Privacy Policy

Last Updated: November 1, 2025

Table of Contents

FlowCMS ("we", "our", or "us") is committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Content Management System platform, websites, APIs, and related services (collectively, the "Services").

Important Note: This policy applies to all users, administrators, and visitors interacting with FlowCMS, regardless of location. By accessing or using our Services, you consent to the practices described herein.

1. Information We Collect

We collect information to provide, improve, and secure our Services. The types of data we collect include:

1.1 Account & Profile Information

When you create an account, we collect your name, email address, organization name, and optional profile details. If you invite team members, we collect their contact information necessary for account provisioning.

1.2 Content & Usage Data

We process content you upload, create, or manage through FlowCMS, including metadata, editing history, version control logs, and publishing timestamps. We also collect usage analytics such as feature interactions, page views, API call volumes, and error logs to optimize performance.

1.3 Technical & Device Information

Automatically collected data includes IP address, browser type, operating system, device identifiers, access times, and referring URLs. This data helps us maintain security, debug issues, and ensure platform stability.

1.4 Payment Information

For paid plans, we collect billing details and payment method information. FlowCMS does not store full credit card numbers; all payment processing is handled securely by our PCI-DSS compliant partners (e.g., Stripe).

2. How We Use Your Information

We use collected data to:

  • Provide, maintain, and improve our CMS platform and APIs
  • Process transactions and manage billing
  • Authenticate users and enforce role-based access controls
  • Send service notifications, security alerts, and administrative communications
  • Personalize your experience and deliver relevant product updates
  • Comply with legal obligations and enforce our Terms of Service
  • Analyze usage trends to develop new features and optimize infrastructure

3. Data Sharing & Third Parties

We do not sell your personal information. We may share data only in the following circumstances:

  • Service Providers: Trusted vendors who assist with hosting, analytics, customer support, payment processing, and AI model training (all bound by strict data processing agreements)
  • Legal Requirements: When required by law, court order, or government request to protect rights, property, or safety
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred as a business asset with continued privacy protections
  • With Your Consent: Explicitly when you authorize sharing with specific third-party integrations or webhooks

4. Data Security & Retention

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 for data in transit, regular penetration testing, role-based access controls, and automated vulnerability scanning. Our infrastructure is hosted on SOC 2 Type II certified providers.

Data Retention: We retain your account data and content for as long as your account is active or as needed to provide Services. If you cancel your subscription, we retain data for 30 days for recovery purposes, after which it is permanently deleted from our production systems. Backup retention may extend up to 90 days for disaster recovery compliance.

5. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access & Portability: Request a copy of your data in a machine-readable format
  • Correction: Update or rectify inaccurate information via your dashboard
  • Deletion: Request erasure of your data, subject to legal retention obligations
  • Restriction & Objection: Limit processing or object to direct marketing communications
  • Opt-Out: Manage email preferences and disable non-essential analytics through your account settings

To exercise these rights, contact us at privacy@flowcms.io. We will respond to verified requests within 30 days.

6. Cookies & Tracking Technologies

We use essential cookies for authentication, session management, and security preferences. We may also use analytics cookies to understand platform usage patterns. You can manage cookie preferences through your browser settings or our consent banner. Disabling essential cookies may limit platform functionality.

7. Children's Privacy

FlowCMS is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we discover such data, we will take steps to delete it promptly. Parents or guardians with concerns should contact our privacy team immediately.

8. Changes to This Policy

We may update this Privacy Policy to reflect product developments, legal requirements, or operational changes. Material updates will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of our Services after modifications constitutes acceptance of the revised policy.

Questions About Your Privacy?

If you have concerns, need clarification, or wish to exercise your data rights, please reach out to our dedicated Privacy Team.

privacy@flowcms.io
FlowCMS Inc. • 100 Innovation Drive, Suite 400 • San Francisco, CA 94107