flowdeck

Privacy Policy

Last updated: April 26, 2026

1. Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, Flowdeck acts as the Data Controller. You can contact our team regarding privacy concerns at help@flowdeck.es or via our official support channels.

2. Information We Collect

We collect information necessary to provide, manage, and improve our services, including user accounts and subscriptions:

  • Account Information: When you create an account, we collect your email address, name, and profile picture (often provided via third-party authentication like Google).
  • User Content (Flows & Debriefs): Your flow diagrams and debriefs are stored locally in your device's cache. If you choose, you may connect your account to optionally back up this data directly to your personal Google Drive account. We do not permanently store your flow diagrams or debriefs on our servers.
  • Usage Data: We use Google Analytics to understand how visitors interact with our website and improve the user experience.
  • Payment Information: If you purchase a subscription or premium feature, payment processing is handled entirely by Stripe. We do not process or store your credit card information directly on our servers.

3. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a Contract: To provide you with your account, manage your subscriptions, and ensure the Flowdeck app functions properly.
  • Consent: When you interact with our cookie banner, you consent to our use of non-essential cookies for analytics. You can withdraw this consent at any time.
  • Legitimate Interests: To maintain the security of our platform, detect fraud, and temporarily sync real-time collaborative sessions.

4. Cookies and Authentication

We use cookies and similar technologies to manage your active session, keep you securely logged into your account, and remember your preferences. Essential cookies are required for the app to function. Non-essential tracking cookies (like Google Analytics) are only deployed if you explicitly grant consent via our cookie banner.

5. Third-Party Services & International Transfers

We utilize the following third-party services (sub-processors) to operate Flowdeck:

  • Google: For secure sign-in, optional Google Drive backups, and website analytics.
  • Supabase: For securely storing account data and temporary collaborative session data.
  • Stripe: For secure subscription and payment processing.
  • Vercel: For website hosting and infrastructure.

Because some of our service providers are based in the United States, your data may be transferred outside the European Economic Area (EEA). We ensure these international transfers are legally safeguarded, relying on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

6. Data Security & Retention

We implement reasonable industry-standard security measures to protect your account and data. Our retention policy is as follows:

  • Personal Data: We retain your personal account information for as long as your account is active.
  • Collaborative Sessions: If you use the real-time collaboration feature, your active flow is temporarily stored on our database to sync changes between users. This collaborative data is automatically deleted from our servers 30 minutes after the session ends or is last updated.

7. Your GDPR Data Rights

If you reside in the EEA or UK, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can update or correct inaccurate data directly via your profile dashboard.
  • Right to Erasure ("Right to be Forgotten"): You can permanently delete your account and all associated data at any time using the "Delete Account" button in your profile settings.
  • Right to Restrict Processing & Right to Object: You can object to our processing of your data under legitimate interests or withdraw your consent for analytics at any time.
  • Right to Data Portability: You can request to export your data in a structured, commonly used format.
  • Rights related to Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or significant effects concerning you.

8. Contact Us

If you have any questions about this Privacy Policy, your account data, or wish to exercise your data rights, please contact us via our social media channels linked in the footer or email help@flowdeck.es.