Home / Legal / How We Use Your Information

How We Use Your Information

Last Updated: November 15, 2025

1. Introduction

At FlowCMS, we are committed to protecting your privacy and handling your data with transparency, care, and respect. This document explains how we collect, use, share, and safeguard your personal information when you use our platform, APIs, or related services.

By accessing or using FlowCMS, you agree to the practices described in this policy. We recommend reviewing it periodically, as we may update it to reflect changes in our practices or legal requirements.

2. Information We Collect

We only collect information that is necessary to provide, improve, and secure our services. This includes:

  • Account Information: Name, email address, company name, role, and authentication credentials when you register or log in.
  • Content & Metadata: Articles, pages, assets, and structural data you create or manage through our CMS interface or APIs.
  • Usage Data: Pages visited, features used, API call patterns, session duration, and performance metrics to optimize our platform.
  • Technical Data: IP address, device type, browser version, operating system, and cookies for security and functionality.
  • Communications: Emails, support tickets, feedback, or survey responses you voluntarily submit to us.
Note: We do not collect sensitive personal data (e.g., government IDs, financial records, or health information) unless explicitly required for enterprise compliance or billing, and only with your explicit consent.

3. How We Use Your Information

Your data enables us to deliver a secure, fast, and reliable content management experience. Specifically, we use it to:

  • Provide, maintain, and improve the FlowCMS platform and APIs
  • Process transactions and manage your subscription billing
  • Authenticate users and enforce role-based access controls
  • Analyze usage patterns to enhance performance and introduce new features
  • Send service announcements, security alerts, and product updates
  • Respond to support requests, feedback, and technical inquiries
  • Comply with legal obligations, enforce our terms, and prevent fraud or abuse

4. Sharing & Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

  • Service Providers: Trusted third parties that assist with hosting, analytics, customer support, or payment processing. All vendors are bound by strict data protection agreements.
  • Legal Requirements: When required by law, regulation, subpoena, or to protect the rights, property, or safety of FlowCMS, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as a business asset, with continued privacy obligations.
  • With Your Consent: When you explicitly authorize us to share specific information for a defined purpose.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These include:

  • End-to-end TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits, penetration testing, and SOC 2 Type II compliance
  • Role-based access controls, multi-factor authentication, and audit logging
  • Continuous monitoring and automated threat detection systems
Incident Response: In the unlikely event of a data breach, we will notify affected users and relevant authorities within the timeframes required by applicable laws.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access & Portability: Request a copy of your data in a machine-readable format
  • Correction: Update or modify inaccurate or incomplete information
  • Deletion: Request removal of your data, subject to legal retention obligations
  • Opt-Out: Unsubscribe from marketing communications or manage cookie preferences
  • Restriction: Limit how we process your data under certain circumstances

To exercise these rights, please contact our privacy team using the details provided in Section 9. We will respond to verified requests within 30 days.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Account data is retained while your subscription is active. Upon cancellation, we securely delete or anonymize your data within 90 days, unless retention is legally mandated.

8. Policy Updates

We may revise this policy to reflect changes in our practices, technology, or regulatory environment. Significant updates will be communicated via email or platform notification. The "Last Updated" date at the top of this page will reflect the most current version.

9. Contact Us

If you have questions, concerns, or requests regarding this policy or your data, please reach out:

Privacy Team: privacy@flowcms.io

Support: support@flowcms.io

Mailing Address: FlowCMS Inc., 100 Innovation Drive, Suite 400, San Francisco, CA 94105, USA

Data Protection Officer: dpo@flowcms.io (for EU/UK residents)