Privacy Policy

Flowo (“we”, “our”, “us”) is a personal productivity application operated by Gabriele Merigo, an individual based in Italy. As the data controller under GDPR, Gabriele Merigo is responsible for the processing of your personal data. Contact: privacy@flowo.app.

We collect only the data necessary to provide the service:

• Account data: your name and email address, provided by Google when you sign in via OAuth.
• Usage data: tasks, habits, reading sessions, budget entries, and planner data you create inside the app.
• Google Calendar / Tasks data: event and task information synced from your Google account (Pro/Premium only). Data is fetched on demand, displayed in-app, and not stored permanently on our servers. You can revoke this access at any time via your Google Account permissions.
• Payment data: billing transactions are handled entirely by Stripe. We store only your Stripe Customer ID and subscription status — no card numbers or payment details.
• Technical logs: server-side error logs for debugging (no personal content, auto-deleted after 30 days).

We do not use your data to train AI models. We do not sell your data to third parties.

• To provide, operate, and improve the Flowo service.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (welcome, subscription confirmation, trial reminders) via Resend.
• To display aggregate, anonymised usage analytics via Plausible Analytics (no cookies, no personal data).

Legal basis (GDPR): contract performance (Art. 6(1)(b)) for core service; legitimate interests (Art. 6(1)(f)) for error monitoring and analytics.

Your data is stored in Supabase (EU region — Frankfurt, Germany) with row-level security enforced at the database level. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to authenticated sessions only.

We use the following sub-processors, each operating under their own GDPR-compliant Data Processing Agreements:

• Supabase — database and authentication infrastructure (EU — Frankfurt, Germany)
• Vercel — application hosting. Primary serving occurs via EU edge nodes; Vercel’s global infrastructure may process request metadata outside the EEA under Standard Contractual Clauses (SCCs).
• Stripe — payment processing (SCCs apply for US transfers)
• Resend — transactional email delivery
• Google OAuth — sign-in and Calendar/Tasks API access
• Plausible Analytics — privacy-friendly, cookieless analytics (EU-hosted)

Where data is transferred outside the European Economic Area, it is protected by Standard Contractual Clauses (SCCs) adopted by the European Commission under Art. 46 GDPR.

If you are in the European Economic Area, you have the right to:

• Access — request a copy of all your data (available via Settings → Export data).
• Erasure — delete your account and all associated data (available via Settings → Delete account).
• Rectification — correct inaccurate data by updating your profile.
• Portability — export your data in JSON format at any time.
• Objection — object to processing based on legitimate interests.
• Restriction — request that we restrict processing of your data in certain circumstances.

To exercise any right not available via the app, email privacy@flowo.app and we will respond within 30 days (one calendar month as required by GDPR).

You also have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la protezione dei dati personali. If you are in another EEA country, you may contact your national supervisory authority.

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Error logs are automatically deleted after 30 days.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you, as described in GDPR Art. 22.

Flowo uses only essential session cookies required for authentication (managed by NextAuth.js). No advertising or tracking cookies are set. See our Cookie Policy for details.

We may update this policy periodically. We will notify you via email or in-app notification for material changes. Continued use after changes constitutes acceptance.

For privacy enquiries, contact us at privacy@flowo.app.