Data Privacy Policy

1. Introduction

This Data Privacy Policy explains how flowPM ("we", "our", or "us") collects, uses, and protects your personal data when you use our project management application. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Data

• •Email address (required for account creation and authentication)
• •Full name (optional, for profile display)
• •Username (optional, for identification)
• •Avatar image (optional, if uploaded)

3.2 Workspace and Project Data

• •Workspace names, descriptions, and settings
• •Project information, tasks, notes, and files
• •Team member assignments and roles
• •Activity logs and timestamps

3.3 Payment Data

• •Subscription tier and status
• •Payment information is processed securely by Stripe (we do not store credit card details)
• •Billing history and invoices

3.4 Technical Data

• •IP address and browser information
• •Device information and operating system
• •Usage analytics and performance metrics

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• •Contract Performance: To provide our services and fulfill our contractual obligations to you
• •Legitimate Interests: To improve our services, ensure security, and prevent fraud
• •Consent: For optional features and marketing communications (where applicable)
• •Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

• •To provide and maintain our project management services
• •To authenticate users and manage accounts
• •To process payments and manage subscriptions
• •To enable collaboration and real-time synchronization
• •To send important service notifications and updates
• •To ensure security and prevent unauthorized access
• •To analyze usage patterns and improve our services
• •To comply with legal obligations

6. Data Sharing and Third-Party Services

We use the following third-party services to operate our application:

6.1 Supabase

We use Supabase for database storage, authentication, and file storage. Supabase is GDPR-compliant and processes data in accordance with their privacy policy. Data is stored in secure, encrypted databases.

Supabase Privacy Policy: https://supabase.com/privacy

6.2 Stripe

We use Stripe for payment processing. Stripe handles all payment data securely and is PCI DSS compliant. We do not store credit card information on our servers.

Stripe Privacy Policy: https://stripe.com/privacy

6.3 Data Sharing

We do not sell, rent, or trade your personal data. We only share data with third-party service providers necessary to operate our service, and only under strict contractual obligations to protect your data.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• •Encryption of data in transit (HTTPS/TLS)
• •Encryption of data at rest
• •Row Level Security (RLS) policies for database access
• •Regular security audits and updates
• •Access controls and authentication requirements
• •Secure backup and disaster recovery procedures

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• •Account Data: Retained while your account is active and for 30 days after account deletion
• •Workspace and Project Data: Retained until you delete it or your account is deleted
• •Payment Data: Retained as required by law (typically 7 years for tax and accounting purposes)
• •Technical Data: Retained for up to 12 months for security and analytics purposes

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• •
  Right of Access: You can request a copy of all personal data we hold about you
• •
  Right to Rectification: You can request correction of inaccurate or incomplete data
• •
  Right to Erasure: You can request deletion of your personal data (subject to legal obligations)
• •
  Right to Data Portability: You can request your data in a machine-readable format
• •
  Right to Object: You can object to processing of your data for legitimate interests
• •
  Right to Restrict Processing: You can request limitation of data processing
• •
  Right to Withdraw Consent: You can withdraw consent at any time (where applicable)

To exercise any of these rights, please contact us at privacy@flowpm.com. We will respond to your request within 30 days.

10. Cookies and Tracking

We use essential cookies and local storage to provide our services:

• •Authentication Cookies: Required for user login and session management
• •Preference Storage: To remember your settings and preferences
• •Analytics: We may use analytics to understand usage patterns (anonymized data)

You can control cookies through your browser settings, though this may affect functionality of our service.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our service providers, to protect your data in accordance with GDPR requirements.

12. Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: