Overview

At FlowCMS, transparency is foundational. We only collect data that is necessary to deliver, secure, and improve our content management platform. This page details exactly what information we gather, the mechanisms used to collect it, and the purposes for which it is processed.

Key Principle: We do not sell your personal data. All collection is governed by legitimate business interests, contractual necessity, or explicit consent where required by law.

Information You Provide Directly

When you interact with FlowCMS accounts, support channels, or marketing tools, you may voluntarily share the following:

  • Account Credentials: Email address, display name, password hash, and two-factor authentication setup.
  • Billing Information: Company name, billing address, and payment method details. (Processed securely via PCI-DSS compliant providers like Stripe; we never store full credit card numbers).
  • Profile & Preferences: Team role, notification settings, UI theme preferences, and language selection.
  • Communications: Support tickets, survey responses, and direct messages to our customer success team.

Automatically Collected Data

When you access FlowCMS dashboards or APIs, certain technical data is collected automatically to ensure platform stability, security, and performance optimization:

Data TypeExamplesPurpose
Usage MetricsPage views, feature clicks, session durationProduct analytics, UX optimization
Device & BrowserOS version, browser type, screen resolutionCompatibility tracking, bug resolution
Network InfoIP address, approximate geolocation, connection typeSecurity monitoring, latency routing
System LogsAPI request timestamps, error codes, rate limit triggersInfrastructure health, abuse prevention

We aggregate and anonymize most usage data before analysis to protect individual privacy.

Content & Workspace Data

As a Content Management System, FlowCMS stores and processes the digital assets you upload:

  • Media Files: Images, videos, documents, and fonts uploaded to your media library.
  • Structured Content: JSON payloads, custom field schemas, draft/published states, and revision history.
  • Access Control Data: Role assignments, webhook configurations, and API key scopes associated with your workspace.

This data remains your intellectual property. We process it strictly to render, version, and distribute your content via our infrastructure. We do not use your published content for AI training or third-party advertising.

Cookies & Tracking Technologies

We use essential and analytical cookies to maintain session state and understand platform usage. All non-essential tracking requires explicit consent via our cookie banner.

  • Essential Cookies: `session_token`, `csrf_token`, `auth_state` (required for login and security)
  • Preference Cookies: `ui_theme`, `locale`, `dashboard_layout`
  • Analytics Cookies: `plausible_session`, `utm_source` (used for aggregated product insights)
  • Performance Cookies: CDN routing identifiers for edge caching optimization

You can manage or withdraw consent at any time via the Cookie Preferences Center in your account settings.

Third-Party Services & Integrations

FlowCMS integrates with external tools to extend functionality. Data sharing is limited to what is required for the integration to function:

  • Payment Processing: Stripe, PayPal (billing only)
  • Authentication: OAuth providers (Google, GitHub, SAML SSO)
  • Support & CRM: Intercom, Zendesk (ticket history, contact info)
  • Infrastructure: AWS, Cloudflare, Vercel (hosting, CDN, DDoS protection)

Each integration is governed by a Data Processing Agreement (DPA). We do not share data with unrelated third parties.

Why We Collect Data

All data collection serves specific, documented business purposes:

  1. Service Delivery: Authenticating users, rendering workspaces, processing API requests, and delivering content via CDN.
  2. Security & Compliance: Detecting unauthorized access, preventing abuse, maintaining audit logs, and fulfilling legal obligations.
  3. Product Improvement: Analyzing feature adoption, identifying performance bottlenecks, and prioritizing development roadmap.
  4. Customer Support: Resolving technical issues, managing billing inquiries, and providing onboarding assistance.
  5. Communications: Sending service announcements, security alerts, and (with consent) product updates.

Retention & Security

We retain data only as long as necessary to fulfill the purposes outlined in this notice, or as required by law:

  • Active Account Data: Retained for the duration of your subscription plus 90 days post-cancellation.
  • Billing Records: Kept for 7 years for tax and accounting compliance.
  • System Logs: Purged automatically after 180 days unless flagged for incident response.
  • Anonymized Analytics: Stored indefinitely for product research, stripped of personal identifiers.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted via strict RBAC policies and regular third-party penetration testing.

Your Rights & Controls

Depending on your jurisdiction, you may have the right to:

  • Access, export, or correct your personal data
  • Request deletion or account closure
  • Opt out of marketing communications
  • Object to automated processing or profiling
  • File a complaint with a data protection authority

Execute these rights directly from your Account Settings → Privacy & Data panel, or submit a formal request to our privacy team. We respond to valid requests within 30 days.

Contact Us

If you have questions about this policy, our data practices, or wish to exercise your privacy rights, please reach out:

FlowCMS Privacy Team
Email: privacy@flowcms.io
Address: 100 Innovation Drive, Suite 400, San Francisco, CA 94107, USA
Response Time: Within 5 business days