FlowStateTerms of Service →
Legal

Privacy Policy

Last updated: March 3, 2025

1. Introduction

FlowState Technologies, Inc. (“FlowState”, “we”, “us”, or “our”) operates https://getflowstate.ai and the FlowState platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. Please read it carefully. If you disagree with its terms, please discontinue use of the Service immediately.

2. Information We Collect

CategoryExamplesPurpose
Account DataName, email, password hashAuthentication & billing
Meeting TranscriptsRaw text from video meetings via your calendar integrationAI analysis — see Section 5
Screen RecordingsVideo/audio captured during GuideFlow recording sessionsSOP generation — see Section 5
Usage DataPages viewed, actions taken, feature usageProduct improvement
Billing DataPayment method (tokenised via Stripe — we never store raw card numbers)Subscription management
Cookies & Log DataIP address, browser type, session tokensSecurity & analytics

5. AI Processing of Meeting Transcripts & Recordings

This section is especially important if your organisation handles sensitive or proprietary information.

  • We do NOT train AI models on your data. Your meeting transcripts, screen recordings, and any content processed through FlowState's AI features are never used to train, fine-tune, or improve any public or third-party AI model, including OpenAI's models.
  • API-only processing. AI analysis is performed by sending relevant excerpts of your content to OpenAI via their API under a zero-data-retention agreement. OpenAI does not use API-submitted data for model training by default (see OpenAI's API Data Usage Policy).
  • Minimum data principle. We only transmit the content strictly necessary for the requested AI feature (e.g., the meeting transcript text for meeting summaries). We do not send account metadata, billing data, or other personal information to third-party AI APIs.
  • Transient processing. Transcript and recording data sent to OpenAI is processed transiently and is not stored beyond the API call. FlowState stores the AI-generated output (e.g., the meeting summary), not the raw input unless you have explicitly saved it.
  • Screen recordings. Recordings made via the GuideFlow feature are uploaded to your FlowState-controlled cloud storage bucket. They are not shared with third parties except for the brief AI processing step described above.
  • You retain full ownership. All content you provide — including transcripts, recordings, and generated SOPs — remains your intellectual property. FlowState claims no ownership rights over your content.

6. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process meeting transcripts and generate AI summaries, SOPs, and performance reviews
  • To process payments and manage subscriptions via Stripe
  • To send transactional emails (receipts, alerts)
  • To respond to support requests
  • To detect and prevent fraud or security incidents
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

7. Data Sharing & Disclosure

We share your data only in the following circumstances:

  • Service Providers. Trusted sub-processors who help us operate the Service (Supabase for database/storage, Stripe for payments, OpenAI for AI features, Recall.ai for meeting bot functionality). Each is contractually bound to process your data only as instructed and to maintain appropriate security standards.
  • Legal Requirements. If required by law, court order, or governmental authority.
  • Business Transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you 30 days in advance.

8. Data Retention

  • Account data — Retained for the lifetime of your account plus 30 days after deletion request.
  • Meeting transcripts — Stored for 12 months by default; you may delete them at any time from your dashboard.
  • Screen recordings — Stored until you delete the associated guide or your account.
  • Billing records — Retained for 7 years as required by financial regulations.

9. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Request restriction or objection to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at privacy@getflowstate.ai. We will respond within 30 days.

10. Cookies

We use strictly necessary cookies for authentication (session tokens) and optional analytics cookies to understand how users interact with the Service. You can control cookie preferences via the banner shown on your first visit, or by adjusting your browser settings. See our Cookie Policy for details.

11. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us immediately at privacy@getflowstate.ai.

13. Changes to This Policy

We may update this policy from time to time. We will notify registered users via email at least 14 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact Us

For privacy-related questions or to exercise your rights:
FlowState Technologies, Inc.
Email: privacy@getflowstate.ai