Skip to main content
FlowFn
IntegrationsTemplatesPricingDocsBlogSign inStart free
All legal documents

Legal & Compliance

CCPA Compliance Statement

Version1.0UpdatedJun 15, 2026Reading time6 min read

1. Introduction

This CCPA Compliance Statement explains how FLOW FN PTE. LTD. (UEN 202617303Z), a company incorporated in Singapore ("we", "us", or "our"), complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) when processing personal information of California residents. This statement supplements our Privacy Policy.

2. Our Commitment to CCPA

We are committed to full compliance with CCPA/CPRA and respect the privacy rights of California residents. We provide transparency about our data practices and enable California consumers to exercise their privacy rights.

3. Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information: (a) Identifiers: Name, email address, IP address, account identifiers; (b) Commercial Information: Purchase history, subscription information, payment information; (c) Internet Activity: Usage data, workflow execution logs, feature usage; (d) Geolocation Data: IP-based location information; (e) Professional Information: Job title, company (if provided); and (f) Inferences: Preferences, characteristics, behavior patterns. We collect this information directly from you, through your use of services, and from third-party integrations you connect.

4. Purposes for Collecting Personal Information

We collect personal information for the following business purposes: (a) providing and improving FlowFn services; (b) processing transactions and managing subscriptions; (c) authenticating users and securing accounts; (d) sending service-related communications; (e) responding to support requests; (f) detecting and preventing fraud; (g) complying with legal obligations; (h) analyzing usage to improve services; and (i) enforcing our Terms of Service. We do not sell personal information to third parties.

5. Sharing Personal Information

We share personal information with the following categories of third parties: (a) Service Providers (FlowFn sub-processors): AWS (storage, email), DigitalOcean (managed MongoDB database), Redis Ltd. (managed Redis cache and job queue), Stripe (payments), and OpenAI (in-product AI Assistant, Code Generator, and platform-managed OpenAI workflow nodes); (b) Customer-Connected Platform Integrations: third-party tools you connect to a workflow using your own credentials — including bring-your-own-key AI service providers, marketing and email platforms, and external databases — those vendors are governed by your direct relationship with them and act as your processors or independent controllers, not as FlowFn sub-processors; (c) Legal/Government: when required by law; and (d) Business Transfers: in merger / acquisition scenarios. We share information only for business purposes and do not sell personal information. Where you transfer an app or an individual item to another team you administer, that re-assignment is a disclosure for a business purpose carried out at your direction, and is not a "sale" or a "share" (for cross-context behavioural advertising) as those terms are defined under the CCPA/CPRA. We have contracts with our sub-processors requiring them to protect your information; for customer-connected vendors, that protection is governed by your contract with the vendor.

6. California Consumer Rights

If you are a California resident, you have the following rights: (a) Right to Know: Request disclosure of personal information collected, used, shared, or sold; (b) Right to Delete: Request deletion of personal information (subject to exceptions); (c) Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information); (d) Right to Non-Discrimination: Not be discriminated against for exercising privacy rights; (e) Right to Correct: Request correction of inaccurate personal information; and (f) Right to Limit Use: Limit use of sensitive personal information (if applicable).

7. Exercising Your CCPA Rights

To exercise your CCPA rights, the primary intake channel is the public Data Subject Request form at https://www.flowfn.com/legal/data-request. You may also: (a) email our Data Protection Officer at legal@flowfn.com; (b) submit a request via https://www.flowfn.com/dashboard/support; or (c) use the contact methods in our Privacy Policy. We will verify your identity before processing requests (may require additional information). We will respond within 45 days (may be extended by 45 days with notice). You may designate an authorized agent to make requests on your behalf.

8. Do Not Sell or Share My Personal Information

We do not sell personal information to third parties for monetary consideration, and we do not share personal information for cross-context behavioural advertising. Our marketing site uses a Google Ads conversion-measurement tag configured to avoid cross-context behavioural advertising: it loads only after you grant advertising & measurement consent through our cookie banner, ad-personalization signals are denied, Google's ads-data redaction is enabled, and we do not use remarketing or audience building (see Cookie Policy §6a). A persistent "Do Not Sell or Share My Personal Information" link is published in the footer of the public marketing pages on https://www.flowfn.com — including our advertising landing pages, the only pages where the conversion-measurement tag described above can run — and routes to the public Data Subject Request form (https://www.flowfn.com/legal/data-request?type=do_not_sell), which is also reachable from every legal page. Submitting a request via that link is treated as an opt-out signal under CCPA/CPRA section 1798.135 and is honoured account-wide. We also honour Global Privacy Control (GPC) signals where they are received with the request. If our practices change in the future, this clause and the corresponding link will be updated accordingly.

9. Sensitive Personal Information

We may collect sensitive personal information (as defined by CPRA) such as account credentials and payment information. We use sensitive personal information only for: (a) providing requested services; (b) security and fraud prevention; (c) compliance with legal obligations; and (d) other purposes permitted by CPRA. We do not use sensitive personal information for purposes that require opt-in consent under CPRA without your explicit consent.

10. Financial Incentives

We currently operate one financial-incentive program: the FlowFn Referral Program, under which existing customers (Referrers) and the new paying customers they introduce (Referees) may receive account credit or cash payouts. The full material terms, eligibility rules, the categories of personal information processed, our good-faith estimate of the value of that information, and the calculation methodology are published in our separate Notice of Financial Incentives at https://www.flowfn.com/legal/financial-incentives. Participation is voluntary; you may opt out at any time by following the instructions in that notice or by submitting a request via https://www.flowfn.com/legal/data-request. We will not retaliate against you for declining to participate.

11. Authorized Agents

You may designate an authorized agent to make CCPA requests on your behalf. Authorized agents must provide: (a) written permission from you; (b) verification of their identity; and (c) verification of your identity. We may require you to verify your identity directly in certain circumstances. Authorized agent requests can be submitted via https://www.flowfn.com/legal/data-request or to legal@flowfn.com.

12. Verification Process

To protect your privacy, we verify your identity before processing CCPA requests. Verification may require: (a) matching information you provide with information in our records; (b) additional documentation for sensitive requests; (c) multi-factor authentication; or (d) other reasonable verification methods. We will not require you to create an account to exercise your rights, but we may require reasonable verification.

13. Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not: (a) deny you goods or services; (b) charge different prices or rates; (c) provide different quality of services; or (d) suggest you will receive different treatment. However, we may charge different prices or provide different services if the difference is reasonably related to the value of your data.

14. Children's Privacy

FlowFn is restricted to users aged 18 or older, so we do not knowingly sell or share the personal information of any consumer under 18 (and therefore not of any consumer under 16). If you become aware that an account has been created by someone under 18, please contact legal@flowfn.com and we will delete the account and associated personal information. We do not have actual knowledge that we sell or share personal information of consumers under 16.

15. Shine the Light Law

California's "Shine the Light" law (Civil Code Section 1798.83) permits California residents to request information about how we share certain categories of personal information with third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

16. Updates to This Statement

We may update this CCPA Compliance Statement to reflect changes in our practices or legal requirements. Material changes will be notified via email or through the Service. The "updated_at" date indicates when this statement was last revised. We will update this statement at least annually.

17. Contact Information

For CCPA-related inquiries or to exercise your rights, the primary intake channel is https://www.flowfn.com/legal/data-request, or you may email our Data Protection Officer (also our designated CCPA contact) at legal@flowfn.com. For general privacy questions, see our Privacy Policy.

Questions about this document?

legal@flowfn.com
Submit a data request →