Flowright Privacy Policy

The controller of your personal data is Michal Lebida, operating under the name Flowright, NIP (Tax ID): 6793280285, address: Kraków, Poland.

Contact: hello@flowright.dev

a) Contact form / email: We collect your name, email address, and message content. Purpose: to respond to your inquiry and prepare an offer. Legal basis: Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract). Retention period: until correspondence ends + 3 years.

b) Call booking (Calendly LLC (USA)): We collect your name, email address, and selected meeting date. Purpose: to schedule and conduct a consultation. Legal basis: Art. 6(1)(b) GDPR. Retention period: until the meeting date + 1 year.

c) Chatbot demo (Chatbase): We process the content of conversations with the demo chatbot. Purpose: demonstration of AI capabilities. Legal basis: Art. 6(1)(a) GDPR (implied consent through use of the chatbot). NOTE: Please do not enter real personal data or medical information in the demo chatbot window. Retention period: maximum 30 days (per Chatbase policy).

d) Analytics: Vercel Analytics, CookieYes. We collect anonymized traffic data (e.g., number of visits, traffic source, device type). Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the controller in analyzing and improving the website).

e) Cookies: Detailed information about cookies can be found in our Cookie Policy at flowright.dev/cookie-policy.

Your data may be shared with the following third parties:

- Chatbase Inc. (USA) -- demo chatbot service provider

- OpenAI Ireland Ltd. -- AI query processing

- Vercel Inc. (USA) -- website hosting

- Calendly LLC (USA) -- meeting scheduling system

- CookieYes Ltd. (UK) - cookie consent management

Data transfers to the USA are carried out on the basis of the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC).

You have the following rights regarding the processing of your personal data:

- Right of access (Art. 15 GDPR)

- Right to rectification (Art. 16 GDPR)

- Right to erasure (Art. 17 GDPR)

- Right to restriction of processing (Art. 18 GDPR)

- Right to data portability (Art. 20 GDPR)

- Right to object (Art. 21 GDPR)

- Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out before the withdrawal

To exercise your rights, please contact us at: hello@flowright.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority in Poland (UODO, ul. Stawki 2, 00-193 Warsaw).

For UK residents: you may also contact the Information Commissioner's Office (ICO).

We implement appropriate technical and organizational measures to protect your personal data, including:

- HTTPS/TLS encrypted connections

- EU-based hosting (Vercel EU)

- Access control for data

- Regular security reviews

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete it promptly.

We reserve the right to update this Privacy Policy. Any changes will be communicated on our website. The date of the last update is displayed at the top of this document.

Michal Lebida

Flowright

Email: hello@flowright.dev

Address: Kraków, Poland