Privacy Policy

This policy describes how Flowshark, Inc. ("Flowshark", "we") collects, uses, and shares personal data when you use our platform.

Data We Collect

• Account data — name, email, hashed password, role.
• Workspace data — clients, contacts, deals, proposals, invoices, templates, email content you sync.
• Usage data — page views, feature usage, error logs (anonymized after 30 days).
• Cookies — strictly necessary for session management. We do not use third-party advertising cookies.

How We Use Data

• To provide and improve the Service.
• To send transactional emails (account, billing, security).
• To process AI requests via Anthropic and OpenAI under no-training agreements.
• To comply with legal obligations.

Sharing

We do not sell personal data. We share with:

• Sub-processors — Render (application hosting), Supabase (managed Postgres + auth), Anthropic and OpenAI (LLM inference), Stripe (payments). Each operates under their own DPA / no-training terms.
• Auditors and legal advisors when required.
• Government when legally compelled and only to the extent required.

Your Rights (GDPR/CCPA)

• Access — get a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and data.
• Portability — export your data in JSON or CSV.
• Restriction / objection — limit processing.

Email privacy@flowshark.ai to exercise any right. We respond within 30 days.

Data Retention

We retain workspace data for the life of the account and 30 days after deletion (for recovery). Audit logs follow plan-tier retention. Anonymized analytics retained up to 24 months.

Children

The Service is not intended for users under 16.

Changes

We notify users of material changes 30 days in advance via email and in-app banner.