Data protection & GDPR

Our approach

FlowSight Inc. designs FlowSight with privacy-by-design principles: minimisation, transparency, and strong security. This page summarises how EU GDPR fits into that programme. The full legal details are in our Privacy Policy and Cookie Policy.

Controller vs processor

For our website, accounts, and general service operation, we typically act as a controller for personal data we determine the purposes and means of processing.

For enterprise deployments, we may act as a processor on your instructions under a Data Processing Agreement (DPA). Commercial customers should rely on their contract and DPA for organisational obligations.

Exercising your GDPR rights

You may request access, rectification, erasure, restriction, portability, or object to certain processing, and withdraw consent where processing is consent-based. Email privacy@flowsight.com with your request and enough information to verify your identity (we may ask proportionate follow-up questions to protect account security).

Under Art. 12(3) GDPR we aim to respond within one month, extendable by two further months in complex cases with notice.

Supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or of an alleged infringement. A list of EU authorities is maintained by the European Data Protection Board (EDPB).

SOC 2 readiness (trust programme)

We maintain a security programme aligned with the AICPA Trust Services Criteria (Security, and where applicable Availability and Confidentiality) as a roadmap toward independent assurance. A SOC 2 report, when available, is typically shared with customers under confidentiality — it is not a substitute for your own legal or compliance assessment. See also our Trust & security overview.