Privacy Policy
Last updated: June 16, 2026
1. Overview
Flowfiy ("we", "our", or "the platform") is a multi-tenant SaaS platform that provides AI-powered outbound sales tooling. We take your privacy seriously. This policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have.
2. Data we collect
Account data
When you create an account: email address, name, and (optionally) Google profile data if you sign in with Google OAuth.
Connected accounts
When you connect your Gmail account so Flowfiy can send approved outreach on your behalf, the OAuth tokens are encrypted at rest using AES-256-GCM before storage. The encryption key is stored in our infrastructure environment variables and is never stored in the database. We cannot read your tokens in plaintext. The AI model and lead data sources are fully managed by Flowfiy — you never bring your own API keys.
Lead and outreach data
The plain-English descriptions of the leads you want, matching businesses and people we find and enrich, AI-generated qualification scores, and the cold emails and follow-ups we draft are stored in your workspace and are never shared with other tenants.
Usage data
We track credit usage to manage your subscription, process top-ups, and provide usage dashboards. We do not sell usage data.
Payment data
Payment processing is handled entirely by Razorpay. Flowfiy never stores credit card numbers or payment instrument details. We store only Razorpay subscription and customer IDs.
3. How we use your data
- To authenticate you and maintain your session
- To run the AI pipeline on your behalf using Flowfiy-managed AI and data providers
- To meter credit usage and reconcile it against your subscription and top-ups
- To send transactional emails (account verification, password reset)
- To improve platform reliability and fix bugs (aggregate, anonymized error data)
We do not use your lead data, outreach copy, or business profile to train AI models.
4. Data sharing
We do not sell your data. We share data with the following sub-processors only as necessary to operate the platform:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | US / EU |
| Railway | Background worker infrastructure | US |
| Upstash | Redis job queue | US |
| Razorpay | Payment processing (India) | India / Global |
| Stripe | Payment processing (international) | US / Global |
| Vercel | Web application hosting | Global CDN |
| Google (Gemini) | Managed AI inference for the pipeline | US / Global |
| Apify | Lead discovery (Google Maps & B2B sources) | US / EU |
| Prospeo | B2B email resolution | EU |
5. Data retention
- Account data: retained while your account is active and for 30 days after deletion
- Lead and outreach data: retained while your account is active; deleted within 30 days of account deletion
- Encrypted credentials: deleted immediately upon disconnecting an integration
- Usage events: retained for 12 months for billing reconciliation
6. Your rights
Depending on your location, you may have the right to:
- Access a copy of the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and associated data
- Object to processing of your data
- Data portability (export your leads and outreach copy as CSV/JSON)
To exercise any of these rights, email us at privacy@flowfiy.com.
7. Security
- All API credentials encrypted with AES-256-GCM at rest
- All data in transit encrypted with TLS 1.3
- Row-level security (RLS) enforces tenant isolation at the database level
- Authentication via Supabase Auth with JWT RS256 signing
- No plaintext storage of passwords or API keys anywhere in the system
8. Cookies
Flowfiy uses only essential cookies — session cookies required for authentication. We do not use third-party advertising or tracking cookies.
9. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before they take effect. Continued use of the platform after a policy update constitutes acceptance of the updated policy.
10. Contact
Questions about this privacy policy? Email privacy@flowfiy.com or write to: Flowfiy, Privacy Team.