Privacy Policy

Data Controller

Primary hosting location: Our Website is hosted on servers located in Germany (EU).

What We Collect

• Contact messages: when you reach out via our contact form, we process the information you provide (typically name and email, plus your message).
• Newsletter sign-ups: email address and optional name, managed via MailerLite (see “Processors”). Double opt-in may be used to confirm your address.
• Technical & usage data: standard web logs (IP address, browser type, device, pages viewed, timestamps) and cookie-related data used for analytics, security, and Website functionality.
• Support access (services): only if you explicitly engage us to help, we may access limited data in your environment for troubleshooting. We do not export or keep copies unless contractually required and agreed in writing.

Why We Use Your Data (Purposes & Legal Bases)

• Respond to inquiries (legitimate interest: running and growing our business; or pre-contractual steps at your request).
• Send newsletters and updates (consent; you can withdraw anytime via the unsubscribe link).
• Operate and protect the Website (legitimate interest: service reliability, security, fraud prevention — includes anti-spam via reCAPTCHA).
• Analytics and performance (consent where required under ePrivacy; otherwise legitimate interest for strictly necessary measurement).
• Legal compliance (to comply with applicable laws and requests from competent authorities).

Cookies & Similar Technologies

We use cookies and similar technologies to make the Website work, remember preferences, and understand how it’s used.

• Strictly necessary – required for security and basic features (cannot be turned off in our systems, e.g., reCAPTCHA cookies for bot prevention).
• Preferences – remember choices (e.g., language).
• Analytics – help us improve the Website (set only with your consent where required).
• Marketing – only if/when applicable and consented.

On your first visit, you’ll see a banner to choose your cookie preferences. You can change your choice anytime: Cookie Settings

For details (names, purposes, lifetimes), see our Cookie Policy

Data You Host vs. Data We Host

Client automations: Our service builds automation that runs on your systems (e.g., your servers, cloud accounts, or apps). We do not routinely host or store your operational/business data.

Support access: If you request implementation or troubleshooting assistance, we may act as a processor and access limited data in your systems under a separate agreement (see “Data Processing Addendum”). We access only what is necessary, and only for as long as needed to provide the service.

Processors & Recipients

We use carefully selected vendors to help us operate the Website and communications:

• MailerLite – email newsletter delivery and list management. We only share your email (and name if provided). Unsubscribe anytime via the link in our emails.
• Hosting (Germany, EU) – to host our Website and store server logs in the EU.
• Google reCAPTCHA – anti-spam and security on forms. reCAPTCHA may collect device and usage information (e.g., IP address, mouse movements, cookies) to distinguish humans from bots. Use is subject to Google’s Privacy Policy and Terms of Service. Classified as strictly necessary for security.
• Site Kit by Google – plugin that connects Google services (e.g., Google Analytics, Search Console). Where Analytics is enabled, cookies/identifiers may be used for measurement. We enable IP anonymization where supported and honor your consent choices.
• Analytics – privacy-respecting website analytics
• Security & anti-spam – services that help prevent abuse

These vendors process data on our behalf under data processing agreements and appropriate safeguards.

International Transfers

Our primary hosting is in Germany (EU). If any processor stores or accesses data outside the EEA/UK (e.g., Google), we rely on recognised transfer mechanisms such as the EU Standard Contractual Clauses and implement appropriate safeguards.

How Long We Keep Data

• Contact inquiries: typically up to 12 months after last interaction (unless a longer period is needed for legal reasons).
• Newsletter data: until you unsubscribe or your address bounces; minimal records may be kept to honor opt-out requests.
• Server logs: typically 30–90 days, unless required longer for security/investigation.
• Support access (services): only for the duration of the assistance; no copies retained unless contractually required.
• Analytics: per provider defaults or minimized/aggregated after a set period ▢ (e.g., 14 months for Google Analytics — adjust to your setup).

Your Rights (EEA/UK & Similar Frameworks)

Where applicable, you have the right to request: (i) access to your personal data; (ii) rectification; (iii) erasure; (iv) restriction of processing; (v) data portability; and (vi) to object to processing based on legitimate interests or direct marketing. Where processing is based on consent, you may withdraw consent at any time (this won’t affect prior lawful processing).

You also have the right to lodge a complaint with your local data protection authority. ▢ (If you’re Romania-based, this is ANSPDCP.)

To exercise your rights, please use our contact form: flowmesh.net/#contact.

Security

We use reasonable administrative, technical and organisational measures to protect personal data (e.g., TLS encryption in transit, access controls, least-privilege practices). Our Website is hosted in Germany (EU). No method of transmission or storage is 100% secure, but we work to safeguard information and limit what we collect.

Children’s Privacy

Our Website and services are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us for deletion.

Third-Party Links

The Website may link to third-party sites. Their privacy practices are governed by their own policies. We encourage you to review those policies when visiting third-party sites.

Data Processing Addendum (DPA) for Clients

When we provide automation implementation or support that involves processing personal data on your behalf, a DPA can apply. It sets out each party’s roles and obligations, including confidentiality, security, and deletion/return of data.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the latest version. Material changes will be highlighted on this page and, where appropriate, notified by email or banner.

Contact

For privacy requests or questions, please use our contact form: flowmesh.net/#contact. We avoid publishing a plain email address to reduce spam and protect your data.