental authority, or to protect the rights, property, or safety of FlowApp Studio, our users, or the public. Business transfers: If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy. With your consent: We will share data for other purposes only with your explicit permission.

We implement industry-standard security measures to protect your data, including: • Encryption of data in transit using TLS 1.2+ and at rest using AES-256 • Role-based access controls and least-privilege principles for our staff • Regular third-party security audits and penetration testing • Automated monitoring for anomalous access patterns and potential threats • Secure, redundant data centers with physical access controls Despite these measures, no system is completely immune to breaches. In the event of a security incident affecting your data, we will notify you within 72 hours as required by applicable law. You are responsible for maintaining the security of your account credentials. Use a strong, unique password and enable two-factor authentication.

Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you • Rectification: Correct inaccurate or incomplete data • Erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements • Restriction: Ask us to limit processing of your data in certain circumstances • Portability: Receive your data in a structured, machine-readable format • Objection: Object to processing based on legitimate interests • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing To exercise these rights, email us at privacy@flowappstudio.com. We will respond within 30 days. There is no charge for reasonable requests. If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.

Data Retention: We retain your account data for as long as your account is active. After account closure, we retain data for up to 90 days to allow for reactivation or dispute resolution, then securely delete it. Certain records may be retained longer where required by law (e.g., financial records for tax purposes). Flow content and end-user session data generated by your flows is retained according to the data retention settings in your account. You can configure and manage retention periods from your dashboard. International Transfers: FlowApp Studio operates globally. Your data may be transferred to and processed in countries outside your home jurisdiction. When transferring data from the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. By using the Platform, you acknowledge that your information may be transferred to our servers and processed in the countries where we and our service providers operate.

Contact: For privacy-related questions, requests, or concerns, please contact our Privacy Team: Email: privacy@flowappstudio.com Response time: within 30 days of receipt For urgent security concerns: security@flowappstudio.com Policy Updates: We may update this Privacy Policy to reflect changes in our practices, technology, or applicable law. When we make material changes, we will: • Post the updated policy on this page with a revised "Last Updated" date • Notify you via email or in-app notification at least 14 days before changes take effect Your continued use of the Platform after the effective date of changes constitutes acceptance of the revised policy.