Skip to main content
FlowFn
IntegrationsTemplatesPricingDocsBlogSign inStart free
All legal documents

Legal & Compliance

Privacy Policy

Version1.0UpdatedJun 15, 2026Reading time17 min read

1. Introduction

This Privacy Policy explains how FLOW FN PTE. LTD. (UEN 202617303Z), a company incorporated in Singapore ("we", "us", or "our"), collects, uses, shares, and protects your personal information when you use FlowFn ("Service"). We are committed to protecting your privacy and handling your data responsibly. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

We collect the following types of information: (a) Account Information: name, primary email address, optional backup email address (used to receive sign-in one-time codes if you cannot access your primary inbox; verified by OTP at the time you add it and removable from your My Account page), password (hashed), and account preferences; (b) Usage Data: workflow execution logs, API usage, feature usage, performance metrics, and credit usage associated with billing; (c) Content Data: workflows, forms, form submissions, environment variables, artifacts, Playground source code (HTML / CSS / JavaScript), Playground media assets (images, audio, video, or other files you upload), Data Sheets (the standalone, team- and app-scoped tabular data store — databases of user-defined sheets of rows and columns) that you create or upload, and Playground Visitor-Submitted Content — that is, files visitors upload to a Playground through the in-Playground upload primitive (only when the Playground owner has opted-in via the per-Playground "Allow visitor uploads" toggle) and rows that visitors insert, update, or delete in a Data Sheet through a linked published Playground (only when the owner has opted-in via the per-Sheet "Allow public insert / update / delete" toggles). Visitor uploaded files are stored in private AWS S3 with short-lived signed read URLs by default (visitor uploads are never made publicly readable by URL); visitor-written sheet rows are stored alongside owner-written rows in the same Data Sheet. For visitor-submitted content the Playground owner is the data controller and FlowFn is the processor (see Section 14); (d) Payment and Billing Information: processed through Stripe (we do not store full payment card details); subscription status; account credit balances, grants, debits, and related billing records necessary to operate usage-based billing; (e) Authentication Data: IP addresses, user agents, browser information, and login timestamps; (f) Integration Data: OAuth tokens and BYOK API keys (encrypted) for third-party services and AI providers (such as OpenAI, Anthropic, Google, and others) you connect; (g) Communication Data: support requests, bug reports and improvement suggestions you submit through the Report-a-bug surface (including title, description, optional reproduction steps, and the email account that submitted them, which is the basis on which we award bug-bounty credits), feedback, and email communications; and (h) Technical Data: device information, browser type, operating system, and usage patterns. Important: Playground media assets are stored in AWS S3 with publicly readable URLs by design (so they can render inside published or embedded Playgrounds); do not upload confidential, personal, or regulated data to a Playground asset unless you intend that data to be publicly accessible. In addition, when a team uses Streams (realtime rooms for games and live applications), we process (i) Stream Player Data on that team's behalf: the player identifier and optional display name the team's game or application supplies for each connection, room membership and connection metadata (which expire automatically within minutes of disconnecting), a short-lived per-stream activity log (connection, room, and automation events, retained for 3 days), and — where the team configures channel automations — message payloads passed into the team's own workflows, functions, or AI agents and their run records. FlowFn does not require or verify real-world identity for players; the identifier is chosen by the team and may be pseudonymous.

3. How We Use Your Information

We use your information to: (a) provide, maintain, and improve the Service; (b) process transactions and manage subscriptions; (c) authenticate users and secure accounts; (d) send service-related communications (notifications, updates, security alerts); (e) respond to support requests and inquiries; (f) detect, prevent, and address fraud, abuse, or security issues; (g) comply with legal obligations; (h) analyze usage patterns to improve the Service; (i) enforce our Terms of Service; and (j) communicate about products, services, and promotional offers (with your consent where required). We do not train, fine-tune, or otherwise improve our own machine-learning models using your User Content, workflows, form submissions, files, prompts, or AI outputs. We do not sell or license your User Content to any third party for the purpose of training AI models. Our use of third-party AI providers is described in our AI Disclosure; those providers are contractually prohibited from training their models on your inputs through their enterprise-tier API agreements with us, or, for bring-your-own-key providers, are governed by your direct agreement with the provider.

4. Data Sharing and Third-Party Services

We share your information with: (a) Service Providers: AWS (compute, S3 object storage, CloudFront, Simple Email Service for transactional email delivery), DigitalOcean (managed MongoDB database hosting), Redis Ltd. / Redis Cloud (in-memory cache and background-job queue), Stripe (payment processing), ipify.org (IP address detection for authentication and security), and other vendors necessary to operate the Service; (b) AI Model Providers: When you use platform-managed AI features (the in-product AI Assistant, the Code Generator, the Playground AI assistant, and AI workflow nodes available on plans that include platform-managed model access), the relevant prompt, context, and any uploaded files may be sent to OpenAI, L.L.C., Anthropic, PBC, Google LLC (Gemini), and/or X.AI Corp. (Grok) under FlowFn's contracts with those providers, depending on which model your account is configured to use. When you connect your own API key for an AI provider ("bring-your-own-key" or BYOK), the relevant prompt, context, and any uploaded files are sent directly to that provider under your separate contract with them; FlowFn acts as a technical relay and is not a sub-processor of that data. The current list of platform-managed AI sub-processors and BYOK-eligible providers is maintained on our Sub-Processors page and in our AI Disclosure; (c) Third-Party Integrations: When you connect third-party services using your own credentials (BYOK AI providers, marketing platforms, customer-managed databases, external storage, etc.), we share the data you instruct us to send to those services in accordance with your direct contract with them; (d) Legal Requirements: We may disclose information if required by law, court order, or government request; (e) Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred; (f) With Your Consent: We may share information with your explicit consent; and (g) Cross-Team Transfers You Initiate: When you transfer an app, or an individual item (a workflow, form, visualizer, agent, playground or stream), from one of your teams to another team you own or administer, the information that item holds is re-assigned to the destination team, which becomes the controller responsible for it from that point on. This happens only on your instruction (by using the transfer action) and only between teams that share an administrator; see our Data Processing Agreement, Section 11. We do not sell your personal information to third parties. Note: We use ipify.org to detect your public IP address during signup for authentication and security purposes. This service may collect your IP address in accordance with their privacy policy.

5. Data Storage and Security

Your data is stored on secure servers operated by AWS (compute, S3, CloudFront, SES), DigitalOcean (managed MongoDB) and Redis Ltd. (Redis Cloud). For some plans, workflow execution and related data may be processed on dedicated or isolated server infrastructure. We implement industry-standard security measures including: encryption in transit (TLS/SSL), AES-256-GCM typed-envelope encryption at rest (with a per-entity Data Encryption Key — covering users, teams, workflows, apps, forms, playgrounds, and visualizers — wrapped by a master Key Encryption Key, providing cryptographic isolation between entities), secure authentication (JWT tokens, OTP), access controls and authentication, regular security audits, and secure API endpoints. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

6. Data Retention

We retain your personal information only as long as is necessary to provide the Service and to satisfy the legal, accounting, and security purposes described in our published Data Retention Schedule. In summary: account and customer-content records are deleted within 30 days of account closure; some accumulated customer content (form submissions, visualizer data rows, workflow run history, AI assistance audit rows) is subject to plan-based retention windows during the active life of the workspace, with a 90-day soft-delete grace before permanent deletion (AI audit rows are removed in one step at the cutoff); items you delete from your dashboard (forms, visualizers, playgrounds, workflows, apps) are kept in a recoverable trash state for 90 days before being permanently purged; individual Data Sheet rows you delete (from the sheet grid, or that a visitor deletes via the public delete primitive through a linked published Playground) are likewise soft-deleted and kept recoverable for 90 days — restorable from the sheet's "Recently deleted" panel — before being permanently purged; backups roll off within 35 days; system / audit logs are kept for up to 13 months; per-user sign-in event records (visible to you in My Account → Login History, including the email used, channel — primary or backup — IP, and user-agent) are kept for 6 months and then automatically deleted; billing, tax, and accounting records (including the scrubbed Stripe customer record) are kept for 5 years to satisfy Singapore IRAS / Companies Act obligations and analogous foreign tax law; marketing suppression records and DSR records are kept for 3 years from closure. Anonymised and aggregated data may be retained indefinitely. The full per-category schedule, including legal basis and the plan-based retention windows, is available at https://www.flowfn.com/legal/data-retention. You can export your full dataset at any time via https://www.flowfn.com/legal/data-request.

7. Your Rights and Choices

You have the following rights regarding your personal information: (a) Access: Request access to your personal data; (b) Correction: Update or correct inaccurate information through your account settings; (c) Deletion: Request deletion of your account and associated data; (d) Portability: Request a copy of your data in a portable format; (e) Opt-Out: Unsubscribe from marketing communications (service communications may continue); (f) Restrict Processing: Request restriction of processing in certain circumstances; and (g) Object: Object to processing based on legitimate interests. To exercise these rights, contact our Data Protection Officer at legal@flowfn.com. We will respond within 30 days. Where a request is manifestly unfounded or excessive, or where producing a complete export would require disproportionate effort (for example, exports of very large file stores or millions of workflow run records), we may extend this period by up to a further 60 days, charge a reasonable fee, or fulfil the request in part — and will tell you why and what alternative options exist (such as direct API export or scheduled exports), as permitted under GDPR Art. 12, CCPA, and PDPA.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to: (a) authenticate users and maintain sessions; (b) remember your preferences and settings; (c) analyze Service usage and performance; (d) provide security features; and (e) measure the effectiveness of our advertising on the public marketing site (conversion measurement only — with your consent, and never for remarketing or cross-context behavioural advertising). We use both session cookies (expire when you close your browser) and persistent cookies (remain until deleted or expired). You can control cookies through your browser settings, but disabling cookies may affect Service functionality. For detailed information, see our Cookie Policy.

9. Data Residency and International Transfers

Primary processing region: customer content (workflows, run results, uploaded files, account records) is processed in the Amazon Web Services US East (N. Virginia) region (us-east-1) for compute, S3 object storage, CloudFront and Simple Email Service; managed MongoDB database hosting runs in DigitalOcean's New York 3 (NYC3) region; in-memory cache and background-job queue run in Redis Cloud (Redis Ltd.) on AWS us-east-1. All three regions are in the United States East Coast geographic area. Backups and disaster-recovery snapshots are kept in the United States. Although FLOW FN PTE. LTD. is incorporated in Singapore, our production infrastructure is located in the United States; we have chosen us-east-1 because it is co-located with the majority of our sub-processors (including Stripe, OpenAI, and AWS Simple Email Service), which reduces cross-region transfers, latency, and operational risk overall. Cross-border transfers occur when (a) you log in or use the Service from outside the United States (request and response data transit through global CDN edge locations); (b) we use sub-processors operated outside the United States, as listed on the Sub-Processors page; (c) you connect a third-party tool to a workflow using your own credentials (such as a third-party AI service provider, marketing or email platform, or external database), in which case data you instruct us to send to that tool may be transferred to the regions in which that tool operates under your contract with that vendor, not under our sub-processor terms; and (d) our personnel access systems from their working locations. Safeguards: for transfers from the European Economic Area (EEA), the United Kingdom and Switzerland to the United States we rely on the European Commission's Standard Contractual Clauses (Module 2 Controller-to-Processor and, between us and our sub-processors, Module 3 Processor-to-Processor), supplemented by the UK Information Commissioner's International Data Transfer Addendum and, where required, the Swiss FDPIC's amendments. We additionally rely on the EU-US Data Privacy Framework (and the UK Extension and the Swiss-US DPF) where the relevant US recipient is self-certified under those frameworks (this includes AWS). For transfers out of Singapore to the United States we rely on the Personal Data Protection Act 2012 (Singapore) Section 26 and the Personal Data Protection (Transfer of Personal Data Outside Singapore) Regulations, on the basis that AWS, DigitalOcean, Redis Ltd. and our other sub-processors are bound by data-processing addenda that impose obligations comparable to the protection under the PDPA. We have completed an internal Transfer Impact Assessment for the United States East Coast transfer (covering AWS us-east-1, DigitalOcean NYC3 and Redis Cloud) and refresh it when material changes occur. Supplementary technical measures applied to all transfers include encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logging, and pseudonymisation where feasible. You may request a copy of the relevant transfer mechanisms (including the SCC modules and the Transfer Impact Assessment summary) by contacting legal@flowfn.com.

10. Children's Privacy

The Service is restricted to adults. You must be at least 18 years of age to create or use a FlowFn account. At signup we ask you to affirmatively confirm that you are 18 or older; we record only that boolean attestation (a single 'age_confirmed' flag) and we deliberately do not collect date of birth or any other proof-of-age document, in line with the data-minimisation principles of the PDPA (s.18) and the GDPR (Art. 5(1)(c)). Because of this minimum-age rule, the Service is out of scope for the U.S. Children's Online Privacy Protection Act (COPPA, age 13) and Article 8 of the GDPR / UK GDPR (parental consent for under-16s); we do not knowingly collect personal data from minors. If you become aware that someone under 18 has created an account, please contact legal@flowfn.com and we will promptly delete the account and associated personal data. We do not knowingly market to or profile minors and we do not use minors' personal data for behavioural advertising.

11. GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR): (a) Right to be informed about data processing; (b) Right of access to your personal data; (c) Right to rectification of inaccurate data; (d) Right to erasure ("right to be forgotten"); (e) Right to restrict processing; (f) Right to data portability; (g) Right to object to processing; and (h) Rights related to automated decision-making. Our legal basis for processing includes: contract performance, legitimate interests, legal obligations, and consent. To exercise GDPR rights, contact our Data Protection Officer at legal@flowfn.com.

12. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA): (a) Right to know what personal information is collected; (b) Right to know if personal information is sold or disclosed; (c) Right to opt-out of the sale of personal information (we do not sell personal information); (d) Right to non-discrimination for exercising privacy rights; and (e) Right to deletion of personal information. Categories of personal information we collect include: identifiers, commercial information, internet activity, and geolocation data. To exercise CCPA rights, contact our Data Protection Officer at legal@flowfn.com.

13. PDPA Rights (Singapore Users)

If you are in Singapore, the Singapore Personal Data Protection Act 2012 ("PDPA") applies to our handling of your personal data. Your rights and our obligations include: (a) Consent: we collect, use or disclose personal data only with consent (express or deemed) or as otherwise permitted by the PDPA; you may withdraw consent at any time by contacting legal@flowfn.com; (b) Notification: we inform you of the purposes of collection at or before collection; (c) Access and Correction: you may request access to personal data we hold about you and information on how it has been used or disclosed in the past one year, and request correction of errors or omissions, by emailing legal@flowfn.com; we will respond within 30 days; (d) Data Breach Notification: where a notifiable data breach occurs, we will notify the Personal Data Protection Commission (PDPC) no later than 3 calendar days after assessment, and notify affected individuals where significant harm is likely; (e) Cross-Border Transfers: we transfer personal data outside Singapore only where the recipient is bound to a comparable standard of protection; and (f) Complaints: you may lodge complaints with our Data Protection Officer at legal@flowfn.com or with the PDPC at www.pdpc.gov.sg. See our PDPA Compliance Statement for full details.

14. Data Processing for Workflows, Forms, Playgrounds and Streams

When you create workflows, forms, or Playgrounds, you may process data on behalf of your own customers, end-users, or anonymous visitors. In such cases, you are the data controller, and we act as a data processor. This includes Playground Visitor-Submitted Content collected when you opt-in to visitor file uploads (flowfn.upload) and / or public sheet writes (flowfn.data.insert / update / delete) on a Playground you publish. You are responsible for: (a) obtaining necessary consents from your users and visitors (including providing a visible privacy notice in the Playground UI when collecting files or other personal data from visitors); (b) ensuring lawful basis for processing; (c) complying with applicable data protection laws (including limits in Section 11 of the Acceptable Use Policy on NRIC, FIN and other special-category data); (d) handling data subject requests; (e) keeping visitor-submitted content within the Playground only as long as you actually need it (you can delete uploads from the dashboard's Uploads pane and rows from the Sheet Manager — note that deleting a sheet row is a recoverable soft-delete that we retain for 90 days before permanent purge, so to erase a row sooner you can permanently clear it via a CSV import in Replace mode or an AI full-replace of the sheet — deleting the sheet or playground is not faster, as that only soft-deletes its rows for the same 90-day window — or use the verified erasure channel at https://www.flowfn.com/legal/data-request); and (f) recognising that, because public sheet writes have no per-visitor identity by design, the team that owns the Playground cannot rely on the platform to enforce per-row visitor authorship — only enable the public update / delete toggles where any-visitor-can-edit-any-row is acceptable for your use case. We process data only as instructed by you and in accordance with our Terms of Service. We recommend entering into a Data Processing Agreement (DPA) if you process personal data on behalf of others. The same controller / processor split applies to Streams: when your game or application connects players to a Stream, you supply (and control) each player's identifier and display name, and FlowFn processes them on your behalf to operate rooms, presence, the 3-day activity log, and any channel automations you configure (workflow runs, stream functions, and AI agent sessions, whose run records retain the triggering message and player identifier under your plan's run-history retention). You are responsible for telling your players what is collected, for choosing identifiers appropriately (pseudonymous identifiers are supported and encouraged), and for handling your players' data subject requests; we support you with deletion and export of the underlying records as described in the Data Retention Schedule.

15. Third-Party Links and Services

The Service contains links to third-party websites and integrates with third-party services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of third-party services you use. We are not responsible for the privacy practices of third parties.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via email or through the Service. The "updated_at" date at the top indicates when this Privacy Policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

17. Data Protection Officer

We have designated a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Singapore Personal Data Protection Act 2012 (PDPA, including the designation required under section 11). You can contact our DPO at legal@flowfn.com — this is the single intake address for all privacy, data-protection, DPO, GDPR, CCPA and PDPA correspondence.

18. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights — including GDPR (EEA/UK), CCPA/CPRA (California), and PDPA (Singapore) rights — please contact our Data Protection Officer at legal@flowfn.com or submit a request via https://www.flowfn.com/legal/data-request. For general (non-privacy) support, visit https://www.flowfn.com/dashboard/support.

Questions about this document?

legal@flowfn.com
Submit a data request →