Privacy Policy

Innobi ("we," "our," or "us") operates the FlowCore platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using FlowCore, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

Information You Provide:

• Account Information: Name, email address, password (hashed)
• Payment Information: Processed securely by Stripe (we do not store card numbers)
• Profile Information: Optional profile picture, preferences
• User Content: Workflows, configurations, and data you create
• Communications: Support requests, feedback, emails

Information Collected Automatically:

• Usage Data: Pages visited, features used, workflow executions
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies, preference cookies (see Cookie section)
• Log Data: Access times, error logs, performance metrics

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information (confirmations, invoices)
• Send technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze usage trends to improve user experience
• Detect, prevent, and address technical issues and fraud
• Personalize your experience and deliver relevant content
• Comply with legal obligations

Where We Store Your Data:

Your data is stored on secure servers provided by our infrastructure partners:

• Azure: Database (PostgreSQL), Container Apps, and backend hosting
• Vercel: Frontend hosting (CDN)

Security Measures:

• All data transmitted over HTTPS/TLS encryption
• Passwords stored using industry-standard hashing (bcrypt)
• API credentials encrypted at rest (AES-256-GCM)
• Regular security audits and vulnerability assessments
• Access controls and principle of least privilege

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure.

We use the following third-party services that may have access to your information:

Note: When you use external AI APIs (OpenAI, Gemini, etc.), your prompts and responses are sent directly to those providers under their privacy policies.

Types of Cookies We Use:

• Essential Cookies: Required for authentication and basic functionality
• Preference Cookies: Remember your settings (theme, language)
• Analytics Cookies: Help us understand how you use the Service

Your Choices:

Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that some features of the Service may not function properly if cookies are disabled.

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

Retention Periods:

• Account Data: Until account deletion + 30 days
• Workflow Data: Until account deletion
• Usage Logs: 90 days
• Payment Records: 7 years (legal requirement)
• Support Communications: 2 years

Our Service is operated from Canada. If you are located outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada and other countries where our service providers are located.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

EU Users: We rely on Standard Contractual Clauses for transfers outside the EEA.

If you are in the EU/EEA (GDPR):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing for marketing or profiling
• Right to Withdraw Consent: Withdraw consent at any time

If you are in California (CCPA):

• Right to know what personal information we collect
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do NOT sell your data)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us at support@flowcore.work. We will respond within 30 days.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us.

What We Send:

• Transactional Emails: Purchase confirmations, security alerts (always sent)
• Product Updates: New features, improvements (can opt-out)
• Marketing Emails: Promotional content (can opt-out)

Opting Out:

You can unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us. Note that you cannot opt out of transactional emails related to your account.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we will also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the new Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@flowcore.work
• Website: flowcore.work

Data Controller: Innobi Software
Location: Ontario, Canada (Main) and Istanbul, Türkiye