We respect your data. Full stop.

Account information: When you create an account, we collect your name, email address, and business name. This is how we identify you and send you important notifications.

Conversation data: When Flowza processes messages on WhatsApp, Messenger, or Instagram, we temporarily handle those messages to generate AI responses. Conversation logs are stored for up to 90 days to provide analytics. We do not read, sell, or share your customer conversations.

Knowledge base content: The FAQs, product information, pricing, and business details you enter into Flowza are stored and used exclusively to power your AI responses.

Usage data: We collect anonymized data about how you use the platform — pages visited, features used, session duration. This helps us improve the product. It is never tied to individual customer profiles.

Payment information: All payments are processed by SSLCommerz, bKash, Nagad, or Stripe depending on your payment method. We never store your card number, bKash PIN, or any payment credentials on our servers.

We use your data to provide and improve the Flowza service. Specifically:

• →To power AI responses on your connected channels (WhatsApp, Messenger, Instagram).
• →To generate AI replies for your Google and Facebook reviews.
• →To show you analytics about your conversations, leads, and reply rates.
• →To send you product updates, feature announcements, and billing receipts.
• →To improve AI response quality — using anonymized, aggregated patterns.

We will never sell your data to third parties. We will never use your customer conversations to train AI models without explicit consent. You can opt out of product update emails anytime with one click.

Your data is hosted on encrypted cloud infrastructure (Supabase PostgreSQL with SSL/TLS in transit and AES-256 at rest). We take the following security measures:

• ✓AES-256 encryption for all data at rest.
• ✓TLS 1.3 for all data in transit.
• ✓Multi-tenant isolation — your data is stored in a separate logical environment and never mixed with other businesses' data.
• ✓Access tokens (OAuth credentials for Meta, Google) are encrypted using AES-256 before storage.
• ✓Regular security audits and dependency updates.

Flowza integrates with the following third-party services to deliver the product. Each provider has their own privacy policy:

• →OpenAI: AI response generation. Conversation content is sent to OpenAI for processing. OpenAI does not use API data for training.
• →Meta (Facebook / WhatsApp / Instagram): Messaging and reviews via official APIs. Subject to Meta Platform Terms.
• →Google APIs: Google Business Profile access for review management. Subject to Google API Terms of Service.
• →Stripe / SSLCommerz / bKash / Nagad: Payment processing. We never see or store full payment credentials.
• →Resend: Transactional email (receipts, alerts, notifications).
• →Sentry: Error monitoring. Only anonymized error traces are logged.

You have full control over your data. At any time, you can:

• ✓Access all your account data from the Settings ? Data section of your dashboard.
• ✓Edit or correct your business information and knowledge base.
• ✓Export your full conversation history as a CSV or JSON file.
• ✓Delete your account and all associated data within 30 days.
• ✓Request a copy of all personal data we hold about you by emailing [email protected].

If you are an EU resident, you have additional rights under GDPR including the right to erasure, data portability, and the right to object to processing. We are committed to GDPR compliance. Contact [email protected] for any GDPR-related requests.

We use a minimal number of cookies — only what's necessary to run the service:

• →Session cookies: to keep you logged in during your dashboard session.
• →Preference cookies: to remember your language and theme settings.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not share cookie data with advertisers.

If you have any questions, concerns, or requests related to your privacy or this policy, please reach out to us at:

📧 [email protected]

We aim to respond to all privacy-related enquiries within 5 business days.