Legal

Privacy policy

Last updated:

This page is the canonical privacy policy for the FlowChat marketing site (flowchat.com) and the FlowChat product (app.flowchat.com, chat.flowchat.com, widget.flowchat.com).

What we collect

  • Account data: name, work email, company, team membership. Used to provision admin and customer accounts.
  • Usage data: queries asked of the chat surface, timestamps, referring URL, anonymised IP. Used for billing, eval, and security monitoring.
  • Crawl data: the public-web content of the domains a tenant has authorised us to crawl. Stored per-tenant in R2 with object-lock retention.
  • Marketing analytics: aggregated, privacy-respecting page-view counters via Cloudflare Web Analytics. No third-party cookies, no fingerprinting.

How we use it

Account data is used to operate the product. Usage data drives billing and quality-of-service. Crawl data is the corpus that answers questions on a tenant's behalf. Marketing analytics show us which pages help conversion. We do not sell, license, or share any of this data with third parties for their own marketing purposes.

Sub-processors

Cloudflare (Workers AI, Vectorize, R2, D1, KV, AI Gateway, Browser Rendering, Logpush). Anthropic (Claude Sonnet 4.6 via AI Gateway, opt-in for premium routing). Cohere (Rerank 3.5 via AI Gateway). Stripe (billing). Postmark (transactional email). The current list is maintained in our DPA appendix — request via legal@flowchat.com .

Your rights

Access, correction, deletion, portability, and complaint, per GDPR Articles 15-22. We respond within 30 days. Data subject requests go to privacy@flowchat.com . Tenants can self-serve deletion of their corpus from the admin panel; account deletion requires email confirmation.

Retention

Account data is retained for the lifetime of the account plus 30 days after deletion. Usage data is retained for 90 days by default, configurable up to 7 years on Enterprise. Crawl data is held while the source is active and purged on revocation.

Contact

Privacy questions: privacy@flowchat.com . Data Protection Officer (when appointed): same address. EU representative (when appointed): listed in the DPA appendix.

Note: this is the public summary policy. The legally binding version, the full sub-processor list, and the DPA template are available on request and shipped with every Enterprise contract.