Home

Privacy Policy (GDPR)

Flow Intelligence GmbH • Data Residency: Frankfurt, Germany (EU)

1. Information We Collect

We collect various types of information for numerous purposes to provide and improve our Flow CRM Service to you. The types of Personal Data collected may include:

  • Account Data: Email address, First name and last name, Phone number, Business details.
  • Usage Data: Information on how the Service is accessed and used, IP addresses, browser types, interaction metadata.
  • CRM Data (User Content): Information about your leads, contacts, deals, and communication history loaded into the platform. This data is strictly yours.
  • Audio Data (Neural Command Center): Temporary voice clippings used strictly for AI transcription and intent parsing.

2. Processing of AI & Voice Data

Zero-Retention Policy for Transient Data

For features powering the "Neural Command Center" and "Digital Twin" (Holiday Mode), we process voice inputs and text context through AI models (such as LLMs). We strictly enforce a Hard Delete policy for all temporary processing artifacts. Audio snippets are deleted immediately after transcription. We do not use your CRM data or audio to train global AI models.

3. EU Data Residency & Third-Party Processors

All core databases and Vector Stores (RAG Storage) are physically hosted on server infrastructure located within the European Union (e.g., AWS/Google Cloud regions in Frankfurt am Main).

To operate the Service, we utilize specialized third-party processors. Contracts (Data Processing Agreements) compliant with Article 28 GDPR are in place with all sub-processors. These include, but are not limited to:

  • Payment Gateways: Stripe, Inc. (Privacy Shield certified / SCCs).
  • Telephony & SMS: Twilio Inc., Sipgate GmbH.
  • Web Analytics & Hosting: Vercel Inc.

4. Cookies and Tracking Technologies

We use Cookies and similar tracking technologies to track activity on our Service and hold certain information. The cookies we use are strictly necessary for the operation of the Service (Session Management, Authentication, User Preferences). We do not deploy unauthorized third-party marketing cookies without obtaining explicit consent via our User Consent Banner.

5. Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights according to the General Data Protection Regulation (GDPR). Flow Intelligence GmbH aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • Right to Access: You can request a copy of the Personal Data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data about you.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your Personal Data when it is no longer necessary. This triggers a cascading "Hard Delete" across all our systems.
  • Right to Data Portability: You have the right to receive your data in a structured, machine-readable format.

6. Security of Data

The security of your data is of paramount importance to us. We implement industry-standard security measures including SSL/TLS encryption for data in transit and AES-256 encryption for data at rest. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We will also inform you via the Command Center interface prior to the changes becoming effective.

8. Contact the Data Protection Officer

If you have any questions about this Privacy Policy, please contact our Data Protection Officer:

Flow Intelligence GmbH
Attn: DPO
Tech-Campus 1
10115 Berlin, Germany
Email: privacy@flow-crm.app