Privacy Policy

Last updated: 2026-04-29

This notice is provided to help you understand how we process personal data in connection with our website and services. It is not legal advice; you should obtain independent counsel for your organisation’s compliance obligations.

1. Who is responsible?

The data controller for personal data described in this policy is FlowSight Inc. (“FlowSight”, “we”, “us”), unless we tell you otherwise (for example in a separate agreement for enterprise customers).

Postal / identity: FlowSight Inc., United States. A complete postal address is available on request to privacy@flowsight.com.

2. Contact & EU representative

Privacy questions and requests: privacy@flowsight.com

If we appoint an EU representative under Article 27 GDPR, we will publish their contact details here. Until then, you may contact us at the address above.

3. Scope

This policy applies to personal data we process through our marketing website (including forms and downloads), account areas where applicable, and related support channels. Product-specific processing may be described in separate documentation (for example a Data Processing Agreement for business customers).

4. Categories of personal data

Depending on how you use FlowSight, we may process:

  • Account & contact data: name, email, company, role, credentials (hashed where applicable).
  • Usage & technical data: IP address, device/browser type, timestamps, pages viewed, approximate location derived from IP, security logs.
  • Consent records: cookie/analytics preferences and related timestamps.
  • Communications: messages you send to support or sales.
  • Billing data (if applicable): processed by our payment provider; we receive limited billing metadata as needed for invoicing.

Our product is designed so that sensitive workspace content is processed locally where possible; this policy focuses on data processed in connection with operating the service and website.

5. Purposes and legal bases (GDPR Art. 6)

  • Delivering the service and website — Art. 6(1)(b) (contract) and Art. 6(1)(f) (legitimate interests in reliable operation).
  • Security, abuse prevention, and debugging — Art. 6(1)(f) (legitimate interests), and where strictly necessary Art. 6(1)(c) (legal obligation).
  • Aggregated analytics on this site — Art. 6(1)(a) (consent), where not strictly necessary.
  • Newsletters or marketing — Art. 6(1)(a) (consent) or Art. 6(1)(f) with opt-out where permitted by law.
  • Legal compliance — Art. 6(1)(c) where applicable.

6. Cookies & similar technologies

We use essential technologies to run the site and, only with your consent where required, aggregated analytics. See our Cookie Policy for details and how to withdraw consent.

7. Recipients & subprocessors

We use trusted infrastructure providers (for example hosting, databases, email delivery, and payment processing). They process personal data only on our instructions or as independent controllers as described in their terms, and we assess security and data protection terms with them.

A current list of key subprocessors is available on request for business customers and may be updated as our suppliers change.

8. International transfers

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission (and supplementary measures where required), or adequacy decisions, unless an exception applies.

9. Retention

We retain personal data only as long as necessary for the purposes above, including legal, accounting, and dispute-resolution needs. Retention periods vary by category (for example security logs vs marketing consents); contact us for more detail about a specific processing activity.

10. Your rights (GDPR Chapter III)

Subject to conditions in applicable law, you may have the right to:

  • Access, rectification, erasure, restriction, and data portability;
  • Object to processing based on legitimate interests (Art. 21);
  • Withdraw consent at any time where processing is consent-based (without affecting prior lawful processing);
  • Lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

To exercise rights, contact privacy@flowsight.com. We typically respond within one month (Art. 12(3) GDPR), subject to extension in complex cases as permitted by law.

11. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means in connection with the processing described in this website policy. If that changes, we will provide meaningful information and safeguards as required by law.

12. Children

Our services are not directed at children under 16 (or the age required in your jurisdiction). If you believe we have collected a child’s data, contact us and we will take appropriate steps.

13. Changes

We may update this Privacy Policy to reflect legal, technical, or business changes. We will post the updated version on this page and adjust the “Last updated” date. Where required, we will notify you or seek fresh consent.