Privacy Policy

Overview

This Privacy Policy explains what information FlowNext ("we", "us", "our") collects when you use the Service, how we use it, and with whom we share it. The Service does not require you to create an account.

1. Information we collect

When you run an audit, we store the business context you provide (such as your business type and the process you want to analyse), the transcript of your interview with the AI, and the outputs generated for your session (diagrams and the written report). We also assign a random identifier to your session. Optionally, you may provide an email address — this is never required.

We do not use cookies, browser fingerprinting, or analytics trackers. We do not collect IP addresses beyond what a standard web server logs transiently.

2. How we use your information

Session data is stored solely to deliver the Service — specifically, to pass your transcript and context through the AI analysis pipeline and return results to you. We do not use your session data to train AI models, run advertising, or build profiles.

If you provide an email address, we may use it only to follow up on your audit session (for example, to send you your report or notify you of issues). We do not send marketing email.

3. Third-party AI processing — Google Gemini

Your inputs — including your interview transcript and business context — are sent to Google Gemini (operated by Google LLC) for AI processing. This is a core part of how the Service works. By using the Service you acknowledge this transfer.

Google processes this data under their own privacy practices. We encourage you to review:

• Google Privacy Policy
• Gemini API Additional Terms of Service

We do not share your data with any other third-party services.

4. Data retention

Session records are retained in our database indefinitely unless you request deletion. We do not currently offer a self-service deletion feature. To request deletion of your session data, contact us (see section 7) with your session details or the email address you provided.

5. Data security

Session data is stored in a local SQLite database on our server. We take reasonable technical precautions to protect it. However, no method of storage or transmission is completely secure, and we cannot guarantee absolute security.

We recommend that you avoid inputting sensitive personal data of third parties (employees, customers) beyond what is necessary to describe a business workflow.

6. Your rights

Depending on where you are located, you may have rights regarding your personal data, including rights to access, correct, or delete it. To exercise any of these rights, please contact us using the details in section 7.

If you are in the European Economic Area (EEA) or United Kingdom, our lawful basis for processing is legitimate interests (delivering the service you requested). You have the right to object to this processing.

7. Contact

For privacy-related requests or questions, please reach out to us. We will aim to respond within a reasonable timeframe.

8. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Continued use of the Service after any change constitutes acceptance of the updated policy.