Privacy Policy

Introduction

FlowSmartly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform, including our website, mobile applications, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, phone number, and company name
• Account credentials (username and encrypted password)
• Billing information (processed securely through third-party payment processors)
• Profile information and preferences
• Communication preferences and notification settings

2. Social Media Account Information

When you connect your social media accounts to our platform, we collect:

• OAuth tokens and access credentials
• Profile information from connected platforms (Facebook, Instagram, Twitter, LinkedIn, TikTok, YouTube)
• Account metrics, analytics, and performance data
• Posts, comments, and engagement data
• Audience demographics and insights

3. Usage Information

We automatically collect information about your use of our Services:

• Device information (IP address, browser type, operating system)
• Log data (access times, pages viewed, actions taken)
• Cookies and similar tracking technologies
• Feature usage and interaction patterns
• Error reports and diagnostic data

4. Email Marketing Data

When you use our email marketing features, we collect:

• Email contact lists and subscriber information
• Email campaign content and design
• Email delivery metrics (open rates, click rates, bounce rates)
• Subscriber engagement and behavior data
• Unsubscribe requests and preferences

5. SMS Marketing Data

When you use our SMS marketing features, we collect:

• Phone numbers of SMS recipients
• SMS message content and delivery status
• Opt-in and opt-out records
• SMS engagement metrics (delivery, clicks, responses)
• TCPA compliance records and consent documentation

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process your transactions and manage your account
• Publish content to your connected social media accounts
• Send email campaigns on your behalf to your contacts
• Deliver SMS messages to your recipients
• Generate analytics and insights about your social media performance
• Provide customer support and respond to your inquiries
• Send you service updates, security alerts, and administrative messages
• Detect, prevent, and address technical issues and fraudulent activity
• Comply with legal obligations and enforce our Terms of Service
• Develop new features and improve user experience

CAN-SPAM Act Compliance

We and our users comply with the CAN-SPAM Act by:

• Including accurate "From," "To," and "Reply-To" information
• Using truthful subject lines that reflect email content
• Identifying messages as advertisements when appropriate
• Including a physical postal address in every email
• Providing a clear and conspicuous unsubscribe mechanism
• Honoring unsubscribe requests within 10 business days
• Monitoring compliance by third parties sending emails on your behalf

GDPR Compliance (Email)

For contacts in the European Union, we ensure:

• Lawful basis for processing (consent, legitimate interest, contract)
• Clear and affirmative consent mechanisms
• Easy access to data subject rights (access, rectification, erasure, portability)
• Data processing agreements with email service providers
• Appropriate technical and organizational security measures

TCPA Compliance

We comply with the Telephone Consumer Protection Act (TCPA) by:

• Requiring prior express written consent before sending marketing SMS
• Maintaining records of all opt-in consents
• Including opt-out instructions in every SMS message
• Honoring opt-out requests immediately
• Not sending SMS to numbers on the National Do Not Call Registry without consent
• Limiting message frequency and timing (no messages before 8 AM or after 9 PM recipient's local time)
• Providing clear disclosure of message and data rates

CTIA Messaging Principles

We adhere to CTIA best practices:

• Clear and conspicuous program terms and conditions
• Transparent disclosure of message frequency
• Standard opt-in and opt-out keywords (STOP, UNSTOP, HELP)
• Automated responses to HELP and STOP keywords
• Age-gating for age-restricted content

SMS Consent Requirements

Users of our SMS platform must obtain consent that includes:

• Clear description of the SMS program
• Disclosure that consent is not a condition of purchase
• Message frequency disclosure
• Statement that message and data rates may apply
• Opt-out instructions
• Link to Terms and Privacy Policy
• Customer support contact information

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority

CCPA Compliance

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

We do not sell your personal information to third parties.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and privacy
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

• Provide our Services and maintain your account
• Comply with legal obligations (tax, accounting, regulatory)
• Resolve disputes and enforce agreements
• Prevent fraud and abuse

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Email and SMS campaign data may be retained for compliance and audit purposes.

Third-Party Services

We work with third-party service providers to deliver our Services:

• Payment Processors: Stripe, PayPal for secure payment processing
• Cloud Infrastructure: AWS, Google Cloud for hosting and storage
• Social Media Platforms: Facebook, Instagram, Twitter, LinkedIn, TikTok, YouTube APIs
• Email Service Providers: SendGrid, Amazon SES for email delivery
• SMS Providers: Twilio, AWS SNS for SMS delivery
• Analytics: Google Analytics, Mixpanel for usage analytics
• Customer Support: Intercom, Zendesk for support services

These providers have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Deliver targeted advertising

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Services. See our Cookie Policy for more details.

Children's Privacy

Our Services are not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete the information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: