FlowScript Lab

Privacy

Your privacy matters to us.

Privacy Policy

Introduction and scope

FlowScript Lab operates flowscriptlab.com and provides business process automation services that enable customers to design, deploy, and optimize automated workflows across disparate systems. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our Services, namely our web platform, related apps, software, and services (collectively the Services). It applies to individuals worldwide who interact with us online or offline, including customers, partners, and users of flowscriptlab.com. By using our Services, you acknowledge that you have read and understood this policy and that we may process your personal information as described herein.

Information collection practices

We collect information to provide, maintain, and improve the Services. The categories below describe the types of information we collect and how we collect them.

Data you provide to us

  • Account registration and profile information such as name, email, company, job title, country, and billing information.
  • User content and configuration data for workflows, automation rules, data mappings, process definitions, dashboards, attachments, and messages submitted to our support channels.
  • Communications you send to us, including inquiries, feedback, and surveys.
  • Payment and invoicing details when you purchase the Services.

Information we collect automatically

  • Technical data such as IP address, device type, operating system, browser, language, time zone, and referrer URL.
  • Usage data including features accessed, pages visited, date/time, error logs, performance metrics, and workflow execution data (eg, runs, steps, statuses).
  • Localization and regional settings and preferences.
  • Logs and analytics data collected by our service providers to monitor and improve the Services.

Information we collect from third parties

  • Data from integrated apps and services you authorize, such as CRM, ERP, and other business systems connected via APIs or connectors.
  • Data from service providers who assist with payments, hosting, analytics, support, and security (for example cloud hosting, monitoring, and security services).

Information related to children

  • The Services are not intended for use by children under 16. We do not knowingly collect personal data from children.

Data you provide via forms

  • Data submitted through contact forms, support tickets, and chat transcripts.

Data transfer

  • Your information may be transferred to, stored, and processed in countries outside your country of residence, including the United States, with appropriate safeguards.

How data is used and processed

To provide and maintain the Services

  • Create and manage user accounts, operate workflow orchestration, deploy automation, and integrate with connected services.

Personalization and improvement

  • Personalize features and communications; analyze usage to improve functionality, performance, and security; develop new features based on aggregate analytics.

Communications and support

  • Respond to support inquiries, provide account notifications, and send important notices about the Services.

Security, compliance, and auditing

  • Monitor for security incidents; enforce access controls; perform vulnerability management; conduct audits, risk assessments, and compliance reviews; maintain records as required by contract and law.

Legal bases and retention

  • We process personal data based on contract performance, legitimate interests, consent where applicable, and compliance with legal obligations. Data retention aligns with the purpose of processing and legal requirements.

Data anonymization and aggregation

  • We may anonymize or aggregate data for analytics, product improvement, research, and to inform business decisions without identifying individuals.

Data retention and deletion policy

  • We retain personal data for as long as necessary to provide the Services and fulfil the purposes described in this policy, including for satisfying any legal, accounting, or reporting requirements. After the relationship ends, we may retain certain information as necessary to operate, enforce our rights, comply with legal obligations, resolve disputes, or as otherwise permitted by applicable law. Logs and analytics data may be retained for a period of time consistent with our data retention practices and then securely deleted or aggregated.

Data security measures

We implement a layered set of technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our measures include:

  • Encryption in transit and at rest where technically feasible (for example, TLS for data in transit and strong encryption for data at rest).
  • Access controls based on role, least privilege, and need-to-know principles; multi-factor authentication for internal systems where appropriate.
  • Secure software development lifecycle, code reviews, regular vulnerability scanning, and timely patch management.
  • Monitoring, logging, anomaly detection, and incident response planning to detect and respond to security incidents.
  • Data minimization, data segregation, and stateful backups with tested restoration procedures.
  • Employee training and vendor risk management to promote security and privacy awareness.

User rights

We respect your privacy rights and provide mechanisms to exercise them where applicable. Depending on your jurisdiction, you may have the following rights:

Access and correction

  • Right to access personal data we hold about you and to request corrections to any inaccuracies.

Deletion

  • Right to request deletion of personal data, subject to legal obligations, contract requirements, and potential continued processing for legitimate interests, safety, or to complete a transaction.

Restriction and objection

  • Right to request restriction of processing or to object to processing in certain circumstances, including profiling or direct marketing purposes.

Data portability

  • Right to receive your personal data in a structured, commonly used, and machine-readable format and to request transmission of that data to another controller where technically feasible.

Automated decision-making and profiling

  • Right to obtain human review of decisions made solely by automated processes that produce legal or similarly significant effects, where applicable.

CPRA rights for California residents

Exercising rights and contact options

  • Some rights may be subject to exceptions or require verification to protect your privacy and security. To exercise these rights or if you have questions about your personal data, please use the contact methods described in the How to Contact Us for Privacy Inquiries section below.

Third-party services and cookies

We engage third parties to perform services on our behalf and to help operate the Services. This includes hosting, analytics, payment processing, customer relationship management, security, and support services. We require these providers to process personal data only as instructed and to implement appropriate safeguards.

Cookies and tracking technologies

  • We and our service providers use cookies and similar technologies to operate the Services, analyze usage, remember preferences, and deliver content tailored to you. Cookies may be essential, functional, performance-based, or targeted/advertising cookies. You can manage cookie preferences via the cookie banner or your browser settings.

Third-party services

  • Cloud hosting and infrastructure providers to store and process data.
  • Analytics services to understand usage and improve the product.
  • Customer management and support systems to manage relationships and respond to inquiries.
  • Payment processors to handle billing and transactions.
  • Security and monitoring services to detect and respond to threats.

How to Contact Us for Privacy Inquiries

Privacy email: [email protected] Phone: +1 415-742-1297 Mailing address: 510 Townsend Street, Suite 408, San Francisco, CA 94103, United States

CPRA rights note

To exercise CPRA rights (California residents), contact [email protected].

Last updated

This Privacy Policy was last updated on 2026-03-01. We may update this policy from time to time. If we make material changes, we will provide notice and update the effective date here. Any changes will apply to information we have collected in the past and moving forward unless stated otherwise in the update.