Privacy Policy

Last Updated: 20.12.2024 (Version 1.1.0)

This privacy policy informs you about Flowpatrol’s data processing. Flowpatrol UG (haftungsbeschränkt), Lindenberger Str. 38, 06712 Schnaudertal, Germany, registered with the commercial register at the local court of Charlottenburg (HRB 215332 B), and represented by the managing director Sebastian Oehlschläger (hereinafter "we," "us," or "Flowpatrol") is committed to protecting your personal data.

1. General Information Regarding Data Processing

Flowpatrol provides an AI-based SaaS solution for automating testing and QA processes. We are a single-employee company and only collect user email addresses during registration, without requesting any other personal information (e.g., name or physical address).

If you have joined or visited a Flowpatrol account or workspace as a reader/invitee, our customer (usually a company or an organization) is the controller of the information provided to Flowpatrol via the use of Flowpatrol. To understand how your data is processed in that scenario, you will need to review their policies.

In all other cases, Flowpatrol is the controller of your data, and the following provisions will apply.

1.1 Flowpatrol as the Data Controller

  • Data Controller
    Flowpatrol UG (haftungsbeschränkt)
    Lindenberger Str. 38
    06712 Schnaudertal, Germany
    Trade Registry: HRB 215332 B (Charlottenburg)
    Managing Director: Sebastian Oehlschläger
    Email: hello@flowpatrol.ai

1.2 Scope of Data Processing

Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of Regulation (EU) 2016/679 (the "General Data Protection Regulation," GDPR) as well as in the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

1.3 Your Rights

In accordance with the statutory provisions, you as a data subject have the following rights:

  • The right to access (Art. 15 GDPR),
  • The right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
  • The right to restriction of processing (Art. 18 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • If you have provided personal data on the basis of consent, you can withdraw such consent at any time with effect for the future (Art. 7(3) GDPR),
  • You may object to the processing of your personal data if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, insofar as there are reasons arising from your particular situation (Art. 21 GDPR).

To exercise these rights, you may contact us at any time, for example via email to privacy@flowpatrol.ai.
You also have the right to lodge a complaint with a supervisory authority of your choice, for example in the EU/EEA member state where you live or work.

1.4 Storing and Deleting Data

The duration of data storage depends on the respective data category and processing activity. If the storage period is not specified below, we delete or block your personal data as soon as the purpose or legal basis for storage ceases to apply. However, we may be required to retain data if mandated by law, and/or in the event of a possible legal dispute.

1.5 Profiling and Automated Decision-Making

We do not use automated decision-making, including profiling, when processing data concerning our Website or Platform.

1.6 Data Security

For the best possible security of user data, our service through the Website and SaaS platform is provided via a secure SSL/TLS connection. That means that data is transferred in encrypted form. We have implemented suitable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

1.7 Data Processing by Third Parties / Data Processing Outside the EU

We may use third-party service providers that process your data for the purposes named in this privacy policy. We process your personal data using third-party providers located in the EU and/or in the USA; we ensure that data protection standards applicable in the EU are met (e.g., by concluding Standard Contractual Clauses).
A list of the main data processors processing data outside the EU and corresponding information is available by request via email to privacy@flowpatrol.ai.

2. Data Processing on Our Website (flowpatrol.ai)

2.1 Server Logs

Nature and Purpose of Data Processing
We collect data on each visit to our website flowpatrol.ai in so-called server log files. These may include:

  • Name of the page or file visited,
  • Date and time of the visit,
  • Data amount transferred,
  • Information on a successful call,
  • Browser type and version,
  • Operating system,
  • Referrer URL,
  • IP address,
  • Requesting provider,
  • Device and language settings.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and to guarantee the stability and operational security of our Website.

Legal Basis
Art. 6(1)(f) GDPR, based on our legitimate interest in operating a secure and reliable website.

Recipients
Recipient of the data may be a hosting provider or analytics service. As a processor on our behalf, the service provider processes the data only within the scope of our instructions under a data processing agreement.

Third-Country Transfer
Where data is transferred to a third country, we rely on Standard Contractual Clauses or comparable safeguards.

Storage Duration
Log files and IP addresses are usually deleted within [30 days], unless we need them longer for security investigations or are required by law to retain them.

2.2 Cookies and Tracking

Our website may use cookies or similar technologies to make our service more user-friendly, more effective, and safer. Depending on the cookie category (e.g., essential, analytics, marketing), we will request your consent where required by law.

  • Legal Basis:

    • Art. 6(1)(a) GDPR if we rely on your consent for non-essential cookies.
    • Art. 6(1)(f) GDPR (legitimate interests) if the cookie is strictly necessary for the operation of the site.

  • Recipients:
    Third-party analytics or marketing providers who place and read cookies in your browser under a data processing agreement or comparable arrangement.

  • Withdrawal of Consent:
    You can adjust your browser settings to decline some or all cookies or notify you before they are placed. In addition, you may withdraw any cookie consent through our cookie banner or by contacting us at privacy@flowpatrol.ai.

3. Product Analytics

3.1 Nature and Purpose of Data Processing

We use analytics tools, such as Posthog, to better understand how users interact with our platform. This may involve collecting:

  • Event data (e.g., button clicks, feature usage),
  • IP addresses (possibly in pseudonymized form),
  • Browser or device information,
  • Other usage patterns.

3.2 Legal Basis

  • Art. 6(1)(f) GDPR if we rely on our legitimate interest to improve our services and user experience,
  • Art. 6(1)(a) GDPR if we obtain your explicit consent (for instance, if required by local regulations for analytics cookies).

3.3 Recipients

  • Posthog acts as a data processor on our behalf under a data processing agreement.
  • We ensure adequate safeguards for any transfer of personal data outside the EU/EEA (e.g., Standard Contractual Clauses).

3.4 Storage Duration

We keep analytics data only as long as necessary to fulfill the purposes described or as required by law.

3.5 Withdrawal of Consent / Objection

You can withdraw consent at any time or object to data processing based on legitimate interests by contacting privacy@flowpatrol.ai.

4. Contacting Us

4.1 Nature and Purpose of Data Processing

If you contact us by email or via a contact form, we will process your email address and any other information you provide in order to handle and respond to your request.

  • Legal Basis:

    • Art. 6(1)(f) GDPR for general inquiries (our legitimate interest in offering an efficient communication channel),
    • Art. 6(1)(b) GDPR if your request relates to a contractual or pre-contractual relationship.

  • Recipients:
    Depending on your communication method, we may use an email hosting or ticketing service provider as a data processor.

  • Storage Duration:
    We store your data as long as necessary to respond to your inquiry or as legally required.

5. Data Processing in Our Service Platform / SaaS

5.1 Service Provision

We offer an AI-powered testing and QA platform. During registration, we only require your email address; we do not request or store additional personal data (e.g., name or physical address).

  • Legal Basis:
    Art. 6(1)(b) GDPR, as data is processed for the performance of our contract (i.e., providing the service).

  • Recipients:
    We may engage subcontractors (e.g., cloud providers) under data processing agreements.

  • Storage Duration:
    We store data as long as necessary to provide the service or comply with legal obligations. Once data is no longer required, we will delete or anonymize it.

5.2 Error Tracking and Basic Support

We track errors and crashes for quality assurance. If you contact support, we may process logs, screenshots, or other relevant details to resolve issues.

  • Legal Basis:
    Art. 6(1)(f) GDPR (legitimate interest in stable, secure service) or Art. 6(1)(b) GDPR if the support request relates to contract performance.

  • Recipients:
    Error tracking or ticketing service providers under a data processing agreement.

5.3 Support with File Access

If you consent to share files or data with us (e.g., a test scenario) for advanced troubleshooting, we will access that content solely to resolve your request.

  • Legal Basis:
    Art. 6(1)(a) GDPR (consent).

  • Storage Duration:
    We delete such files immediately after resolving the issue unless legally required otherwise.

5.4 Payment Processing

If you subscribe to a paid plan, you may provide billing information such as a company name or VAT ID. We process this data to handle payments and meet tax obligations.

  • Legal Basis:
    Art. 6(1)(b) GDPR for contract performance; relevant finance/tax laws.

  • Storage Duration:
    We generally retain payment records for up to 10 years due to tax law requirements.

6. Data Processing on Our Social Media Pages

We may operate pages on social media (e.g., LinkedIn, Twitter, etc.). When you visit our social media pages, data is processed both by us and the social media provider. The provider typically has direct access to certain data and is responsible for fulfilling data subject rights under GDPR. You can also contact us if necessary, and we will forward your request.

  • Legal Basis:

    • Your consent or the legitimate interests of both us and the platform under Art. 6(1)(a) or (f) GDPR.

  • Data Processing:
    May include interactions (likes, shares, comments), device data, or analytics (e.g., “Insights”).

For more details, please refer to the privacy notices of the respective social media platforms.

7. Data Processors and Third-Party Integrations

We may use various data processors and third-party integrations to deliver certain features. Examples include:

  • Cloud hosting providers (for infrastructure),
  • Email/ticketing software (for customer inquiries),
  • Analytics tools (like Posthog),
  • Payment processors (for subscriptions).

Where these providers process personal data outside of the EU/EEA, we ensure that EU data protection standards are upheld (e.g., through Standard Contractual Clauses).
For inquiries about specific processors or to request a list of sub-processors located outside the EU, please contact us at privacy@flowpatrol.ai.

8. Changes to This Privacy Policy

We reserve the right to update or modify this privacy policy at any time. The current version is always available at flowpatrol.ai/legal/privacy. By continuing to use our services after any changes become effective, you agree to the revised policy.

9. Questions?

If you have any questions about this privacy policy, feel free to reach out to us at hello@flowpatrol.ai.