Flowki Labs ("Flowki Labs", "we", "us", "our") is an AI-powered process automation platform operated by Flowki Labs. Our service is available at flowkinexus.com.
For GDPR purposes, Flowki Labs is the data controller of your personal data. For questions about this policy, see Section 14.
When you connect third-party services (Google, Slack), we store encrypted OAuth tokens to act on your behalf. We store only what's necessary and delete tokens immediately on disconnect.
If you submit your email on our waitlist, we store that email and the source of submission.
We log cookie consent decisions (accept/reject) with timestamp and anonymized IP to maintain compliance records.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and operate the service | Account data, process data, integration tokens | Contract performance |
| Authenticate you and prevent fraud | Email, password hash, IP, session data | Contract performance + legitimate interest |
| Execute your automations | Process config, integration tokens | Contract performance |
| Send transactional emails (e.g. invites) | Email address | Contract performance |
| Send product updates and marketing | Email address | Consent (opt-in) |
| Improve the service and fix bugs | Usage data, error logs | Legitimate interest |
| Comply with legal obligations | As required by law | Legal obligation |
For users in the European Economic Area (EEA), UK, or Switzerland, we rely on the following lawful bases under GDPR Article 6:
We do not sell, rent, or trade your personal data. We share it only with the following sub-processors to operate our service:
| Sub-processor | Purpose | Location | Data Shared |
|---|---|---|---|
| Render (render.com) | Web hosting & infrastructure | United States | All app data transits through Render servers |
| Neon (neon.tech) | PostgreSQL database | United States (AWS us-east-1) | All structured data (accounts, processes, runs) |
| Polsia (polsia.com) | Platform infrastructure & analytics | United States | Anonymized visitor analytics, subscription management |
| Anthropic (anthropic.com) | AI processing (Claude API) | United States | Process descriptions you submit for AI parsing |
| OpenAI (openai.com) | AI processing (GPT-4o mini) | United States | Process descriptions you submit for AI parsing |
| Google (google.com) | OAuth integration (user-controlled) | United States | Only when you connect Google — OAuth tokens |
| Slack (slack.com) | OAuth integration (user-controlled) | United States | Only when you connect Slack — OAuth tokens |
We may disclose data if required by law, court order, or to protect the safety of users or the public.
Flowki Labs is operated from the United States. If you are located in the EEA, UK, Switzerland, or another region with data transfer restrictions, your data will be transferred to and processed in the United States.
We rely on the following transfer mechanisms:
By using Flowki Labs, you acknowledge that your data may be transferred to the US. You may withdraw consent at any time by deleting your account.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data (email, name, password hash) | Until account deletion | Required to operate service |
| Process definitions | Until deleted by user or account deletion | User's work product |
| Process run history | 90 days rolling window | Debugging, analytics; older runs purged automatically |
| OAuth tokens (Google, Slack) | Until disconnected or account deleted | Required for integrations to function |
| Usage / error logs | 30 days | Security, debugging |
| Consent records | 3 years | Regulatory compliance |
| Waitlist emails | Until product launch or deletion request | Product communications |
| Team invite tokens | 7 days from creation | Security (auto-expired) |
When you delete your account, all data listed above is permanently deleted within 30 days, except for consent records retained for legal compliance and anonymized aggregate analytics that cannot be tied back to you.
If you are in the EEA, UK, or Switzerland, you have the following rights:
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights.
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address | Yes |
| Personal info (Cal. Civ. Code 1798.80) | Name, email address | Yes |
| Internet / network activity | Browsing history within app, feature usage | Yes |
| Inferences drawn | Automation preferences, feature patterns | Yes (internal only) |
| Financial information | Credit card, bank account | No (handled by Stripe) |
| Geolocation | Precise location | No |
| Biometric | Fingerprints, face ID | No |
| Sensitive personal information | SSN, health data, etc. | No |
No. Flowki Labs does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.
However, if you would like to formally opt out of any future sale or sharing of your personal information, use the link below:
Do Not Sell or Share My Personal Information →
To exercise California rights, email privacy@flowkilabs.com or use the self-service options in Settings. We respond within 45 days (extendable to 90 days with notice).
We set one essential cookie: your authentication token stored in localStorage under the key lc_token. This is required to keep you logged in. It cannot be disabled without breaking the service.
With your consent, we use Polsia Analytics (a first-party, privacy-focused analytics tool) to count page visits and track feature usage. This sets a polsia_vid identifier in localStorage. No data is shared with third-party advertising networks.
When you first visit, a cookie consent banner gives you the choice to accept or reject non-essential analytics. You can change your preference at any time in Settings → Privacy Preferences.
You can also clear cookies and localStorage through your browser settings. Note that clearing lc_token will log you out.
Despite these measures, no system is 100% secure. If you discover a security vulnerability, please email security@flowkilabs.com.
Flowki Labs is not directed to children under 16 (or 13 in the US). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it promptly.
We may update this policy from time to time. Material changes will be communicated via email (if you have an account) or a notice on our website at least 14 days before taking effect. The "last updated" date at the top of this page reflects the most recent version.
Continued use of Flowki Labs after the effective date constitutes acceptance of the updated policy.
For data requests, privacy questions, or to exercise your rights:
For GDPR-specific inquiries from EEA residents:
We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this by an additional 60 days with written notice.