Flowstack Logo
Flowstack Logo

Privacy Policy

Effective Date: January 28, 2025
Last Updated: January 28, 2025

1. Introduction

Welcome to Flowstack ("we," "our," or "us"), a product of Leadev Software Inc., a Canadian corporation headquartered at 16548 21 AVE SW, Edmonton, AB T6W 5K3, Canada. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent development platform, APIs, consulting services, and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you disagree with any part of this policy, please discontinue use of our Services immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, phone number, and billing address
  • Payment Information: Credit card details, billing information (processed securely through third-party payment processors)
  • AI Model Data: Training data, model configurations, and parameters you upload or create
  • Communications: Content of your communications with us via email, support tickets, or other channels
  • Professional Information: Industry, use cases, and technical requirements

2.2 Information Collected Automatically

  • Usage Data: Features used, API calls made, model performance metrics, and interaction patterns
  • Technical Data: IP address, browser type, device information, operating system, and access times
  • Cookies and Tracking: We use cookies and similar technologies to enhance user experience and analyze usage

2.3 Information from Third Parties

  • Integration Data: Information from third-party services you connect to Flowstack
  • Authentication Providers: Basic profile information from SSO providers
  • Analytics Services: Aggregated insights about Service usage

3. How We Use Your Information

We use collected information to:

  • Provide Services: Deploy AI models, process API requests, and deliver platform functionality
  • Improve Services: Analyze usage patterns, optimize performance, and develop new features
  • Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
  • Billing and Payments: Process transactions and manage subscriptions
  • Security: Detect and prevent fraud, unauthorized access, and other security threats
  • Compliance: Meet legal obligations and enforce our Terms of Service
  • Communications: Send service updates, security alerts, and marketing communications (with consent)

4. Data Sharing and Disclosure

We share your information only in the following circumstances:

4.1 Service Providers

  • Cloud infrastructure providers (AWS, Azure, GCP)
  • Payment processors (Stripe, etc.)
  • Analytics services (Google Analytics, Mixpanel)
  • Email service providers
  • Customer support tools

4.2 Legal Requirements

  • To comply with applicable laws, regulations, or legal processes
  • To protect our rights, property, or safety, and that of our users
  • To detect, prevent, or address fraud, security, or technical issues

4.3 Business Transfers

  • In connection with mergers, acquisitions, or asset sales, with appropriate confidentiality measures

4.4 With Your Consent

  • When you explicitly authorize us to share information
  • For customer testimonials or case studies (with prior approval)

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Incident response procedures
  • Employee security training
  • HIPAA compliance measures for healthcare data

6. Data Retention

  • Account Data: Retained for the duration of your account plus 90 days after closure
  • AI Models and Training Data: User-controlled retention with immediate deletion upon request
  • Usage Logs: Retained for 24 months for security and analytics
  • Payment Records: 7 years as required by financial regulations
  • Communications: 3 years or as required by law

7. International Data Transfers

As we serve international clients, your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through:

  • Standard Contractual Clauses for EU data transfers
  • Privacy Shield principles (where applicable)
  • Adequate security measures regardless of location

8. Your Rights and Choices

8.1 Access and Control

  • Access your personal information through your account dashboard
  • Update or correct inaccurate information
  • Download your data in machine-readable format
  • Delete your account and associated data

8.2 Communication Preferences

  • Opt-out of marketing emails via unsubscribe links
  • Manage notification settings in your account
  • Contact us at legal@leadevs.com for communication preferences

8.3 Regional Rights

For EU/EEA Residents (GDPR):

  • Right to rectification, erasure, and data portability
  • Right to restrict or object to processing
  • Right to lodge complaints with supervisory authorities

For California Residents (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal data)
  • Right to non-discrimination

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will promptly delete it.

10. Healthcare Data (HIPAA)

When processing Protected Health Information (PHI) for healthcare clients:

  • We act as a Business Associate under HIPAA
  • Separate Business Associate Agreements (BAAs) are required
  • Enhanced security measures and access controls apply
  • PHI is handled according to HIPAA requirements

11. AI-Specific Considerations

11.1 Model Training

  • Your training data remains your property
  • We do not use customer data to train our general models without explicit consent
  • Anonymized usage patterns may improve platform features

11.2 Model Outputs

  • You retain ownership of AI outputs generated from your models
  • We log API usage for billing and security purposes

12. Third-Party Links and Integrations

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

  • Email notification
  • In-platform notifications
  • Prominent notice on our website

Continued use after changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related questions or concerns:

Data Protection Officer
Leadev Software Inc.
16548 21 AVE SW
Edmonton, AB T6W 5K3
Canada
Email: legal@leadevs.com

15. Jurisdiction-Specific Provisions

European Union

  • Legal basis for processing: Contract performance, legitimate interests, consent
  • Data Protection Officer contact: legal@leadevs.com
  • EU Representative: [To be appointed if required]

United States

  • No sale of personal information
  • California privacy rights as detailed above
  • HIPAA compliance for covered entities

Canada

  • Compliance with PIPEDA
  • Provincial privacy laws where applicable

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.