Coming Soon

Privacy Policy

Version 1.2 · Revised March 2026

1. Introduction

Flowpoint Analytics Ltd ("Flowpoint", "we", "us", or "our") is a company registered in England and Wales (Company Number 14068900). We are committed to safeguarding the privacy of our users, customers, and website visitors. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website, dashboard, AI-powered analytics features, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This policy applies to all users of the Flowpoint platform, including those who interact with our AI-powered dashboard creation and chat features.

2. Data Controller Details

The data controller responsible for your personal data is:

Flowpoint Analytics Ltd
Flat 41 Oslo Court, Prince Albert Road
London, England, NW8 7EN
United Kingdom

For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at: office@flowpoint.ai

3. Information We Collect

We collect and process the following categories of personal data in connection with providing and improving the Service:

3.1 Account Setup Information

When you create an account with Flowpoint, we collect the following information:

  • Email address — used for account identification, authentication, and communication.
  • Full name — used to personalize your experience and for account management.
  • Organization name — used to associate your account with your company or team.
  • Website domain(s) — used to configure analytics tracking for your properties.

Legal basis: The processing of this data is necessary for the performance of the contract between you and Flowpoint (i.e., providing the Service you have signed up for), pursuant to Article 6(1)(b) of the GDPR.

3.2 AI-Powered Dashboard Creation

When you use our AI-powered dashboard features, we collect and process:

  • Configuration data — preferences, settings, and specifications you provide for dashboard generation, including layout choices and metric selections.
  • Chat interactions — messages and instructions you provide through the chat interface for generating and modifying dashboards. These interactions are stored to maintain your dashboard configurations and improve the Service.
  • Business process details — contextual information you share about your business workflows, KPIs, and reporting needs to help the AI generate relevant dashboards.

Important: Analytics data used to populate your dashboards is fetched directly by your browser from our analytics infrastructure and is never sent to AI models. The AI generates the visual dashboard interface (the layout, charts, and components) independently, without access to your raw analytics data. Your browser loads the actual data into the generated interface only after the AI has completed its work. This architecture ensures your analytics data remains private and is never shared with third-party AI providers.

3.3 Customer Support Data

When you contact our support team, we collect and process the information you provide in your support requests, including your name, email, and details about your inquiry. This data is processed to:

  • Respond to and resolve your support requests.
  • Improve our help documentation and knowledge base.
  • Identify recurring issues and improve the Service.

3.4 Integrated Third-Party Services

If you choose to sign in or link your account using third-party authentication providers (such as Google), we may receive information from those services in accordance with their privacy policies and your authorization settings. This typically includes:

  • Your name and email address from the authentication provider.
  • A unique identifier used for authentication purposes.
  • Profile information you have made publicly available on the third-party service.

We only request the minimum information necessary for authentication and account setup. We do not access or store your passwords from third-party services.

4. Data Processor Role

In addition to acting as a data controller for the personal data described above, Flowpoint also acts as a data processor on behalf of our customers for certain categories of data, particularly workflow configuration data and analytics data collected through our tracking script.

As a data processor, we process this data strictly in accordance with our customers' instructions and applicable data processing agreements. We do not use data processed in our capacity as a data processor for our own purposes, except as necessary to provide and maintain the Service.

Our obligations as a data processor are further detailed in our Data Processing Agreement (DPA), available at /legal/dpa.

5. AI-Powered Features

Flowpoint uses advanced AI technology, specifically Claude from Anthropic (including Opus 4.6 and Sonnet models), to power our AI-driven dashboard generation features. This section explains how data flows through our AI-powered features and what protections are in place.

5.1 How the AI Dashboard Generation Works

When you use our chat interface to create or modify dashboards, the following process occurs:

  1. You provide instructions (via chat) about what type of dashboard you want to create, including the metrics you want to track, the layout preferences, and any specific visualizations you need.
  2. The AI receives these instructions and generates React component code that defines the dashboard user interface — including charts, tables, layout structure, and visual elements.
  3. After the AI has generated the dashboard interface, your browser separately fetches the actual analytics data from our infrastructure and populates the generated components.

5.2 Data Separation Guarantee

We have architected our system to maintain a strict separation between your analytics data and the AI processing layer:

  • Raw analytics data is never sent to Anthropic or any AI model. The AI only receives instructions about what to build, not the underlying data itself.
  • Analytics data is loaded separately by the browser after the UI is generated, ensuring complete isolation between AI processing and data retrieval.
  • The AI generates code that defines how to display data, but never sees what the actual data values are.

5.3 Chat Conversations and Anthropic

Chat conversations you have with the dashboard generation AI may be processed by Anthropic's API to generate and refine your dashboard interfaces. This means the text of your chat messages (your instructions, questions, and preferences) is transmitted to Anthropic's servers for processing. Anthropic processes this data in accordance with their usage policies and data handling practices.

We recommend that you avoid including sensitive personal data, trade secrets, or confidential business information in your chat messages beyond what is necessary for dashboard creation.

6. Data Retention

We retain your personal data for as long as your account remains active and as needed to provide you with the Service. Specifically:

  • Account data is retained for the duration of your active account.
  • Chat and dashboard configuration data is retained while your account is active to maintain your dashboard configurations and enable continued use of the Service.
  • Analytics data is retained according to the retention period configured in your account settings or as specified in your subscription plan.
  • Support correspondence is retained for as long as reasonably necessary to provide ongoing support and improve the Service.

After account closure or termination, we will delete or anonymize your personal data within 6 months, unless we are required to retain certain data for longer periods to comply with legal obligations (such as tax, accounting, or regulatory requirements), to resolve disputes, or to enforce our agreements.

You may request earlier deletion of your data by contacting us at office@flowpoint.ai. We will process such requests in accordance with applicable law.

7. Third-Party Services

We use a number of third-party service providers to help us operate, maintain, and improve the Service. These providers may have access to your personal data only to the extent necessary to perform their functions, and they are obligated to maintain the confidentiality and security of that data.

7.1 Service Providers

We engage the following categories of third-party service providers:

  • IT infrastructure and hosting providers — for server hosting, content delivery, and infrastructure management.
  • Email service providers — for transactional emails, account notifications, and (with your consent) marketing communications.
  • Cloud hosting services — for scalable, reliable data storage and computing resources.
  • Payment processors — for securely handling subscription payments and billing. We do not store your full payment card details on our servers.
  • Customer relationship management (CRM) tools — for managing customer interactions and support workflows.
  • Project management and collaboration tools — used internally by our team to coordinate development and support activities.

7.2 International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually oblige the recipient to protect your data to EEA standards.
  • Transfers to countries that have received an adequacy decision from the European Commission.
  • Other appropriate safeguards as permitted under applicable data protection law.

7.3 Google APIs

Where our Service integrates with Google APIs (for example, for authentication via Google Sign-In), our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary for the functionality you use.

7.4 Anthropic (AI Services)

Flowpoint integrates with Anthropic's Claude API to power our AI-driven dashboard generation features. Data transmitted to Anthropic is limited to chat instructions and dashboard configuration requests. All data is transmitted securely using industry-standard encryption (TLS) and is processed in accordance with Anthropic's usage policies and data handling practices.

No analytics data is shared with Anthropic. As described in Section 5, the AI only receives instructions about what dashboards to create — your actual analytics data is never transmitted to Anthropic's servers.

7.5 Disclosures Required by Law

We may disclose your personal data if required to do so by law or if we believe in good faith that such action is necessary to:

  • Comply with a legal obligation, court order, or legal process served on us.
  • Cooperate with law enforcement agencies or regulatory authorities.
  • Protect and defend our rights, property, or safety, or that of our users or the public.
  • Detect, prevent, or address fraud, security issues, or technical problems.
  • Facilitate a business transaction such as a merger, acquisition, asset sale, or reorganization, in which case your data may be transferred to the successor entity, subject to this Privacy Policy or a policy offering equivalent protections.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR with respect to your personal data:

  • Right of Access — You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
  • Right to Rectification — You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten) — You have the right to request that we delete your personal data, subject to certain legal exceptions (e.g., data we must retain for legal compliance).
  • Right to Restriction of Processing — You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data or assess a legitimate interest claim.
  • Right to Data Portability — You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance from us.
  • Right to Object — You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis, including processing for direct marketing purposes.

To exercise any of these rights, please contact us at office@flowpoint.ai. We will respond to your request within 30 days, as required by applicable law. We may ask you to verify your identity before processing your request.

If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO).

9. Security Measures

We take the security of your personal data seriously and implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption — All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) encryption. Data at rest is encrypted using industry-standard encryption algorithms.
  • Access controls — We implement strict role-based access controls to ensure that only authorized personnel can access personal data, and only to the extent necessary for their role.
  • VPN and network security — Access to our internal infrastructure and production systems requires VPN connectivity and multi-factor authentication.
  • Regular security reviews — We conduct periodic security assessments and vulnerability testing to identify and address potential risks.
  • Incident response — We maintain incident response procedures to detect, investigate, and respond to security incidents in a timely manner, including notification obligations under applicable data protection law.

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Revised" date at the top of this page.

For significant changes that materially affect your rights or how we process your data, we will provide prominent notice, which may include:

  • An email notification to the address associated with your account.
  • A prominent announcement on our website or within the dashboard.
  • A notification within the Service upon your next login.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us at office@flowpoint.ai.