Early Access — Sign up and request access

GDPR Statement

Version 1.1 · Revised March 2026

1. Personal Data Protection

At Flowpoint Analytics, we prioritise the privacy and security of personal data. We are committed to protecting the data of our users, clients, and their end users in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

2. Summary

Our approach to GDPR compliance is built around four core objectives:

  • Information security practices — Implementing robust technical and organisational measures to protect personal data.
  • GDPR and UK DPA compliance — Ensuring all data processing activities meet the requirements of applicable data protection legislation.
  • Support for clients — Assisting our clients in meeting their own data protection obligations.
  • Continuous monitoring — Regularly reviewing and improving our data protection practices to address evolving risks and regulatory changes.

3. Information Security

Flowpoint Analytics maintains comprehensive information security practices to safeguard personal data:

  • TLS encryption — All data transmitted between users and our platform is encrypted using Transport Layer Security (TLS).
  • Confidentiality — Access to personal data is granted on a need-to-have basis. All employees and contractors with access to personal data are bound by non-disclosure agreements (NDAs).
  • Integrity — We employ firewalls, regular backups, and access controls to maintain the integrity of data stored on our systems.
  • Regular assessment — Our security measures are regularly reviewed and tested to ensure they remain effective against current threats.
  • Data minimisation — We collect and process only the personal data that is necessary for the purposes for which it is processed.
  • Data Processing Agreement — A DPA automatically applies to all clients using our services, outlining the responsibilities of both parties regarding data processing.
  • Limited retention — Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, after which it is securely deleted.
  • Vendor management — All third-party subprocessors are vetted for compliance with data protection legislation and are bound by appropriate contractual obligations.

4. AI Features and Data Protection

Flowpoint Analytics offers AI-powered dashboard generation features. These features are designed with data protection as a core principle:

  • The AI dashboard generation process does not access raw analytics data. The AI system generates user interface code only, based on the user's instructions.
  • Analytics data is fetched separately by the user's browser and rendered within the generated dashboard components. The AI model does not receive or process end-user analytics data.
  • Anthropic's Claude is used as the underlying AI model for dashboard generation, with appropriate data processing agreements in place.
  • Users should avoid including personal data in their chat interactions with the AI assistant unless necessary for the intended purpose.

5. Ongoing Compliance Improvement

Flowpoint Analytics is committed to continuously improving its data protection and compliance practices. We regularly review our policies, procedures, and technical measures to ensure they remain aligned with the latest regulatory guidance and industry best practices. Our team monitors changes in data protection legislation and adapts our practices accordingly.

6. Client Compliance Assistance

We support our clients in meeting their own data protection obligations through:

  • Data management — Providing tools and features that enable clients to manage the personal data they collect through our platform, including data export and deletion capabilities.
  • Privacy assessments — Assisting clients with Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) where applicable.
  • Data protection audits — Supporting clients in conducting audits of their data processing activities involving our platform.

7. Privacy Tips for Clients

As a Flowpoint Analytics client, you are responsible for your own compliance with data protection legislation. Please note:

  • You own your data — You are the data controller for any personal data collected through your use of the Flowpoint platform. We act as your data processor.
  • Privacy policy requirement — You must have a privacy policy on your website that discloses the use of analytics tools, including Flowpoint.
  • Suggested disclosure language — We recommend including language similar to the following in your privacy policy: "We use Flowpoint Analytics to understand how visitors interact with our website. Flowpoint collects anonymised usage data to help us improve our services. For more information, please visit Flowpoint's GDPR Statement."

8. Contact

If you have any questions about our GDPR compliance or data protection practices, please contact us at office@flowpoint.ai.