Privacy Policy

Effective Date: February 20, 2024

1.1 Personal Information

When you register on our site, subscribe to our newsletter, fill out a form, or use our services, we may collect the following personal information:

• Identity Information: Full name, username, profile picture
• Contact Information: Email address, phone number, mailing address
• Account Information: Password, account preferences, profile settings
• Payment Information: Credit card details, billing address (processed securely via Stripe)
• Professional Information: Job title, company name, industry

1.2 User-Generated Content

When you use our services, we may collect:

• Content you create, upload, or share on our platform
• Comments or feedback you provide
• Interactions with other users or content on the platform

1.3 Usage Information

We automatically collect certain information about how you interact with our website and services:

• Device Information: Browser type, operating system, device type, screen resolution
• Log Data: IP address, access times, pages viewed, links clicked, features used
• Location Data: General location based on IP address (not precise GPS location)

1.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior and preferences. This may include:

• Pages you visit
• Time spent on pages
• Links clicked
• Preferences and settings

1.5 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms, if you choose to link your account
• Business partners or service providers
• Publicly available sources

1.6 Communication Information

If you contact us directly, we may receive additional information about you, such as:

• The contents of your message
• Any attachments you send us
• The date and time of your communication

1.7 Survey and Marketing Information

If you choose to participate in our surveys or marketing activities, we may collect:

• Your opinions and feedback
• Information about your preferences and interests
• Responses to questionnaires or forms

1.8 How We Collect Information

We collect information through various methods:

• Direct Interactions: Information you provide when you create an account, use our services, or communicate with us.
• Automated Technologies: Information collected automatically through cookies and similar technologies when you use our website or services.
• Third Parties: Information we receive from our business partners, analytics providers, or other third parties.

We only collect personal information that is necessary for the purposes described in this Privacy Policy. You may choose not to provide certain information, but this may limit your ability to use some features of our service.

2.1 Provide and Maintain Services

• To create and manage your account
• To authenticate your identity and provide access to our platform
• To process and fulfill your requests, orders, and transactions
• To provide customer support and respond to your inquiries
• To send administrative messages, updates, and security alerts

2.2 Personalize User Experience

• To customize content and features based on your preferences and usage patterns
• To recommend relevant content, connections, or features within our platform
• To tailor marketing communications to your interests (with your consent where required)

2.3 Improve and Develop Services

• To analyze usage patterns and trends to improve our website and services
• To conduct research and development for new features and functionalities
• To troubleshoot issues and debug our platform
• To measure the effectiveness of our services and user satisfaction

2.4 Communication

• To send you important information about your account, our services, or changes to our policies
• To deliver marketing communications, promotional offers, and newsletters (where you have opted in)
• To invite you to participate in surveys or provide feedback

2.5 Protect Our Services and Users

• To detect, prevent, and address fraud, security breaches, and other potentially illegal activities
• To enforce our Terms of Service and other policies
• To protect the rights, property, or safety of flowspot, our users, and the public

2.6 Legal Compliance and Business Transfers

• To comply with applicable laws, regulations, and legal processes
• To respond to lawful requests from public authorities
• To establish, exercise, or defend legal claims
• In connection with a business transaction such as a merger, acquisition, or sale of assets

2.7 Analytics and Reporting

• To generate aggregated, non-identifying analytics and reports on platform usage and trends
• To measure the performance of our marketing campaigns and business strategies

2.8 Collaborative Features

• To facilitate interactions between users on our platform
• To display user-generated content and contributions within the service

2.9 Payment Processing

• To process payments and prevent fraudulent transactions (in partnership with our payment processor)
• To maintain accurate billing records

2.10 Service Optimization

• To ensure our services are functioning properly and efficiently
• To optimize the delivery of our content and services based on your device and connection

3.1 Data Encryption

• We use industry-standard Secure Socket Layer (SSL) technology to encrypt all data in transit between your device and our servers.
• Sensitive information, such as passwords and payment details, is encrypted at rest using industry standard encryption algorithms and best practices.

3.2 Access Controls

• We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access user data.
• Access to personal information is granted on a need-to-know basis and audited regularly.
• We use multi-factor authentication for administrative access to our systems.

3.3 Network Security

• Our infrastructure is protected by advanced firewalls and intrusion detection systems.
• We regularly perform vulnerability scans and penetration tests to identify and address potential security weaknesses.

3.4 Data Centers

Our data centers are compliant with industry standards such as ISO 27001 and SOC 2.

3.5 Regular Security Audits and Compliance

• We conduct regular internal and external security audits to ensure the effectiveness of our security measures.
• Our security practices are designed to comply with relevant industry standards and regulations, including GDPR and CCPA.

3.6 Employee Training and Policies

• All employees undergo regular security awareness training.
• We maintain strict internal policies and procedures for data handling and privacy protection.

3.7 Incident Response Plan

• We have a comprehensive incident response plan in place to quickly address any potential security breaches or data incidents.
• Our team is trained to detect, respond to, and mitigate security threats promptly.

3.8 Third-Party Security

We carefully vet all third-party service providers and ensure they adhere to strict security standards.

3.9 Secure Payment Processing

• All payment information is processed securely through our PCI-DSS compliant payment processor, Stripe.
• We do not store full credit card details on our servers.

3.10 Ongoing Monitoring and Improvement

• We continuously monitor our systems for suspicious activities and potential security threats.
• Our security measures are regularly reviewed and updated to address emerging threats and technologies.

4.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf. These providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Examples of service providers include:

• Cloud hosting and storage providers
• Payment processors
• Analytics and data analysis services
• Customer support and communication tools
• Marketing and advertising partners (for targeted advertising with your consent)

We ensure that all service providers are contractually bound to protect your personal information and comply with applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). We may also disclose your information to:

• Comply with a legal obligation
• Protect and defend the rights or property of flowspot
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

4.3 Business Transfers

If flowspot is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

4.4 With Your Consent

We may share your personal information for any other purpose with your explicit consent.

4.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for industry analysis, demographic profiling, and other purposes.

4.6 Social Media Features and Widgets

Our Service includes social media features, such as the Facebook Like button, and widgets, such as the Share This button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Service. Your interactions with these features are governed by the privacy policy of the company providing them.

4.7 Public Forums

Certain features of our Service may enable you to post content publicly, such as user profiles or comments. Any information you provide in these areas may be read, collected, and used by others who access them. You can request the removal of your personal information from our blog or community forum by contacting us at support@flowspot.ai.

4.8 Business Partners

We may share your information with our business partners to offer you certain products, services, or promotions that may be of interest to you. Before sharing your information for this purpose, we will obtain your opt-in consent.

4.9 Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

4.10 Data Protection Measures

Whenever we share your personal information with third parties, we ensure that:

• The sharing is for a legitimate purpose as outlined in this Privacy Policy
• The recipient has appropriate security measures in place to protect your information
• The sharing complies with applicable data protection laws
• Where required by law, we have appropriate data processing agreements in place

4.11 International Data Transfers

If we share your personal information with entities located in countries other than your own, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms.

We respect your rights concerning your personal information. Depending on your location and applicable laws, you may have several rights regarding the data we hold about you. This section outlines these rights and explains how you can exercise them.

5.1 Your Rights

Depending on your jurisdiction, you may have the following rights:

1. Right to Access: You have the right to request information about the personal data we hold about you and to obtain a copy of that data.
2. Right to Rectification: If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to ask us to correct or update it.
3. Right to Erasure (Right to be Forgotten): In certain circumstances, you have the right to request that we delete your personal information.
4. Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain conditions.
5. Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
6. Right to Object: You have the right to object to our processing of your personal information, under certain conditions.
7. Right to Withdraw Consent: If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time.
8. Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.
9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates applicable data protection laws.

5.2 How to Exercise Your Rights

To exercise any of these rights, please follow these steps:

1. Submit a Request: Send an email to support@flowspot.ai with the subject line "Privacy Rights Request". In your email, please specify which right(s) you wish to exercise and provide any relevant details that will help us process your request.
2. Verify Your Identity: To protect your privacy and security, we may need to verify your identity before processing your request. We may ask you to provide additional information for verification purposes.
3. Our Response: We will respond to your request within the timeframe required by applicable law (typically within 30 days for GDPR requests and 45 days for CCPA requests). If we need more time to process your request, we will notify you and explain the reason for the delay.

5.3 Additional Information

• No Fee Usually Required: You will not have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
• What We May Need from You: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
• Timescale for Response: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

5.4 Limitations

While we will make every effort to honor your requests, please note that there may be instances where we are unable to do so due to legal requirements or other legitimate reasons. In such cases, we will explain our decision and inform you about your rights to appeal or file a complaint.

5.5 Third-Party Services

Please be aware that our service may contain links to third-party websites or services that are not owned or controlled by flowspot. We are not responsible for the privacy practices of such third parties. We encourage you to be aware when you leave our service and to read the privacy policies of each website you visit.

5.6 Updates to Your Information

You can review, update, or delete certain personal information directly within your account settings. If you are unable to change your personal information, please contact us to make the required changes.

5.7 Communication Preferences

You can opt out of receiving promotional communications from us by following the unsubscribe instructions provided in such communications. Please note that even if you opt out of promotional communications, we may still send you non-promotional communications, such as those about your account, service announcements, or responses to your requests.

If you have any questions about your rights or how to exercise them, please don't hesitate to contact us at support@flowspot.ai. We are committed to helping you understand and control your personal information.

6.1 What are Cookies and Tracking Technologies?

• Cookies: Small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie.
• Web Beacons: Small graphic images or other web programming code called web beacons (also known as "1x1 GIFs" or "clear GIFs") may be included in our web pages and email messages.
• Pixels: Tiny graphics with a unique identifier, similar in function to cookies, used to track online movements of web users.
• Scripts: Pieces of code that are run on our website to enable various functionality.
• Local Storage: A way to store data locally in your browser, similar to cookies but with larger storage capacity.

6.2 How We Use These Technologies

We use cookies and similar technologies for various purposes, including:

1. Essential Functionality: To enable core features of our platform and remember your preferences.
2. Analytics and Performance: To analyze how visitors use our website, which pages are popular, and to improve our service.
3. Personalization: To remember your settings and provide personalized content and recommendations.
4. Advertising: To deliver targeted advertising based on your interests and browsing behavior.
5. Security: To enhance the security of our service and detect fraudulent activity.

6.3 Types of Cookies We Use

1. Session Cookies: These temporary cookies expire when you close your browser.
2. Persistent Cookies: These remain on your device until they expire or you delete them.
3. First-Party Cookies: Set by flowspot directly.
4. Third-Party Cookies: Set by our partners and service providers.

6.4 Third-Party Technologies

We may allow third parties to use cookies and other tracking technologies to collect information about you when you use our platform. These third parties may include:

• Analytics providers (e.g., Google Analytics)
• Advertising networks
• Social media platforms

These third parties may use this information to provide measurement services or target ads. We do not control these third parties' tracking technologies or how they may be used.

6.5 Your Choices and Controls

You have several options to control or limit how we and our partners use cookies and similar technologies:

1. Browser Settings: Most browsers allow you to refuse or accept cookies. You can usually modify your browser settings to disable or reject cookies.
2. Cookie Consent Tool: We provide a cookie consent management tool when you first visit our site, allowing you to select your cookie preferences.
3. Opt-Out Links: For third-party cookies, you can often opt-out directly with the third party. For example:
   • Google Analytics: https://tools.google.com/dlpage/gaoptout
   • Network Advertising Initiative: http://optout.networkadvertising.org/
4. Do Not Track: Some browsers have a "Do Not Track" feature that signals to websites that you don't want to be tracked. We currently do not respond to "Do Not Track" signals.

Please note that if you choose to block cookies, some features of our service may not function properly.

6.6 Updates to This Cookie Policy

We may update our use of cookies and similar technologies from time to time. We encourage you to periodically review this section for the latest information.

6.7 More Information

If you have any questions about our use of cookies and similar technologies, please contact us at support@flowspot.ai.

We operate globally and may transfer your personal information to countries other than the one in which you reside. This section explains how we handle international data transfers and the measures we take to protect your data.

7.1 Cross-Border Data Transfers

Due to the global nature of our operations, we may transfer, process, and store your information on servers located in various countries, including the United States and countries in the European Economic Area (EEA). This means that your personal information may be transferred to a country with data protection laws that may be different from those in your country of residence.

7.2 Legal Basis for Transfers

When we transfer personal data from the EEA to countries that have not been deemed to provide an adequate level of data protection by the European Commission, we rely on one or more of the following legal mechanisms:

• Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses in contracts with service providers and other third parties to ensure that any personal data leaving the EEA will be transferred in compliance with EU data protection law.
• Derogations: In certain situations, we may rely on derogations for specific situations as set forth in Article 49 of the GDPR. For example, when the transfer is necessary to perform a contract with you or when you have explicitly consented to the proposed transfer after having been informed of the possible risks.

7.3 Safeguards for International Transfers

We implement appropriate safeguards to ensure that your personal information remains protected according to this Privacy Policy, regardless of where it is processed or stored. These safeguards include:

• Encryption: We use industry-standard encryption methods to protect data in transit and at rest.
• Access Controls: We restrict access to personal information to only those employees, contractors, and agents who need to know that information to process it for us.
• Data Protection Agreements: We enter into data protection agreements with our service providers and partners that process personal information on our behalf.
• Privacy Impact Assessments: We conduct privacy impact assessments for major new processing activities, especially those involving new technologies.
• Employee Training: Our employees are trained on data protection principles and our data handling practices.

7.4 Transfers to Third Countries

In cases where we transfer personal data to countries outside the EEA that are not recognized by the European Commission as providing an adequate level of data protection, we take extra steps to safeguard your information. These may include:

• Contractual Safeguards: Implementing additional contractual safeguards beyond the Standard Contractual Clauses.
• Technical Measures: Employing additional technical measures to enhance data protection during transfer and processing.
• Organizational Measures: Implementing organizational policies and procedures to ensure consistent handling of personal data across our global operations.

7.5 Your Rights Regarding International Transfers

You have the right to request information about the specific safeguards we use for transferring your personal information outside of your country. To exercise this right, please contact us at support@flowspot.ai.

7.6 Updates to International Transfer Mechanisms

We continually monitor changes in international data transfer regulations and mechanisms. If there are any changes to the international transfer mechanisms we rely on, we will update our practices accordingly and inform you of any significant changes.

7.7 Data Localization

In some cases, where required by local law or where we determine it to be necessary, we may store and process your personal information locally in your country of residence.

7.8 Consent for International Transfers

By using our services and providing your information, you consent to the transfer, storage, and processing of your personal information in countries outside your country of residence. If you do not agree to these international transfers, please do not use our services.

7.9 Questions About International Transfers

If you have any questions or concerns about our international data transfer practices, please don't hesitate to contact us at support@flowspot.ai. We are committed to being transparent about our data practices and will provide you with additional information upon request.

8.1 General Retention Principles

• We retain personal information for the shortest time necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
• The retention period for specific types of personal information may vary depending on the nature of the data and the purpose for which it was collected.
• We regularly review our data retention practices to ensure we're not keeping data longer than necessary.

8.2 Retention Periods for Different Types of Data

While specific retention periods may vary based on legal requirements and operational needs, here are general guidelines for different types of data:

• Account Information: Retained for the duration of your active account, plus a reasonable period after account closure to handle any follow-up queries or legal requirements.
• Transaction Data: Retained for a period of 7 years to comply with financial regulations and tax requirements.
• Communication Records: Emails and support tickets are typically retained for 2 years after the last interaction.
• Usage Data: Anonymized usage data may be retained indefinitely for analytical purposes.
• Marketing Preferences: Retained until you opt-out or request deletion.
• User-Generated Content: Retained for as long as your account is active, unless you specifically request its deletion.

8.3 Data Retention in Specific Scenarios

• Inactive Accounts: If your account becomes inactive for an extended period (typically 2 years), we may contact you to confirm if you wish to maintain your account. If we receive no response, we may proceed to close the account and delete or anonymize the associated personal data.
• After Account Closure: When you close your account, we typically retain certain information for a limited period to:
  • Respond to any questions about the account
  • Detect and prevent fraudulent activity
  • Comply with legal obligations
• Legal Holds: In some cases, we may need to retain information for an extended period due to legal obligations, ongoing investigations, or pending litigation. In such cases, the relevant data will be preserved until the legal hold is lifted.

8.4 Data Minimization and Anonymization

• We practice data minimization, collecting and retaining only the personal information necessary for our specified purposes.
• Where possible, we anonymize or pseudonymize personal data rather than deleting it entirely, allowing us to retain useful analytics data without compromising individual privacy.

8.5 Deletion and Destruction Processes

• When personal data reaches the end of its retention period, we have processes in place to securely delete or anonymize it.
• Our deletion processes ensure that data is irretrievably destroyed and cannot be recovered.
• For data stored on physical media, we use secure destruction methods that comply with industry standards.

8.6 Your Rights Regarding Data Retention

• You have the right to request deletion of your personal data at any time, subject to certain limitations (e.g., we may need to retain some information to comply with legal obligations).
• If you request deletion of your data, we will endeavor to do so promptly, usually within 30 days, unless there is a valid reason for extended retention.

9.1 External Links

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by flowspot. These links are provided for your convenience and information. It's important to note that:

• We do not endorse or make any representations about third-party websites or services.
• We are not responsible for the content, privacy policies, or practices of any third-party websites or services.
• Clicking on these links or enabling these connections may allow third parties to collect or share data about you.

9.2 Third-Party Services Integration

flowspot may integrate with or use third-party services to enhance functionality. These may include, but are not limited to:

• Analytics providers (e.g., Google Analytics)
• Customer support tools
• Payment processors
• Social media platforms
• Cloud storage providers
• Marketing and advertising partners

9.3 Data Sharing with Third Parties

When you use these integrated services or click on third-party links, you may be sharing information with these third parties. The information collected by these third parties is governed by their respective privacy policies. We encourage you to review the privacy policies of any third-party sites or services before providing any personal information or using their services.

9.4 Third-Party Cookies and Tracking

Third-party services may use cookies, web beacons, or other tracking technologies to collect information about you when you use our website or services. These technologies allow third parties to track your online activities over time and across different websites. For more information about cookies and tracking technologies, please refer to Section 6 of this Privacy Policy.

9.5 Social Media Features

Our services may include social media features, such as the Facebook "Like" button or Twitter sharing widgets. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.

9.6 User-Generated Content

If you submit any information to third-party sites or services (for example, by posting a comment on a third-party social media page), your activity may be governed by the third party's privacy policy. We do not control how these third parties may collect, use, or disclose your information.

9.7 Security of Third-Party Services

While we strive to work with reputable third-party services and implement reasonable security measures in our own systems, we cannot guarantee the security of any information that you transmit to third-party sites or services. You do so at your own risk.

9.8 Changes to Third-Party Services

We may update, change, or remove third-party integrations from our services at any time. We will make reasonable efforts to notify you of any significant changes to our third-party integrations that may affect your privacy.

9.9 Opting Out of Third-Party Services

In some cases, you may be able to opt-out of certain data collection or use by third parties. Please refer to the respective third party's privacy policy and settings to learn more about their data practices and any available opt-out options.

9.10 Responsibility for Third-Party Content

flowspot is not responsible for the content, accuracy, or opinions expressed on third-party websites or services. The inclusion of any link or integration does not imply endorsement by flowspot of the site or service.

9.11 Reporting Issues

If you encounter any issues or have concerns about a third-party website or service linked from our platform, please report it to us at support@flowspot.ai. We appreciate your feedback and will investigate any reported issues.

10.1 Age Restrictions

Our services are not intended for use by children under the age of 13. Users must be at least 13 years old to create an account and use our platform. If you are under 13, please do not attempt to register for our services or send any personal information about yourself to us.

10.2 Collection of Children's Data

We do not knowingly collect, use, or disclose personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

10.3 Parental Consent

If you are a parent or guardian and you believe that your child under 13 may have provided personal information to us, please contact us immediately at support@flowspot.ai. We will work with you to ensure that such information is promptly removed from our records.

10.4 Educational Use

If flowspot is being used by a school or educational institution with users under 13, we ensure compliance with the Children's Online Privacy Protection Act (COPPA) by contractually requiring such institutions to obtain parental consent for the use of our services by children.

10.5 Changes to Children's Information

Parents or guardians can review, update, or delete any personal information about their child that may have been inadvertently collected. To do so, please contact us at support@flowspot.ai.

10.6 Third-Party Services

Our service may include links to third-party websites or services that are not owned or controlled by flowspot. We are not responsible for the privacy practices or the content of such third-party services. We encourage parents to review the privacy policies of any third-party sites their children may access through our service.

10.7 Compliance with Laws

We comply with the requirements of COPPA (Children's Online Privacy Protection Act) and other applicable laws and regulations concerning children's privacy.

10.8 Notification of Changes

If we make material changes to how we treat children's personal information, we will notify parents and guardians through a notice on our website.

10.9 Contact Us

If you have any questions about our practices regarding children's privacy or if you believe that we have inadvertently collected information from a child under 13, please contact us immediately at:

We are committed to protecting children's privacy and will respond promptly to any concerns or inquiries regarding this matter.

11.1 Regular Reviews

We regularly review this Privacy Policy to ensure it accurately reflects our data practices and complies with current laws and regulations. Minor changes may be made without notice to correct typographical errors, improve clarity, or update contact information.

11.2 Notification of Changes

For significant changes that affect your rights or how we use your personal information, we will provide prominent notice through one or more of the following methods:

• Posting a notification on our website
• Sending an email to the address associated with your account
• Displaying a banner or pop-up notice within our application
• Updating the "Effective Date" at the top of this Privacy Policy

11.3 Material Changes

Material changes may include, but are not limited to:

• Changes to the types of personal information we collect
• New purposes for collecting or using your personal information
• Changes to how we share your information with third parties
• Introduction of new data processing technologies
• Updates due to new legal requirements or significant company changes (e.g., mergers or acquisitions)

11.4 Prior Notice

When possible, we will provide notice of significant changes before they become effective, typically at least 30 days in advance. This allows you time to review the changes and consider their impact on your use of our services.

11.5 Continued Use of Our Services

Your continued use of flowspot's services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with the changes, you should discontinue using our services and contact us to close your account.

11.6 Archived Versions

We maintain archived versions of our previous Privacy Policies for your reference. If you wish to access a previous version, please contact us at support@flowspot.ai.

11.7 User Rights and Choices

Remember that regardless of changes to our Privacy Policy, you always retain certain rights regarding your personal information, as outlined in Section 5 of this policy. If a change to our policy affects your rights or our obligations under applicable data protection laws, we will ensure that we obtain your consent where required.

11.8 Questions About Changes

If you have any questions or concerns about changes to our Privacy Policy, please don't hesitate to contact us at support@flowspot.ai. We're here to help explain any modifications and address your privacy concerns.

11.9 Staying Informed

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your personal information. While we will make efforts to notify you of significant changes, it is ultimately your responsibility to keep track of updates to this policy.

11.10 Conflict with Other Agreements

In the event of any conflict between this Privacy Policy and any other agreement you have with flowspot, the terms of this Privacy Policy will control unless the other agreement specifically states otherwise.

12.1 General Inquiries

For general questions about our Privacy Policy or data practices:

Email: support@flowspot.ai

12.2 Data Subject Rights Requests

To exercise your data subject rights (e.g., access, correction, deletion of your personal information):

Email: support@flowspot.ai Subject Line: "Data Subject Rights Request"

Please include in your email:

• The specific right you wish to exercise
• Your full name
• The email address associated with your flowspot account
• Any additional information that may help us process your request

We will respond to your request within the timeframe required by applicable law.

12.3 Security Concerns

If you believe you have identified a security vulnerability or have concerns about the security of your data:

Email: support@flowspot.ai Subject Line: "Security Concern"

12.4 Complaints

If you wish to make a complaint about how we have handled your personal information:

Email: support@flowspot.ai Subject Line: "Privacy Complaint"

We take all complaints seriously and will respond promptly.

12.5 Mailing Address

For written correspondence:

12.6 Response Time

We strive to respond to all inquiries within 2 business days. For complex issues or formal requests, our response time may be up to 30 days, in accordance with applicable laws.

12.7 Updates to Contact Information

We may update our contact information from time to time. The most current contact information will always be available in this Privacy Policy.

12.8 For California Residents

If you are a California resident and wish to exercise your rights under the California Consumer Privacy Act (CCPA), please use the email address above and include "CCPA Request" in the subject line.

12.9 For European Economic Area (EEA) Residents

If you are a resident of the EEA and wish to exercise your rights under the General Data Protection Regulation (GDPR), please use the email address above and include "GDPR Request" in the subject line.

12.10 Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. We may ask you to provide additional information for verification purposes.

13.1 Role of the Data Protection Officer

Our Data Protection Officer is responsible for:

1. Monitoring compliance with data protection laws and our internal policies
2. Advising on data protection obligations and conducting privacy impact assessments
3. Acting as a point of contact for data subjects and supervisory authorities
4. Coordinating responses to data subject requests
5. Overseeing data protection training for staff

13.2 Our Privacy Team

Supporting our DPO is a cross-functional privacy team that includes representatives from:

• Legal Department
• Information Technology
• Security
• Customer Support
• Human Resources

This team works together to ensure that privacy considerations are integrated into all aspects of our operations.

13.3 Contacting Our Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact our Data Protection Officer directly:

Email: support@flowspot.ai
Subject Line: "Attn: Data Protection Officer"

Postal Address:
Data Protection Officer
flowspot LLC
5850 W 3rd St Ste E #1091
Los Angeles, CA 90036
United States

13.4 What to Expect When You Contact Us

When you reach out to our Data Protection Officer:

1. We will acknowledge receipt of your inquiry within 3 business days.
2. We aim to provide a substantive response within 30 days, as required by most data protection regulations.
3. If your request is complex or we receive a high volume of requests, we may need additional time to respond. In such cases, we will notify you and keep you updated on our progress.

13.5 Types of Inquiries We Handle

Our Data Protection Officer and privacy team are equipped to handle a wide range of privacy-related matters, including:

• Requests to exercise your data protection rights (access, rectification, erasure, etc.)
• Questions about our data collection, use, or sharing practices
• Concerns about potential data breaches or security incidents
• Requests for additional information about our privacy practices
• Complaints about how we've handled your personal information

13.6 Commitment to Privacy

Our Data Protection Officer and privacy team are committed to:

• Transparency in our data practices
• Timely and thorough responses to your inquiries
• Continuous improvement of our privacy and data protection measures
• Staying updated on the latest developments in privacy law and best practices

13.7 Privacy by Design

Under the guidance of our DPO, we implement privacy by design principles across our organization. This means that privacy considerations are built into our products, services, and business processes from the ground up.

13.8 Regular Privacy Audits

Our DPO oversees regular privacy audits to ensure ongoing compliance with data protection laws and our internal policies. These audits help us identify and address potential privacy risks proactively.

13.9 International Cooperation

For matters involving international data transfers or cross-border privacy issues, our DPO works in coordination with privacy regulators and our international partners to ensure compliance with various regional data protection requirements.

13.10 Continuous Education

Our DPO leads ongoing privacy training and awareness programs for all employees, ensuring that everyone at flowspot understands the importance of data protection and their role in safeguarding personal information.

14.1 Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Such as name, email address, IP address, and account login details.
• Personal information categories listed in the California Customer Records statute: Such as contact information and payment information.
• Protected classification characteristics: Such as age and gender (if voluntarily provided).
• Commercial information: Such as products or services purchased, obtained, or considered.
• Internet or other similar network activity: Such as browsing history, search history, and information on a consumer's interaction with our website or application.
• Geolocation data: Such as approximate location derived from IP address.
• Professional or employment-related information: Such as job title and employer name (if voluntarily provided).
• Inferences drawn from other personal information: Such as profile reflecting preferences, characteristics, and behaviors.

14.2 Sources of Personal Information

We obtain the categories of personal information listed above from the following sources:

• Directly from you (e.g., forms you complete, products you purchase, or direct communications)
• Indirectly from you (e.g., from observing your actions on our website or app)
• From third-party service providers, such as analytics providers and advertising networks

14.3 Use of Personal Information

We may use or disclose the personal information we collect for one or more of the business purposes described in Section 2 of this Privacy Policy.

14.4 Sharing of Personal Information

In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose:

• Identifiers
• California Customer Records personal information categories
• Commercial information
• Internet or other similar network activity
• Geolocation data

We disclose your personal information for a business purpose to the following categories of third parties:

• Service providers
• Advertising networks
• Data analytics providers
• Social networks

14.5 Sale of Personal Information

In the preceding 12 months, we have not sold personal information. flowspot does not sell personal information of consumers, including those under 16 years of age.

14.6 Your Rights Under the CCPA

As a California resident, you have the following rights under the CCPA:

1. Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
2. Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
3. Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. However, we do not currently sell personal information.
4. Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA rights.

14.7 Exercising Your CCPA Rights

To exercise your rights described above, please submit a verifiable consumer request to us by:

• Emailing us at support@flowspot.ai

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

14.8 Verifiable Consumer Request

To submit a verifiable consumer request, you will be required to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

14.9 Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

14.10 Authorized Agent

You may designate an authorized agent to make a request under the CCPA on your behalf. We may require verification of the authorized agent's authority to act on your behalf before processing any request.

14.11 Limitation on Rights

Please note that these rights are not absolute, and in certain cases, we may decline to process your request, as permitted by law.

14.12 Updates to This CCPA Notice

We will update this notice annually and as necessary to reflect changes in our personal information practices or relevant laws.

15.1 Your GDPR Rights

As an EEA resident, you have the following rights under GDPR:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete any information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.

15.2 How to Exercise Your GDPR Rights

To exercise any of these rights, please contact us at support@flowspot.ai. We will respond to your request within 30 days. If we need more time to process your request, we will notify you and explain the reason for the delay.

15.3 Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

• Consent: In some cases, we process your data based on your explicit consent.
• Performance of a Contract: We may process your data when it's necessary for the performance of a contract to which you are a party.
• Legitimate Interests: We may process your data when it's necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and freedoms.
• Legal Obligation: We may process your data to comply with a legal obligation.

15.4 Data Protection Officer (DPO)

While not legally required to do so, flowspot has appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO at support@flowspot.ai.

15.5 International Data Transfers

When we transfer personal data from the EEA to countries not deemed to provide an adequate level of data protection, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

15.6 Data Protection Impact Assessments (DPIA)

We conduct DPIAs for processing operations that are likely to result in a high risk to the rights and freedoms of individuals, in accordance with GDPR requirements.

15.7 Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

15.8 Privacy by Design and Default

We implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed, in accordance with the principle of data minimization.

15.9 Records of Processing Activities

We maintain records of our processing activities as required by GDPR Article 30, including the purposes of processing, categories of personal data processed, and recipients of personal data.

15.10 Children's Data

If we collect personal data from children under 16 in the EEA, we will obtain parental consent as required by GDPR Article 8.

15.11 Automated Decision-Making and Profiling

If we engage in automated decision-making or profiling that significantly affects you, we will provide you with information about the logic involved and the significance and envisaged consequences of such processing for you.

15.12 GDPR Compliance Review

We regularly review and update our practices to ensure ongoing compliance with GDPR requirements. This includes periodic assessments of our data processing activities, security measures, and privacy policies.

15.13 Cooperation with Supervisory Authorities

We are committed to cooperating with EEA data protection authorities and complying with their decisions regarding our data processing activities.