FFlowtora
Legal

Privacy policy

Last updated: January 1, 2026

This policy explains what personal data Flowtora, Inc. (“Flowtora,” “we,” “us”) collects when you use the Flowtora platform, website, and related services, and how we use it. Plain-English version: we collect the minimum we need to run the product, we never sell it, and you can take it with you when you leave.

What we collect

Account data. Your name, email, company, role, and any profile information you enter. You provide this directly; we store it to give you access.

Workspace data. The customers, quotes, orders, invoices, files, and other business records you create inside Flowtora. This data is yours — we process it to operate the service.

Usage telemetry. We record basic product events (pages visited, features used, errors encountered) to improve the product. This telemetry is attributed to your account but not shared externally.

Security logs. Sign-in events, permission changes, and audit-sensitive actions are logged for your safety and our compliance.

Marketing interactions. If you submit a contact, demo, or newsletter form, we keep your submission (and a hashed copy of your IP, for spam prevention) until you unsubscribe or request deletion.

Why we collect it

  • To operate and secure the product.
  • To respond to your support requests and notify you of changes that affect your account.
  • To detect abuse, fraud, and spam.
  • To improve features based on how customers actually use them.

We do not sell your personal data. We do not share it for third-party advertising. We do not build profiles on your end customers from the data you store with us.

Who sees it

Flowtora staff may access your data in the course of providing support — always with an audited impersonation session and a banner displayed in your workspace while the session is active.

We use a small, current list of sub-processors to operate the service (managed Postgres, hosting, email delivery, file storage, payments). The list is published on our security page.

How long we keep it

For as long as your workspace is active. After cancellation, you have 30 days of full export access. We soft-archive for another 60 days (retrievable through support). After that, we permanently delete. You can request immediate deletion at any time.

Marketing-form submissions are retained until you ask us to delete them (email support@flowtora.com) or until 24 months have passed without further contact, whichever is sooner.

Your rights

You can access, export, correct, or delete your personal data at any time from within the app or by emailing support@flowtora.com. If you're in a jurisdiction that provides specific privacy rights (EU, UK, California), those rights apply to your data with us regardless of where Flowtora is incorporated.

Security

TLS in transit, AES-256 at rest, per-tenant data isolation, two-factor authentication, role-based access, and audited admin actions. Details on the security page.

Changes to this policy

We'll update this page when practices change, and give 30 days' notice via email to workspace owners for material changes. The “last updated” date above always reflects the current version.

Contact

Questions? Email privacy@flowtora.com or reach out through the contact form.