Legal

Privacy Policy

Last updated 24 June 2026

This Privacy Policy explains how FlowVolt collects, uses, stores, and shares your information when you use our website and product. We are based in the Netherlands and follow the EU General Data Protection Regulation (GDPR).

1. Who we are

FlowVolt (O.L. Watches, registered in the Netherlands, Chamber of Commerce (KvK) 87784556, registered address Abraham Heetveldlaan 6, 3903 DC Veenendaal) is the data controller for the personal data described here. You can reach us at info@flowvolt.io.

2. The data we collect

  • Account data: your name and email address, handled through our authentication provider (Clerk).
  • Consult and Knowledge Core: the information you share about your agency during the consult, and a summary read from your public website if you choose the optional website scan.
  • Connected-account data, only for the tools you connect and only as needed to run your agents: Gmail (read inbound messages and create drafts; we never send), Google Calendar (read events), Google Analytics (read aggregate metrics), Slack (read channels you allow and post to your own direct message), and HubSpot (read contacts and deals).
  • Product usage: records of agent runs, the drafts produced, your edits, and operational logs (timing, token and cost figures) used to run, debug, and improve the service.
  • Billing data: handled by our payment processor (Stripe). We do not store your full card details.
  • Essential cookies and similar technology needed to keep you signed in and secure. We do not use advertising or cross-site tracking cookies.

3. How we use your data and the legal basis

  • To provide the service: compose and run your agents, draft in your voice, and deliver drafts to you (performance of our contract with you).
  • To improve your agents within your own account: your edits teach your Knowledge Core so future drafts are more on-voice (our legitimate interest in providing a useful product, and performance of the contract).
  • To connect and act on your third-party tools, strictly within the scopes you grant (your consent, which you can withdraw at any time by disconnecting the tool).
  • To take payment and prevent fraud (performance of the contract and legal obligation).
  • To secure the service, debug, and prevent abuse (our legitimate interest).

4. Google user data — Limited Use

FlowVolt's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, for data accessed through Gmail, Google Calendar, and Google Analytics:

  • We request the minimum scopes needed: Gmail read and draft-create (never send), Calendar read-only, and Analytics read-only.
  • We use this data only to provide and improve the user-facing features you ask for (for example, drafting a reply or a brief, or building a report).
  • We do not use Google user data to train generalized or non-personalized AI/ML models. Drafting happens with models that do not retain or train on your content.
  • We do not transfer or sell Google user data to third parties, and we do not use it for advertising, retargeting, credit, or lending purposes.
  • We do not allow humans to read your Google user data except with your explicit consent (for example, to debug a specific issue you report), where required by law, or for security purposes such as investigating abuse.

5. Who we share data with (subprocessors)

We share data only with the service providers needed to run FlowVolt, under contracts that require them to protect it:

  • Clerk — authentication and secure storage of your OAuth tokens (we never store these ourselves).
  • Stripe — payment processing.
  • Supabase / Neon (PostgreSQL) — our database.
  • Vercel — hosting and the AI Gateway that routes model requests.
  • Anthropic — the AI models that process your content to produce drafts; provided under terms that do not train on your inputs or outputs.
  • Google, Slack, and HubSpot — only the accounts you connect, accessed within the scopes you grant.

We never sell your personal data, and we never use it for advertising.

6. International transfers

Some providers process data outside the European Economic Area. Where they do, transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. How long we keep it

We keep your data for as long as your account is active and as needed to provide the service, then delete or anonymize it within a reasonable period, unless we must keep it longer to meet a legal obligation. You can ask us to delete your data at any time (see your rights below).

8. Security

We encrypt data in transit, hold OAuth tokens with Clerk rather than ourselves, scope every connector to the minimum needed, and restrict access on a need-to-know basis. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of the data.

9. Your rights

Under the GDPR you have the right to access, correct, delete, restrict, or port your data, to object to certain processing, and to withdraw consent at any time. To exercise any of these, email info@flowvolt.io. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Children

FlowVolt is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16.

11. Changes

We may update this policy as the product evolves. We will post the new version here with an updated date and, for material changes, notify you.

12. Contact

Questions or requests: info@flowvolt.io.