1 Who We Are
GetFlowSuite is a workplace management software platform operated by GetFlowSuite ("we", "us", "our"). Our service is accessible at getflowsuite.com.
For data protection purposes, GetFlowSuite acts as the data controller for account and billing information, and as a data processor for the business data you and your employees enter into the platform.
For any privacy-related questions, contact us at contact@getflowsuite.com.
2 What Data We Collect
We collect only the data necessary to provide our services:
- Account data โ name, email address, company name, password (hashed, never stored in plain text)
- Workspace data โ employee names and emails, project names, resource allocations, timesheet entries, desk bookings
- Billing data โ subscription plan, payment status (payment card details are handled by Stripe and never stored by us)
- Usage data โ pages visited, features used, session duration, browser type, approximate location (country level)
- Communications โ emails you send to our support address
We do not collect sensitive personal data such as health information, racial or ethnic origin, political opinions, or financial account details beyond what is necessary for billing.
3 How We Use Your Data
We use your data solely to:
- Provide, maintain and improve the GetFlowSuite platform
- Authenticate users and manage access to workspaces
- Send transactional emails (password setup, account notifications)
- Process subscription payments
- Respond to support requests
- Analyse usage patterns to improve the product (anonymised)
- Comply with legal obligations
We never sell your data to third parties. We never use your data for advertising. We do not share your workspace data with any other customer or organisation.
4 Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data on the following legal bases:
- Contract performance โ processing necessary to provide the services you have subscribed to
- Legitimate interests โ improving our product, preventing fraud, ensuring security
- Legal obligation โ where we are required to retain data by law
- Consent โ for optional communications such as product updates (you may withdraw consent at any time)
5 Where Your Data Is Stored
All data is stored using Google Firebase infrastructure, hosted in europe-west1 (Belgium) โ within the European Economic Area (EEA).
- Data is encrypted at rest using AES-256
- Data is encrypted in transit using TLS 1.2+
- Google Firebase is ISO 27001 certified and SOC 2 Type II audited
- No data is transferred outside the EEA without adequate safeguards
Google Cloud's compliance certifications are available at cloud.google.com/security/compliance.
6 How Long We Keep Your Data
- Active accounts โ data is retained for as long as your subscription is active
- After cancellation โ data is retained for 30 days, then permanently deleted
- Backup data โ may be retained for up to 90 days in encrypted backups
- Legal obligations โ certain billing records may be retained for up to 7 years as required by law
You may request early deletion of your data at any time by contacting contact@getflowsuite.com.
7 Your Rights Under GDPR
If you are located in the EEA or UK, you have the following rights regarding your personal data:
- Right of access โ request a copy of all personal data we hold about you
- Right to rectification โ request correction of inaccurate data
- Right to erasure โ request deletion of your personal data ("right to be forgotten")
- Right to restriction โ request that we limit how we process your data
- Right to portability โ receive your data in a machine-readable format
- Right to object โ object to processing based on legitimate interests
- Right to withdraw consent โ where processing is based on consent
To exercise any of these rights, contact us at contact@getflowsuite.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8 Third-Party Subprocessors
We use a small number of trusted third-party services to operate GetFlowSuite:
- Google Firebase โ database, authentication, cloud functions (EU region)
- SendGrid (Twilio) โ transactional email delivery
- Netlify โ web hosting and content delivery
- Stripe โ payment processing (when applicable)
- Google Analytics โ anonymised website usage analytics
All subprocessors are bound by data processing agreements and operate in compliance with GDPR. We do not share your workspace data (employee records, timesheets, allocations) with any of these providers beyond what is technically necessary to deliver the service.
10 Security
We take security seriously and implement appropriate technical and organisational measures including:
- All data encrypted at rest and in transit
- Firebase Security Rules restricting data access to authenticated workspace members only
- No cross-workspace data access โ each organisation's data is fully isolated
- Regular review of access controls and permissions
- No plain-text password storage โ passwords are hashed by Firebase Authentication
If you discover a security vulnerability, please report it responsibly to contact@getflowsuite.com.
11 Children's Privacy
GetFlowSuite is a business tool intended for use by organisations and their employees. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately.
12 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify account administrators by email at least 14 days before material changes take effect.
Your continued use of GetFlowSuite after changes take effect constitutes acceptance of the revised policy.
13 Contact Us
For any privacy-related questions, data subject requests, or to request a Data Processing Agreement (DPA), please contact us:
- Email: contact@getflowsuite.com
- Website: getflowsuite.com
We aim to respond to all privacy requests within 30 days as required by GDPR. This policy is governed by the laws of the European Union.