FlowHunt is committed to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018.
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Is FlowHunt GDPR compliant?
Yes, FlowHunt is fully compliant with GDPR. Several strategies were undertaken in order to meet all the required criteria.
What data does FlowHunt collect?
We collect and store certain information to provide and maintain our services. This includes:
Account Information
When you create an account, we collect information such as your name, email address, and login credentials.
Uploaded Content
If you upload documents or files to the platform, we store them securely on your behalf. These files remain your property, and we do not access, view, or use them for any purpose other than to make them available through the platform.
Chat History and User Inputs
Your conversations and prompts are stored so that you can revisit past sessions, debug and maintain context within ongoing chats. FlowHunt does not use this data for training, analytics, or any secondary purpose. It remains private to your account and we only process it for secure storage and retrieval.
Third-Party Services and AI Providers
Certain features of our platform rely on third-party applications, mainly AI models (e.g., to generate responses or analyze uploaded documents). While we do not permit these providers to use your data for their own purposes, their individual privacy policies and data handling practices may differ. We encourage you to review the privacy policies of any third-party services you choose to use within the platform.
Technical and Usage Data
We collect limited technical information (such as IP address, browser type, and device details) necessary to operate, secure, and improve the performance of our services.
Communication Data
If you contact us, we may collect your correspondence and contact details solely for support and customer service purposes.
How do we store your data?
We ensure the confidentiality and integrity of your data with industry best practices. FlowHunt servers are hosted at Tier IV or III+, PCI DSS, SSAE-16, or ISO 27001 compliant facilities. Our Security Team constantly pushes security updates and actively responds to security alerts and events.
Public FlowHunt service hosts data primarily in European Union (Frankfurt Data Centers). Private clouds can be built based on your preference or geographical location in the United States, Europe, and Asia. Customers can choose to locate their Service Data in the US-only or Europe-only.
More GDPR FAQs
Do you have any dedicated data protection officer (DPO) or compliance / security team working?
Yes, we have both an internal team and a dedicated Data Protection Officer. Please direct all your questions related to GDPR compliance to support@flowhunt.io .
How will you verify to customers that you are in compliance with the new regulation?
If you wish for a formal verification, we offer a Data Processing Agreement (DPA) template. You can download the template, fill it out with your details, and send it back to us. We will review and return the signed agreement promptly.
Download the DPA template here (DocX)
Download the DPA template here (PDF)
How is sensitive information stored and do you have processes in place in the event of a data breach?
Sensitive information is stored securely, with limited access. We react to Data breaches immediately by notifying affected parties, DPO and local Institutions, according to our internal GDPR project.
How long do you store customer data for?
We store customers’ data only for the time of using our services or until they request to delete their data.
Where is your customer data physically stored?
Data of our EU customers are stored in our European datacenters located in Germany, UK and Slovakia and are hosted by Linode, Inc.
Which of your teams will have access to customer personal information?
We access customer’s personal information only based on prior request by the customer or with the customer’s approval. In most common cases, the data may be accessed by the customer service team, development team or marketing team.
How does your organization handle instances when customers request their data be removed from your system(s)?
When a customer requests deletion of their data, we proceed with the deletion immediately, with no further delay.
How do you handle data protection requirements with any of your sub-processors?
We sign Data Processing Agreements with each of our subprocessors.
What third party organizations (subprocessors) do you work with that may also have access to the data we share with you?
See list of FlowHunt subprocessors .
Additional security measures
Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Communication encryption
All communication between you and FlowHunt servers is encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communication between your browser and FlowHunt is encrypted.
Secure credential storage
We follow latest best practices to store and protect user login credentials and passwords in the cloud.
API security
FlowHunt API is restricted to accredited users based on username and password or username and API tokens.
Right to erasure (“Right to be forgotten”)
Every FlowHunt account owner has full control over his account and can request to be deleted any time. If you make a request, we have one month to respond to you. If you’d like to exercise your right to erasure or any other data protection right as defined by the GDPR, contact us by at support@flowhunt.io . We also have automatic procedures for deleting suspended accounts to make sure we don’t store permanently your data after you decide to stop using our services.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.
How do we use cookies?
Our Company uses cookies to keep you signed in, understand your usage and improve your experience on our website and platform.
Additional resources
- FlowHunt privacy policy
- Terms of service
- FlowHunt security policy
- List of Sub-processors & Subcontractors
Do you have questions?
Contact us at support@flowhunt.io