Privacy Policy

FlowFixr is operated by John Smith Kristiansen ("FlowFixr", "we", "us"). For privacy questions, contact us at privacy@flowfixr.app.

• Metadata-first analysis — never the contents of your messages, documents or meetings.
• No screen recording, no keystroke logging, no behavioural surveillance.
• Minimal retention. We keep only what is needed to provide operational insights.
• You control which integrations are connected and can disconnect at any time.
• You can export or delete your data at any time.

Account data. Email address, hashed password (or OAuth identifier), display name.

Onboarding answers. Your work type, pain points, focus style and tools — used to calibrate your operational baseline.

Workflow metadata. When you connect optional integrations (Calendar, Slack, etc.) we read only metadata: event timestamps, durations, frequency, density, channel-level activity counts. We do not read message bodies, document contents or attendee identities beyond what is required to compute aggregate signals.

Subscription data. Plan, billing status and invoice references. Payment details are handled by our processor (Paddle) and never stored on our servers.

Product telemetry. Aggregated, non-identifying usage signals (page views, error logs) used to keep the service stable.

• To compute your Flow Score, Focus Stability and operational insights.
• To send essential service emails (sign-in, billing, security alerts).
• To prevent fraud and keep the platform secure.
• To meet legal and accounting obligations.

We do not sell personal data. We do not use your data to train external AI models.

We process personal data under the following lawful bases: performance of contract (delivering the service you subscribed to), legitimate interests (security, product improvement at aggregate level), legal obligation (tax, accounting), and consent (optional integrations and marketing emails — withdrawable at any time).

Integrations such as Google Calendar, Slack, Notion, Gmail, ClickUp, Trello and Linear are optional and user-controlled. We request the narrowest scopes that allow metadata-level analysis. You can revoke access from FlowFixr Settings or directly from the provider at any time.

Account and subscription data: kept while your account is active and for up to 24 months after closure for legal/accounting purposes.

Workflow metadata and computed insights: kept for the period needed to power historical trends on your plan, then automatically reduced to anonymised aggregates.

Server logs: 30 days.

FlowFixr uses Lovable Cloud infrastructure with row-level security on every data table, encrypted transport (TLS), encrypted storage at rest, scoped server-side access controls and short-lived session tokens. Passwords are hashed; we never see them in clear text.

You can access, correct, export, restrict or delete your personal data at any time. Email privacy@flowfixr.app or use the in-app controls. EU/UK users have the right to lodge a complaint with their local data protection authority.

You can delete your account from Settings. Deletion removes your profile, onboarding answers, workflow metadata and computed insights. Billing records required by law are retained for the legally mandated period and otherwise anonymised.

FlowFixr uses essential cookies for authentication and session management only. We do not use advertising or third-party tracking cookies.

We use a small number of trusted infrastructure providers: Lovable Cloud (hosting, database, auth), Paddle (payments and tax compliance), and our transactional email provider. Each is contractually bound to GDPR-aligned data processing terms.

If we make material changes we will notify you by email and update the "Last updated" date above before the changes take effect.