FlowSentinel
Legal

Privacy Policy

Effective date: 1 May 2025 — Last updated: 28 May 2026

1. What we collect

FlowSentinel collects only the data required to deliver workflow assurance monitoring:

  • Account email address and authentication credentials
  • Billing information processed by Stripe (card details are never stored on FlowSentinel servers)
  • Workflow titles, statuses, error summaries, run timestamps, and provider metadata from connected integrations
  • Optional: raw error payloads if you explicitly enable per-flow payload retention
  • Read-only API credentials or webhook URLs you supply during provider setup (stored encrypted at rest)

2. How we use it

Data you provide is used exclusively for the following purposes:

  • Running verification checks, scanning for coverage gaps, and generating recovery proof assessments for your connected workflows
  • Delivering alert notifications and weekly digests to recipients you configure
  • Processing billing and managing your subscription plan via Stripe
  • Improving the reliability and accuracy of the service using aggregated, non-identifying signals

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

3. Data retention

  • Account data is retained for as long as your workspace remains active
  • Upon account deletion, all personal data and workspace records are permanently deleted within 30 days
  • Raw error payloads are subject to your per-flow retention settings and purged according to the interval you configure
  • Billing records may be retained for legally required periods

4. Third-party sub-processors

FlowSentinel uses the following sub-processors to deliver the service:

Supabase

Database and authentication. Data is hosted in the EU (Frankfurt, eu-central-1).

Stripe

Payment processing and billing management. Stripe handles all card data under PCI DSS. FlowSentinel stores only subscription status and customer identifiers.

Vercel

Application hosting and edge delivery. Request routing and serverless function execution.

5. Data transfers

Your workflow and account data is hosted in the EU via Supabase (Frankfurt region). Stripe and Vercel may process billing and request-routing data outside the EU in accordance with their own data processing agreements and Standard Contractual Clauses. Where personal data is transferred outside the EEA, appropriate safeguards apply.

6. Your rights

If you are in the EU or EEA, you have the following rights under the GDPR:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request erasure of your personal data, subject to legal retention requirements
  • Portability — request your data in a structured, machine-readable format

To exercise any of these rights, contact us at support@flowsentinel.app. We will respond within 30 days.

7. Cookies

FlowSentinel uses session cookies solely for authentication purposes. No tracking cookies, analytics cookies, or third-party advertising cookies are used. You can delete cookies at any time through your browser settings; doing so will sign you out of the product.

8. Contact

For privacy questions, data requests, or to report a concern:

support@flowsentinel.app