Privacy Policy

Last updated: February 2026.

1. Who is responsible for your data

Igor Nowosad, ul. Tuwima 1/11, 21-040 Świdnik (“we”, “us”) is the data controller for the personal data we collect when you use Floou. Contact us at igor.nowosad@me.com for privacy-related questions or to exercise your rights.

2. What data we collect

  • Account data: When you sign up (e.g. via email or a third-party provider), we store your email address, name (if you provide it), and a link to your profile. This is held in our database (Supabase).
  • Usage and flows: The flows you create (names, structure, nodes, connections) are stored so you can save and load them. We need this to run the service.
  • Payment data: When you upgrade to Pro, payment is handled by Stripe. We do not store your card number. We store a Stripe customer ID and your plan (free/pro) so we can apply the right limits and let you open the Stripe Customer Portal (e.g. to update payment method or cancel).
  • Analytics: We use PostHog to understand how the product is used (e.g. which actions are clicked, how often analysis is run). This can include device and browser information and a pseudonymous identifier. See the Cookies and similar tech section below.

3. Why we use your data (legal basis)

We use your data to provide and improve Floou, and to meet our legal obligations.

  • Contract: Account data, flows, and plan/payment linkage are necessary to perform our contract with you (the service you signed up for).
  • Legitimate interests: We use analytics (PostHog) to improve the product and fix issues. We rely on our legitimate interest in running and improving the service, and we keep the data minimal and pseudonymous where possible.
  • Legal obligation: Where we must keep data for tax or other legal reasons, we do so as required by law.

If you are in the European Economic Area (EEA) or UK and you have questions about the legal basis for a specific use, contact us.

4. How long we keep your data

We keep your account and flow data for as long as your account exists. If you delete your account (when we offer that), we will delete or anonymise your data within a reasonable time, except where we must keep it for legal reasons (e.g. invoices). Analytics data is typically retained for a limited period (e.g. up to one or two years) depending on our analytics provider’s settings.

5. Who we share your data with

We use a small set of providers who process data on our behalf (sub-processors):

  • Supabase: Hosting and database (account and flow data). Servers may be in the US or other regions; Supabase offers compliance measures (e.g. DPA, Standard Contractual Clauses).
  • Stripe: Payment processing. Stripe’s privacy policy and data processing terms apply to payment data.
  • PostHog: Product analytics. PostHog can be self-hosted or cloud; we use their cloud. They may process data in the US or EU depending on configuration.

We do not sell your personal data. We may disclose data if required by law (e.g. court order) or to protect our rights and safety.

6. Your rights (especially in the EEA/UK)

Depending on where you live, you may have the right to:

  • Access: Ask for a copy of the personal data we hold about you.
  • Rectification: Ask us to correct data that is wrong or incomplete.
  • Erasure: Ask us to delete your personal data (subject to legal exceptions).
  • Portability: Receive your data in a structured, machine-readable format where technically feasible.
  • Object or restrict: Object to processing based on legitimate interests, or ask us to restrict processing in certain cases.
  • Withdraw consent: If we ever rely on consent, you can withdraw it at any time.
  • Complaint: Lodge a complaint with your local data protection authority (e.g. in Poland: UODO; in the UK: ICO).

To exercise these rights, contact us at igor.nowosad@me.com. We will respond within the time required by applicable law (e.g. one month under GDPR).

7. Cookies and similar tech

We use cookies and similar technologies for:

  • Strictly necessary: Session and authentication (e.g. so you stay logged in). These are required for the service to work.
  • Analytics: PostHog may set cookies or use local storage to recognise your device and analyse how you use Floou. This helps us improve the product. You can control or opt out via the link in our footer (“Cookies and analytics”) or your browser settings.

We do not use advertising cookies. For more detail on PostHog, see their privacy policy. If you are in the EEA/UK, we rely on legitimate interests for analytics; where your jurisdiction requires consent for non-essential cookies, we will obtain it (e.g. via a banner or settings).

8. International transfers

Your data may be processed in countries outside your own (e.g. US). Where we use providers there, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms approved by regulators, so that your data is protected to an adequate standard.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version here and, for important changes, try to notify you (e.g. by email or a notice in the app). Continued use of Floou after the change means you accept the updated policy.

By using Floou, you agree to this Privacy Policy and our Terms of Service.

Back to home