Privacy Policy

Last updated: March 9, 2026

This Privacy Policy describes how FlowForth ("we", "us", or "our") collects, uses, and protects your personal information when you use our scheduling and invoicing platform ("Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

FlowForth is the data controller responsible for your personal data. For questions about this policy or your data, contact us at support@flowforth.app.

2. Information We Collect

2.1 Account Information

When you register for FlowForth, we collect:

Full name
Email address
Password (stored securely using industry-standard hashing)
Organization name and details

2.2 Service Usage Data

When you use our platform, we process:

Client information you enter (names, addresses, contact details)
Activity and scheduling data
Invoice and billing information
Route planning data and locations

2.3 Technical Data

We automatically collect:

IP address
Browser type and version
Device information
Pages visited and features used
Session duration and timestamps

2.4 Communication Data

Emails sent through our platform (e.g., invoice reminders)
Support requests and correspondence

3. How We Use Your Information

We use your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Providing and maintaining the Service	Performance of contract
Account creation and authentication	Performance of contract
Sending invoice reminders and notifications	Legitimate interest
Processing and generating invoices	Performance of contract
Improving our Service	Legitimate interest
Responding to support requests	Performance of contract
Complying with legal obligations	Legal obligation
Sending service-related communications	Performance of contract

We share your data only with the following categories of third-party service providers, and only to the extent necessary to operate our Service:

Provider	Purpose	Data Shared
Cloud hosting (Scaleway)	Infrastructure and data storage	All service data (encrypted)
Email delivery (Mailgun)	Sending transactional emails	Email addresses, email content
E-invoicing (Peppol network)	Electronic invoice delivery	Invoice data, business details
Geocoding (OpenStreetMap/Nominatim)	Address-to-coordinate conversion	Addresses

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained until account deletion is requested
Invoice and financial data: Retained for 7 years to comply with Dutch fiscal record-keeping requirements (Belastingdienst)
Audit logs: Retained for 2 years
Technical logs: Retained for 90 days

After the retention period, data is securely deleted or anonymized.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS/HTTPS)
Encryption at rest for stored data
Secure password hashing
Role-based access controls
Regular security assessments
Multi-tenant data isolation (organization-scoped access)

As a data subject, you have the following rights:

Right of access — Request a copy of your personal data
Right to rectification — Request correction of inaccurate data
Right to erasure — Request deletion of your data ("right to be forgotten")
Right to restriction — Request limitation of data processing
Right to data portability — Receive your data in a structured, machine-readable format
Right to object — Object to processing based on legitimate interest
Right to withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@flowforth.app. We will respond within 30 days.

8. Cookies

FlowForth uses essential cookies required for the Service to function properly:

Authentication cookies — To keep you logged in securely
Language preference — To remember your chosen language (English or Dutch)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. International Data Transfers

Your data is stored and processed within the European Union (Scaleway data centers in France and the Netherlands). We do not transfer your personal data outside of the EU/EEA.

10. Children's Privacy

FlowForth is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. If you have an account, we may also notify you via email or through the Service.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: autoriteitpersoonsgegevens.nl

13. Contact

If you have questions or concerns about this Privacy Policy, please contact us:

Email: support@flowforth.app
Website: flowforth.app

1. Data Controller​

2. Information We Collect​

2.1 Account Information​

2.2 Service Usage Data​

2.3 Technical Data​

2.4 Communication Data​

3. How We Use Your Information​

4. Data Sharing and Third Parties​

5. Data Retention​

6. Data Security​

7. Your Rights Under GDPR​

8. Cookies​

9. International Data Transfers​

10. Children's Privacy​

11. Changes to This Privacy Policy​

12. Supervisory Authority​

13. Contact​