Privacy Policy

Last updated: February 15, 2026

This Privacy Policy explains how FlowGrid ("we", "us", "our") collects, uses, stores, and protects information when you visit our website or use the FlowGrid application and related services (collectively, the "Service").

FlowGrid is a privacy-first, multi-tenant CRM. We design our systems to minimize data collection, limit access, and protect customer data through strong technical and organizational safeguards.

1. Scope of This Policy

This Privacy Policy applies to:

  • Website visitors who browse our marketing site or contact us
  • Account owners and administrators who create and manage FlowGrid accounts
  • Invited users who access FlowGrid under an existing account

This policy does not govern how our customers use FlowGrid to process their own end-user data. In those cases, the customer acts as the data controller and FlowGrid acts as a data processor under our Data Processing Addendum.

2. Information We Collect

2.1 Website Visitors

When you visit our website, we may collect:

  • IP address and approximate location
  • Device and browser information
  • Pages viewed and referral sources
  • Information you voluntarily submit (for example via contact or demo request forms)

2.2 Application Users

When you use the FlowGrid application, we may collect:

  • Account information (such as name and email address)
  • Authentication and security metadata
  • Tenant and role identifiers
  • Usage and activity metadata (for example, feature usage and timestamps)

Customer-provided business data entered into FlowGrid is processed on behalf of the customer and remains under their control.

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Service
  • Authenticate users and enforce security controls
  • Monitor system performance and prevent abuse
  • Respond to support requests
  • Send transactional communications
  • Send marketing communications where users have explicitly opted in, with a clear unsubscribe mechanism included in every such communication
  • Comply with legal obligations

We do not sell personal data and do not use customer data to train machine-learning models.

4. Data Protection and Security

FlowGrid is designed with security as a foundational requirement:

  • Tenant data is logically isolated
  • Sensitive customer data is encrypted at rest
  • Access is restricted by role and permission
  • Break-glass access to encryption keys is strictly limited, logged, and auditable
  • Audit logs record security-relevant actions

FlowGrid maintains internal policies and technical controls designed to prevent decrypted customer content from being logged. While no system is perfect, we actively test, monitor, and enforce these controls to reduce the risk of accidental exposure.

No system is perfectly secure, but we continuously work to protect data against unauthorized access, disclosure, or loss.

5. Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Customer accounts may be deleted by account owners at any time. Upon deletion, account data is tombstoned for approximately seven (7) days and then permanently deleted. Encrypted backup data may be retained for limited periods consistent with operational and legal requirements.

If you stop paying for the Service, your account will enter an archived state for approximately ninety (90) days. During this period, your data remains stored but inaccessible. After 90 days, your account and all associated data will be automatically and permanently deleted. If you continue paying for the Service, your data remains available with no changes.

6. Data Sharing

We may share information only with:

  • Infrastructure and service providers required to operate the Service (for example, hosting and email delivery)
  • Authorities where legally required
  • Customers, as necessary to provide the Service

Certain optional features may allow customers to integrate third-party services, including AI providers. These features are optional, disabled by default, and explicitly configured by the customer during onboarding or later. Customers control the scope of data accessible to such integrations, including full, partial, or no access. FlowGrid does not enable these integrations by default.

We do not share personal data for advertising or resale.

7. Third-Party Email Integrations

FlowGrid offers optional email integrations with Google (Gmail) and Microsoft (Outlook/Microsoft 365). These integrations are disabled by default and require explicit user action to enable.

7.1 Google (Gmail) Integration

When you connect your Gmail account, FlowGrid accesses your Google data in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

Data Accessed:

  • Email messages (subject, body, sender, recipients, attachments)
  • Ability to send emails on your behalf
  • Your Google account email address

How We Use This Data:

  • Display email conversations linked to your CRM contacts
  • Enable sending emails directly from FlowGrid
  • Sync email history with your contact records

Limited Use Disclosure

FlowGrid's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

  • We only use Gmail data to provide and improve user-facing CRM features
  • We do not transfer data to third parties except as needed to provide the service
  • We do not use data for advertising purposes
  • Human access to data is limited to security/abuse investigation or legal compliance

7.2 Microsoft (Outlook/Microsoft 365) Integration

When you connect your Microsoft account, FlowGrid accesses your data via the Microsoft Graph API.

Data Accessed:

  • Email messages (subject, body, sender, recipients, attachments)
  • Ability to send emails on your behalf
  • Your Microsoft account profile (name and email)

How We Use This Data:

  • Display email conversations linked to your CRM contacts
  • Enable sending emails directly from FlowGrid
  • Sync email history with your contact records

7.3 Revoking Access

You can disconnect your email accounts at any time from Settings → Email. You can also revoke access through your Google Account or Microsoft Account security settings. Upon disconnection, FlowGrid deletes stored tokens and stops syncing new emails.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data.

Requests can be made by contacting us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Osei Interactive
[email protected]
Switzerland

← Back to Home