FlowApp

GDPR Readiness & Data Protection

Our commitment to implementing GDPR principles and protecting your personal data

Last updated: July 19, 2024

Language Notice

Our legal documents are provided in English as the authoritative version. While navigation and interface elements are available in multiple languages, the legal content remains in English to ensure accuracy and legal validity. This is standard practice for B2B enterprise software platforms.

For questions about these documents in your local language, please contact our legal team at legal@flowapp.com

GDPR Implementation Status

FlowApp is actively implementing GDPR principles and data protection standards. We are committed to respecting your privacy rights and handling personal data responsibly. As a self-hosted platform, many data protection responsibilities lie with our customers, but we provide the tools and policies to support GDPR compliance.

1Current GDPR Implementation

Implemented

  • • Data minimization principles
  • • User consent mechanisms
  • • Privacy by design approach
  • • Data retention policies
  • • Basic user rights support
  • • Privacy policy transparency

In Progress

  • • Enhanced data subject request handling
  • • Data processing impact assessments
  • • Third-party processor agreements
  • • Automated data deletion workflows
  • • Advanced consent management
  • • Regular compliance auditing

Timeline: We are continuously enhancing our GDPR implementation throughout 2025, with quarterly reviews and improvements to our data protection practices.

2Data Subject Rights

We respect and facilitate the following GDPR data subject rights:

Right to Access

Request a copy of your personal data we process

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data

Right to Portability

Receive your data in a structured, machine-readable format

How to Exercise Your Rights: Contact our privacy team at privacy@flowapp.comwith your request. We aim to respond within 30 days as required by GDPR.

3Lawful Basis for Processing

We process personal data based on the following lawful bases under GDPR Article 6:

Legitimate Interest

Processing necessary for software functionality, security, and business operations

Contract Performance

Processing necessary to provide FlowApp services under our terms of service

Consent

Where you have provided specific consent for certain processing activities

4Data Protection Security

We implement appropriate technical and organizational measures to protect personal data:

Technical Measures

  • • Encryption in transit (TLS 1.3)
  • • Encryption at rest (AES-256)
  • • Access controls and authentication
  • • Regular security updates
  • • Secure data storage practices

Organizational Measures

  • • Privacy by design principles
  • • Data processing documentation
  • • Staff training on data protection
  • • Regular privacy impact assessments
  • • Incident response procedures

5GDPR Contact & Support

Data Protection Contact

Privacy Team: privacy@flowapp.com

Data Protection Officer: privacy@flowapp.com

Response Time: Within 30 days (as required by GDPR)

Enterprise Customers

For enterprise deployments, we provide additional GDPR support including:

  • • Data Processing Agreements (DPA)
  • • Privacy impact assessment assistance
  • • Custom data retention policies
  • • Dedicated privacy consultation
GDPR Readiness - Data Protection Compliance | FlowApp